Friday, August 5, 2011

First Nugget

BlackHat is occurring right now; it's a convention for hackers and security folks--yes we talk to each other get over it! Anyway the big joke is apparently that there is no such thing as cyber security. That's right it doesn't exist.

I have a joke I'm fond of telling to describe cyber security; you may have already heard it.

It goes like this:

Two guys are hiking in the woods and one notices that his buddy has a pair of running shoes instead of boots.

He says to his friend; "What's with the tennis shoes; you'd be more comfortable in boots."

His friend replies; "Yeah, but what if we see a bear that decides to attack us?"

The first guy starts laughing and says; "Man, you can't outrun a bear!"

His friend says; "I know, I just have to outrun you!"

So the point is this.

If they want you they'll get you!

If you're specifically the target you've got trouble.

If you are only a target of opportunity though, you need to make it as difficult as possible because you've got a chance. There are so many cyber-users we are like the gazelles on the plain in Africa. There are lots of us and it's always the weak/slow gazelles that get eaten; just like the slower hiker. LOL!

So are you a weak/slow gazelle?

This is a pretty good article that says effectively the same thing:

Stay tuned in and I'll offer you some tricks and tips to be a strong fast gazelle and therefore less appetizing to the predators.

Me and This

I work in Network Security.

I have for over 10 years.

I have made a number of predictions that have sadly come true. Time to start airing them publicly I think.

This blog will be my observations about Network and Computer Security as well as my opinions regarding the same.

First and foremost I'm a Geek! I've always been a Geek, although in the the 70's I wasn't as vocal about it. I played soccer in high school in the 70's when almost everyone else played one of the other big 3 sports. I have always been interested in Military History and as a result I play War-games. In fact like most young boys I started by throwing rocks at plastic army-men. Most boys stop and move on to other interests; I found a book in a public library by Donald Featherstone that moved my interest to a completely new level. Yes; I did play DnD (Whitebox) in the early 70's also. I don't RPG anymore; I prefer the heft and a game of little toy soldiers.

I was playing with computers in the middle 70's. The first computer I worked with had a magnetic drum memory and the program was loaded via fan-fold paper through an optical reader. It was true DTL (diode, transistor logic), coded in hexadecimal and integrated velocity meter outputs from a stable element to update latitude and longitude. It was a real beauty.

Anyway time passes, we have established my Geek_Cred, and now we are here.

When I started specifically in Network Security the threat, not counting phreaking, was primarily teenage kids with computers and too much unsupervised time on the internet. There were true elite hackers out and about although they were rare folk. Computer attacks were "mostly" about prestige and notoriety in hacker circles. Everything has changed! The threat today comes from organized crime syndicates and nation state espionage and we're all targets. Sure the groups of elite freedom fighting hackers are still out there (nods to hactivism) but they aren't the true enemy. The true threat is trying to get our information, our money, our accounts, our infrastructure and our national economy through the undetected control of our computers and networks.

Ladies and gentlemen they are winning.


Because we aren't doing what we need to as users. Because security is a nuisance for the user and the Big Tech companies. Because we aren't publicly identifying them for who they are. Because we aren't blocking them on the backbone routers in the name of prosperity and everybody just getting along.

OK; I'm getting off the pulpit. Let's get started; or not if you aren't inclined. Hanging around might save you a few dollars though.