With all the articles the last couple days on security and social media (web 2.0, or whatever!) I thought I'd pass this along.
I was thinking back to a couple nights ago and having a chat as I watched the NBA finals game 3. I was chatting with my brother-in-law Mike (who is on Afghanistan) and he was watching it as well-though it was well before breakfast for him). It was as though we were watching the game together.
'Wow, what a shot!' 'Where was the call!!!!' Instant back and forth between us.
Having Jeff over in Iraq call his father's cell at the hospital just about the same time Gillian was delivering Lliam was great, and then to get to talk to her and hear his newborn son making noises--pretty awesome. And Jeff gets to talk to Gill very frequently as well. I can recall as a kid when my father was in Vietnam, we did not hear from him too regularly except through a tape now and then and a letter (sometimes frequent and sometimes sporadic).
So, I thought to myself, 'self, tech is really cool'. These are really small examples of the social media and of course, tech has made many more advances in other areas that are leaps and bounds beyond these. All-in-all, today is a good time to be alive.
Oh, and Mike, thanks for watching the game with me.
13 June 2009
11 June 2009
06 June 2009
A Usefule Site...That is My Opinion Anyway.
TECH
Just an opinion for folks that read this (thanks mom), and have not discovered this site.
Here is my favorite website of the last year or so; LifeHacker. Mostly tech oriented; but a lot of it is a collection of things to help you on a daily basis in life. An example would be a current post on "Ditch Crunches for Push Ups and Save Your Back".
For Windows users, they did just put out a download for their Lifehacker Pack 2009 collection of useful "FREE" utilities. Make sure to read the comments because there are lot of great thoughts added by the reader.
Oh, and one for us OS Xers with Macs lying around as well as Windows & nix: Virtualize AND Dual-Boot the Same Windows on Your Mac. Here is an oldie; but still a goodie, BONUS! Free Up Hard Drive Space on Your Mac
Cheers all!
Just an opinion for folks that read this (thanks mom), and have not discovered this site.
Here is my favorite website of the last year or so; LifeHacker. Mostly tech oriented; but a lot of it is a collection of things to help you on a daily basis in life. An example would be a current post on "Ditch Crunches for Push Ups and Save Your Back".
For Windows users, they did just put out a download for their Lifehacker Pack 2009 collection of useful "FREE" utilities. Make sure to read the comments because there are lot of great thoughts added by the reader.
Oh, and one for us OS Xers with Macs lying around as well as Windows & nix: Virtualize AND Dual-Boot the Same Windows on Your Mac. Here is an oldie; but still a goodie, BONUS! Free Up Hard Drive Space on Your Mac
Cheers all!
And a HUGE "Thank You"!
D-DAY
A big "Thank You", to all the men and women of our military and their families.
Thank you today for the job you do in keeping us out of harm's way. Thank those that served before you with special remembrance of those that 60 years ago today landed on beaches in Normandy with codenames such as "Utah" and "Omaha". Thanks to those that also parachuted in behind.
Thank those that have served from Valley Forge to Gettysburg, from Tripoli to Germany, Italy and places unknown and unmentioned. Thanks to those that serve in the middle of the deepest oceans keeping our submarines on task 24/7/365 to deliver their mission when needed. Those that kept a plane inm the air at all times during the Cold War. Thank those from DaNang, BenHoa, the frozen Korean peninsula and the deserts of the Iraq and Kuwait and the mountains of Afganistan. And those that serve back in the states and those that did not make it back to the USA.
Please thank your families for us as well. I saw my mother and other families deal with the separation and worry back in the Viet Nam era.
A big "Thank You", to all the men and women of our military and their families.
Thank you today for the job you do in keeping us out of harm's way. Thank those that served before you with special remembrance of those that 60 years ago today landed on beaches in Normandy with codenames such as "Utah" and "Omaha". Thanks to those that also parachuted in behind.
Thank those that have served from Valley Forge to Gettysburg, from Tripoli to Germany, Italy and places unknown and unmentioned. Thanks to those that serve in the middle of the deepest oceans keeping our submarines on task 24/7/365 to deliver their mission when needed. Those that kept a plane inm the air at all times during the Cold War. Thank those from DaNang, BenHoa, the frozen Korean peninsula and the deserts of the Iraq and Kuwait and the mountains of Afganistan. And those that serve back in the states and those that did not make it back to the USA.
Please thank your families for us as well. I saw my mother and other families deal with the separation and worry back in the Viet Nam era.
01 June 2009
And Now One More Time for 2009!
DISASTER
It seems appropriate that after a long period of down-time, that I would follow my last posting on "Tornado Preparedness" with one one regarding Hurricanes. Yes, it is that time of year again. It is the official beginning of hurricane season in the northern hemisphere. So this is my annual message/reminder on the topic.
Below are some resources to help you be and stay prepared. First is a link to the American Red Cross site for the start of the season and how to be prepared:
http://tinyurl.com/ljj962
More preparedness tips on ready.gov:
http://tinyurl.com/5rjd7b
For more info on hurricanes themselves, check out the howstuffworks site:
http://tinyurl.com/bqpbn
So, keeping this somewhat brief, I have given you a few sites that should cover most of your preparedness needs and provide checklists so please check them or similar resources.
TIP: Make certain you have an emergency AM/FM radio and plenty of water! (This from the little bit of experience my family had.) Oh, and gather-up plenty of things to occupy your young children's time. Anything to keep young ones minds and hands busy so they can take their minds off of things for a moment and not be too bored either.
Stay ready!
It seems appropriate that after a long period of down-time, that I would follow my last posting on "Tornado Preparedness" with one one regarding Hurricanes. Yes, it is that time of year again. It is the official beginning of hurricane season in the northern hemisphere. So this is my annual message/reminder on the topic.
Below are some resources to help you be and stay prepared. First is a link to the American Red Cross site for the start of the season and how to be prepared:
http://tinyurl.com/ljj962
More preparedness tips on ready.gov:
http://tinyurl.com/5rjd7b
For more info on hurricanes themselves, check out the howstuffworks site:
http://tinyurl.com/bqpbn
So, keeping this somewhat brief, I have given you a few sites that should cover most of your preparedness needs and provide checklists so please check them or similar resources.
TIP: Make certain you have an emergency AM/FM radio and plenty of water! (This from the little bit of experience my family had.) Oh, and gather-up plenty of things to occupy your young children's time. Anything to keep young ones minds and hands busy so they can take their minds off of things for a moment and not be too bored either.
Stay ready!
17 March 2009
Happy St. Tornado Preparedness Day!
Seriously, to those of you celebrating St. Patrick's Day:
"Sláinte chuig na fir, agus go mairfidh na mná go deo!"
or, "health to the men, and may the women live forever"
(I do have a dog named Guinness and there is a picture of me somewhere on the internet by now under the likely title of "Guinness Fairy", so I was obliged to get that out there.) Well, on to the original purpose here. It is American Red Cross month and today is Tornado Preparedness Day here in Virginia. Disaster Preparedness season never ends or takes a holiday. Take a moment to go through the checklists to make certain your family or business is prepared or you have prepared your family. Look at the Red Cross site and the FEMA sites as well. Find the resources beyond tornadoes for disasters that may suit the geographic region for the dangers you face. Earthquakes, hurricanes, floods, fires (home and brush/forest), theft, crazy third-world dictatorships, you get my drift.
Do not forget for your home and business to make certain you have properly identified your critical assets, updated all critical disaster response processes and policies for data backup and restore. Perform a business impact analysis, defined business continuity and contingencies. For getting a risk assessment initiated at a business enterprise level, the Carnegie Mellon CERT's OCTAVE approach to Risk Assessment may assist you quite a bit. There are courses offered as well (I get no kick-back!. I have taken the course and find it very-worthwhile, so I am suggesting it as an option).
Again, the Red Cross has some links and documents that can help pull all this together as well.
We could go on about this stuff for weeks; but I have given you some important resources at least. You can always shoot me a comment to further discussion. I may get motivated and add a checklist of my own, or two! Send ideas. And least I forget, I know the good folks over at SANS have papers and checklists on the subject of DR/BIA/COOP on their sites as well, so check them out (Again, I get no kick-back; but they do have classes, and I have taken many of them that are absolutely first-class - excuse the pun!).
Sláinte!
16 March 2009
Pesky Malicious Antivirus Under the Scope
I just wanted to point to another nice piece of reporting and analysis today by Washington Post columnist Brian Krebs. Having had to scrub this malware (or virus) from children's and 'friend's' computers alike, it is a story about something I find interesting as well. Please check out the link. (Photo credit: www.polyvore.com)
Massive Profits Fueling Rogue Antivirus Market
In the cyber underworld, more and more individuals are generating six-figure paychecks each month by tricking unknowing computer users into installing rogue anti-virus and security products, new data suggests.
One service, that exemplifies a very easy way these bad guys can make this kind of money is TrafficConverter.biz, one of the leading "affiliate programs" that pays people to distribute relatively worthless security software. Affiliates are given a range of links and Javascript snippets they can use to embed the software in hacked and malicious Web sites, or tainted banner advertisements online...
Full Story
09 March 2009
Common Sense has Left the Building
There is a rule in the Virginia High School League that states basically a player cannot move within a school year from one place to another and be eligible to play sports. (I am going to at the end, bring this into a perspective from my job in information security and policy and former work in law enforcement and even accounting.)
Well, I understand all the cheating that has gone on for years and why the rule was put in place. Somehow the "spirit" of the rule was lost long ago. History in case you did not know: that it is to prevent a student/athlete from going to one school to play football and another to play baseball or for switching schools because of being recruited by coaches. I have through the years heard the stories of the "Aunt" having a house rented for her and the nephew coming to live with her in the new school district that just happens to need a defensive lineman. 'What, this boy plays DE and is 6'5", 270 and runs a 4.5 as a sophomore!!! And he just happens to move into the neighborhood. What great fortune!' ;-) We can see these issues and know why this rule was written:
"Transfer Rule – You must sit out of VHSL activities for 365 calendar days following a transfer to the school unless the transfer corresponded with a family move into the school attendance zone."
There is a bit more regarding Freshmen and the like; but it is not pertinent here. In the case of our son (my step-son) my wife had some medical issues and my son thought he'd like to go stay with his dad for a little while (in another school district about 15 miles away--not possible to drive him to the same school as his father also commutes to work about 50 miles in the other direction). So, at the beginning of the school year, he was enrolled at a different school in the same county of Virginia for what ended up being five weeks. He moved back to our house as his mom's condition stabilized, he was missing his family, his friends and his old school. He never participated in any sports or even meetings at the other school.
Now, keep in mind, the whole purpose of the rule is to keep schools from gaining an unfair advantage and recruiting players, etc. The rule is strictly to keep sports at level playing fields. Also, it is to the benefit of the child that they not be bounced around and used, obviously.
So, I submitted a couple letters, my wife presented a short letter, we gave two doctor's letters, a detailed account of one hospital stay (just in case some proof was ever asked I wanted to head it off), the guidance counselor at the current high school wrote a letter and I have had numerous conversations with the VHSL as has the student activities director and the principal. OH, AND, the Region in which my son plays in and both schools are located OK'd the transfer and have no problem with his participation on the team. No coaches at other schools have a problem. He was not recruited nor did he play any sports or have contact with coaches at either school during his time at away from the current school.
With all of this, they still want documentation that goes more in depth into the wife's medical issues and the home conditions and frame of mind of my son. My point is the VHSL rules basically have no room for any kind of looking at the spirit of the rule and seeing that this does not violate the reason which the rule was put in place. There are twelve exceptions spelled out. We only have wiggle room under the HARDSHIP exemption. That being the home life was a hardship on my son and he had to move. And then, somehow prove why he came back is still ambiguous. I am sure that will be the hammer to drop next. You are allowed one "free move" That was when he basically went to stay at his father's. So, we show that was due to hardship and show that was relieved five weeks later. Not certain how we prove why he came back.
I am dealing with the decision maker. For the life of me, why they do not have the discretion to simply say "I see your son is not one of the people this rule was put in place for, so I will grant an exception". (Remember; he did not even play sports at the other school! He was not an all-star last Spring. He played JV ball. He is still my favorite player.) As it stands now, because his mother was ill and basically he decided to spend time at his dad's to have a bit more stable home while attending school, he will lose a year of being able to play a high school sport. Nothing like being punished because your mother was sick. But let us take it a step further and move beyond my son. This is where I want to go. Why is it that if a child and parents decide he/she should go stay with one parent and for any reason to move back (with the same parties agreeing it is the best thing for the child) that the child should be penalized?
Why, if it just did not work out for whatever reason, should things be up to a state sports board to decide the future of a child. Missing a year of eligibility in a sport may mean missing some scholarship money or even just getting into a college. Let alone just penalizing the child for no real reason. One can clearly look at the facts and see that a child moved from one parent to the other parent. The child participated in no sports at the other school; nor did he participate in any organizational meetings. The child moved back and will be playing lacrosse at the school he played for the prior year.
So, I have been in courtrooms enough to hear a judge say, 'So, you ran the stop sign but there was a bee in your car and you were only distracted trying to get the bee out the window because you are allergic and panicked. Dismissed.' (True story. Though paraphrasing.) We took an inmate to court fro sentencing one time who was a walk-away from a minimum security prison who stayed out nearly a year. As I recall he faced an additional seven year sentence. While in prison originally before walking-away after transfer to the minimum security facility, he had learned to read, gotten his GED, apparently kicked drugs and alcohol and for all I remember brought peace to all the gangs in the prison (not).
In any event, he walked-away just before Christmas and his mother had fallen ill. He got a job actually somewhere in his old neighborhood making some cash in a store. Stayed out of trouble that year until he was final found and brought back in. Well, the judge gave him two years and six months with two years suspended (or close to that) credit for his time served on the six months which was running concurrent to the time he was serving anyway finishing the original sentence. Really, I think you have a high school student who has done nothing wrong held to a higher standard than an escaped convict. Not that I disagree with the judges decision.
I can go on and on with these types of stories most of which come down to an officer or judge's discretion and judgment.
In accounting, I do recall back when I did that for a living in the old days, if we were taking a conservative approach to something and could show why and justify it, then even if it was not to the letter of the regulation, we could still be justified in our approach. I never had an auditor disagree. You might have to walk them through it a couple times to understand; but as ling as they understood there was no advantage gained or to be gained (hey, you did not even play a sport at the other school); then there was not a problem.
In information security we deal with policies. The Information Security Policy states certain things where the business will come to you and ask that an exception be granted. Let us generically talk about a firewall policy stating that only http/https (web and secure web traffic) is allowed directly outbound to the internet from workstations. The business states that there is a workstation that requires the ability to transmit encrypted data over a specific encrypted TCP port to the insurance companies new program. The business group asks for an exception to policy. You gather your information to make certain the connection will be secure as well as the data. And, you likely go ahead and approve the exception. These are fairly common situations. We do not go into who the vendor is and why are we using them. Why are we not using this insurance company because we used them before, etc. (Hopefully we had a little due diligence along the way with selection and with the software upgrade requirements). This is way beyond the scope of our job and the need for a policy exception.
So, I am moving to start or be a member of the "Common Damn Sense Political Party" or the "Start Making Sense Political Party". Something like that. Some of this stuff is just absurd. If my party gets elected to party; if you do not make sense, I am bringing back the public square and dunk tanks, stocks, floggings and cotton candy! Funny I mention politics; because we all know that enters into some of these decisions too!
Well, I understand all the cheating that has gone on for years and why the rule was put in place. Somehow the "spirit" of the rule was lost long ago. History in case you did not know: that it is to prevent a student/athlete from going to one school to play football and another to play baseball or for switching schools because of being recruited by coaches. I have through the years heard the stories of the "Aunt" having a house rented for her and the nephew coming to live with her in the new school district that just happens to need a defensive lineman. 'What, this boy plays DE and is 6'5", 270 and runs a 4.5 as a sophomore!!! And he just happens to move into the neighborhood. What great fortune!' ;-) We can see these issues and know why this rule was written:
"Transfer Rule – You must sit out of VHSL activities for 365 calendar days following a transfer to the school unless the transfer corresponded with a family move into the school attendance zone."
There is a bit more regarding Freshmen and the like; but it is not pertinent here. In the case of our son (my step-son) my wife had some medical issues and my son thought he'd like to go stay with his dad for a little while (in another school district about 15 miles away--not possible to drive him to the same school as his father also commutes to work about 50 miles in the other direction). So, at the beginning of the school year, he was enrolled at a different school in the same county of Virginia for what ended up being five weeks. He moved back to our house as his mom's condition stabilized, he was missing his family, his friends and his old school. He never participated in any sports or even meetings at the other school.
Now, keep in mind, the whole purpose of the rule is to keep schools from gaining an unfair advantage and recruiting players, etc. The rule is strictly to keep sports at level playing fields. Also, it is to the benefit of the child that they not be bounced around and used, obviously.
So, I submitted a couple letters, my wife presented a short letter, we gave two doctor's letters, a detailed account of one hospital stay (just in case some proof was ever asked I wanted to head it off), the guidance counselor at the current high school wrote a letter and I have had numerous conversations with the VHSL as has the student activities director and the principal. OH, AND, the Region in which my son plays in and both schools are located OK'd the transfer and have no problem with his participation on the team. No coaches at other schools have a problem. He was not recruited nor did he play any sports or have contact with coaches at either school during his time at away from the current school.
With all of this, they still want documentation that goes more in depth into the wife's medical issues and the home conditions and frame of mind of my son. My point is the VHSL rules basically have no room for any kind of looking at the spirit of the rule and seeing that this does not violate the reason which the rule was put in place. There are twelve exceptions spelled out. We only have wiggle room under the HARDSHIP exemption. That being the home life was a hardship on my son and he had to move. And then, somehow prove why he came back is still ambiguous. I am sure that will be the hammer to drop next. You are allowed one "free move" That was when he basically went to stay at his father's. So, we show that was due to hardship and show that was relieved five weeks later. Not certain how we prove why he came back.
I am dealing with the decision maker. For the life of me, why they do not have the discretion to simply say "I see your son is not one of the people this rule was put in place for, so I will grant an exception". (Remember; he did not even play sports at the other school! He was not an all-star last Spring. He played JV ball. He is still my favorite player.) As it stands now, because his mother was ill and basically he decided to spend time at his dad's to have a bit more stable home while attending school, he will lose a year of being able to play a high school sport. Nothing like being punished because your mother was sick. But let us take it a step further and move beyond my son. This is where I want to go. Why is it that if a child and parents decide he/she should go stay with one parent and for any reason to move back (with the same parties agreeing it is the best thing for the child) that the child should be penalized?
Why, if it just did not work out for whatever reason, should things be up to a state sports board to decide the future of a child. Missing a year of eligibility in a sport may mean missing some scholarship money or even just getting into a college. Let alone just penalizing the child for no real reason. One can clearly look at the facts and see that a child moved from one parent to the other parent. The child participated in no sports at the other school; nor did he participate in any organizational meetings. The child moved back and will be playing lacrosse at the school he played for the prior year.
So, I have been in courtrooms enough to hear a judge say, 'So, you ran the stop sign but there was a bee in your car and you were only distracted trying to get the bee out the window because you are allergic and panicked. Dismissed.' (True story. Though paraphrasing.) We took an inmate to court fro sentencing one time who was a walk-away from a minimum security prison who stayed out nearly a year. As I recall he faced an additional seven year sentence. While in prison originally before walking-away after transfer to the minimum security facility, he had learned to read, gotten his GED, apparently kicked drugs and alcohol and for all I remember brought peace to all the gangs in the prison (not).
In any event, he walked-away just before Christmas and his mother had fallen ill. He got a job actually somewhere in his old neighborhood making some cash in a store. Stayed out of trouble that year until he was final found and brought back in. Well, the judge gave him two years and six months with two years suspended (or close to that) credit for his time served on the six months which was running concurrent to the time he was serving anyway finishing the original sentence. Really, I think you have a high school student who has done nothing wrong held to a higher standard than an escaped convict. Not that I disagree with the judges decision.
I can go on and on with these types of stories most of which come down to an officer or judge's discretion and judgment.
In accounting, I do recall back when I did that for a living in the old days, if we were taking a conservative approach to something and could show why and justify it, then even if it was not to the letter of the regulation, we could still be justified in our approach. I never had an auditor disagree. You might have to walk them through it a couple times to understand; but as ling as they understood there was no advantage gained or to be gained (hey, you did not even play a sport at the other school); then there was not a problem.
In information security we deal with policies. The Information Security Policy states certain things where the business will come to you and ask that an exception be granted. Let us generically talk about a firewall policy stating that only http/https (web and secure web traffic) is allowed directly outbound to the internet from workstations. The business states that there is a workstation that requires the ability to transmit encrypted data over a specific encrypted TCP port to the insurance companies new program. The business group asks for an exception to policy. You gather your information to make certain the connection will be secure as well as the data. And, you likely go ahead and approve the exception. These are fairly common situations. We do not go into who the vendor is and why are we using them. Why are we not using this insurance company because we used them before, etc. (Hopefully we had a little due diligence along the way with selection and with the software upgrade requirements). This is way beyond the scope of our job and the need for a policy exception.
So, I am moving to start or be a member of the "Common Damn Sense Political Party" or the "Start Making Sense Political Party". Something like that. Some of this stuff is just absurd. If my party gets elected to party; if you do not make sense, I am bringing back the public square and dunk tanks, stocks, floggings and cotton candy! Funny I mention politics; because we all know that enters into some of these decisions too!
08 March 2009
They said it; I didn't
How many times have we had similar thoughts:
http://sports.espn.go.com/espn/page2/story?page=simmons/090306
A drum roll please.
http://sports.espn.go.com/espn/page2/story?page=simmons/090306
Q: My office is having a blood donation drive. All blood donors get two free tickets to an upcoming Clippers game. Do you think we should make clear to people that they DON'T have to actually go watch the Clips play? I would hate it if the Red Cross lost blood donors -- and innocent people died -- because they were threatened with going to see the Clippers.
-- Mike Wilner, Los Angeles
SG: Ladies and gentlemen, one more time, your 2009 Los Angeles Clippers!
A drum roll please.
14 February 2009
A Real Trojan For You
Security Kabuki. Or as Bruce Schneier would likely label it, "Security Theater", so I will pay homage to Mr. Schneier as I further that theatrical theme. I say Kabuki as it is highly dramatized and the outfits (uniforms in many cases) are usually something to die for...or at least something that will scare you to death.
I have all the respect in the world for law enforcement, the Armed Forces, Coast Guard, anyone in public safety or service. Big ups. God Bless them. However, some of the processes appear to be more laughable than laudable. I witnessed something a couple weeks ago that brought a memory rushing back. Have been going to drop a blog about it as it brought back memories and kind of stewed and simmered in my cavernous skull. I'll likely break this into several posts so as not to make it too lengthy and sleep inducing.
I drove onto a secure government facility where I had official business during one of our periods of heightened alert. This means there were more people out front with more and bigger guns than normal. More vehicle searches, etc. So, here I come in my wife's minivan. Wearing the credentials of the group with which I am affiliated that has a building on the complex. I would be known as a semi-regular at the time I suppose. As I pull up in line for the semi-permanent checkpoint I am in one of two lanes behind several vehicles. I am out of coffee and becoming upset at that or myself for not filling a second mug.
So, bored and out of java, I begin to watch the folks in uniform and automatic weapons and their searching of the vehicles. I notice something interesting. Large trucks with lots of boxes in the back. The "Routine" after watching a couple trucks, seems to equal = man in uniform with weapon opens rear door, stares at boxes for ten seconds, pulls door down and secures. Sends driver on his/her way.
Okay, so, that is not the most secure process to witness (having worked in a prison early in my days and having had to get up in the back of trucks, open and move boxes for vehicles coming and going, I have an idea of how the process is suppose to go-not that prisons are all that secure; but more on that another time).
Next up, comes Sally Soccermom in her Volvo station wagon, well, certainly they are going to wave her through or only do the cursory review like with the trucks. Hmmm, they have Sally out of the vehicle. They are opening all doors. Opening hood and inspecting engine compartment. Well, where did that K-9 come from--he must have been in the German Shepard Port-o-John when the trucks were out here. Out of the back seat of the car come the two baby-seats onto the asphalt. German Shepard does a once through. And then another pass. Luckily no rubber gloves, hoses, etc. are used on Sally nor are any soccer moms harmed in the retelling of this event.
I witnessed about eight different vehicles with the same results. Being a security guy (and/or having watched a Holiday Inn Express commercial last night to gain some expertise), I begin to think the obvious; which is the bigger threat? Trucks filled with boxes - or a false-front of boxes; or the Volvo with baby seats. I just would not want the bigger delivery vehicle coming to the inner sanctum with just a wave. It is like the guys drinking the baby formula before getting on the plane to prove it isn't explosive; while lax security surrounds the physical access to the plane itself on the ground for maintenance. Maybe the process was correct and it is a people issue. How to motivate people to do the hard work and get their butts up into a truck where the real threats may present themselves. I am a big guy and I could have hidden a dozen of me behind the first row of boxes in each of the trucks. Or worse.
I could see doing everyone the same and that would not cause me to throw the penalty flag. K-9s and Volvo's and minivans?
Believe it or not, that one morning watching the trucks get the wave through has been repeated several times as I have watched security at other places. This fits with Johnny Long's book or No-Tech Hacking presentation from DefCon or Shmoo (Google if the link is dead). Perfect example of where to just sit and watch to find the weaknesses in systems to later exploit them for a penetration test. Only, it is a bit scary how many places you can observe this. And at banks. And at. Well, I'll stop. For now. It is late here. 00:45 (UTC -4:00).
I have all the respect in the world for law enforcement, the Armed Forces, Coast Guard, anyone in public safety or service. Big ups. God Bless them. However, some of the processes appear to be more laughable than laudable. I witnessed something a couple weeks ago that brought a memory rushing back. Have been going to drop a blog about it as it brought back memories and kind of stewed and simmered in my cavernous skull. I'll likely break this into several posts so as not to make it too lengthy and sleep inducing.
I drove onto a secure government facility where I had official business during one of our periods of heightened alert. This means there were more people out front with more and bigger guns than normal. More vehicle searches, etc. So, here I come in my wife's minivan. Wearing the credentials of the group with which I am affiliated that has a building on the complex. I would be known as a semi-regular at the time I suppose. As I pull up in line for the semi-permanent checkpoint I am in one of two lanes behind several vehicles. I am out of coffee and becoming upset at that or myself for not filling a second mug.
So, bored and out of java, I begin to watch the folks in uniform and automatic weapons and their searching of the vehicles. I notice something interesting. Large trucks with lots of boxes in the back. The "Routine" after watching a couple trucks, seems to equal = man in uniform with weapon opens rear door, stares at boxes for ten seconds, pulls door down and secures. Sends driver on his/her way.
Okay, so, that is not the most secure process to witness (having worked in a prison early in my days and having had to get up in the back of trucks, open and move boxes for vehicles coming and going, I have an idea of how the process is suppose to go-not that prisons are all that secure; but more on that another time).
Next up, comes Sally Soccermom in her Volvo station wagon, well, certainly they are going to wave her through or only do the cursory review like with the trucks. Hmmm, they have Sally out of the vehicle. They are opening all doors. Opening hood and inspecting engine compartment. Well, where did that K-9 come from--he must have been in the German Shepard Port-o-John when the trucks were out here. Out of the back seat of the car come the two baby-seats onto the asphalt. German Shepard does a once through. And then another pass. Luckily no rubber gloves, hoses, etc. are used on Sally nor are any soccer moms harmed in the retelling of this event.
I witnessed about eight different vehicles with the same results. Being a security guy (and/or having watched a Holiday Inn Express commercial last night to gain some expertise), I begin to think the obvious; which is the bigger threat? Trucks filled with boxes - or a false-front of boxes; or the Volvo with baby seats. I just would not want the bigger delivery vehicle coming to the inner sanctum with just a wave. It is like the guys drinking the baby formula before getting on the plane to prove it isn't explosive; while lax security surrounds the physical access to the plane itself on the ground for maintenance. Maybe the process was correct and it is a people issue. How to motivate people to do the hard work and get their butts up into a truck where the real threats may present themselves. I am a big guy and I could have hidden a dozen of me behind the first row of boxes in each of the trucks. Or worse.
I could see doing everyone the same and that would not cause me to throw the penalty flag. K-9s and Volvo's and minivans?
Believe it or not, that one morning watching the trucks get the wave through has been repeated several times as I have watched security at other places. This fits with Johnny Long's book or No-Tech Hacking presentation from DefCon or Shmoo (Google if the link is dead). Perfect example of where to just sit and watch to find the weaknesses in systems to later exploit them for a penetration test. Only, it is a bit scary how many places you can observe this. And at banks. And at. Well, I'll stop. For now. It is late here. 00:45 (UTC -4:00).
Subscribe to:
Posts (Atom)
