Well, apparently in Pennsylvania there was a file transfer of personal records between their Department of Transportation and Selective Service. Then, when it came time for Selective Service to send out the letters demanding enrollment to those men who had not already registered, the clerk culled the database looking for all records with a DOB between '93 and '97.
Unfortunately, the "clerk" did not specify if he wanted eighteen-93 or nineteen-93. As a result, a whole lot of people born in the 1890's received the threat letter from Selective Service. That is, their grandchildren got the letters [!].
Here's the story on Fox: http://www.foxnews.com/us/2014/07/11/were-really-sorry-us-sends-14000-draft-notices-to-men-born-in-1800s/
The story is funny and it's not. You see, "we've" known about Y2K issues since the '80s (that is, the nineteen-80's) and significant work had been done to prepare for the event. So, it's bemusing that here we are in the middle of the second decade of the 21st century, and there are still file structures in existence which can succumb to this kind of error. Seriously, this should give all of us pause.
And, while a letter from Selective Service to one of your ancestors might produce a serious "face palm", I'm actually quite glad it was Selective Service who caused the error. Here's why. First, the error demonstrated clearly a vulnerability in the file structure. This is good. You want to expose structural errors whenever possible. And second, there is not much damage that can be done with a draft notice sent to someone 117 years old beyond the clerk's pride and maybe several thousand postage stamps.
Imagine if a similar error was revealed by, oh say, the IRS? or any other agency or business. It could have resulted in serious trouble. But, because it was Selective Service, it did not. And that is also a good thing.
So, as we face what could be the warmest July weekend in nearly a year, we can take a moment to reflect on the poor clerk in some cubicle someplace who will never live this down.
At least they will have a great story to tell for the rest of their lives.
Friday, July 11, 2014
Tuesday, November 12, 2013
Is Oregon the next "Land of Opportunity" for Tech Workers?
If you are looking for a career in technology, come to Oregon (?)(It's true!)
This morning's OregonLive.com published an article by Mike Rogoway about a new technology survey done with the participation with the Technology Association of Oregon. This study of Oregon tech companies found that 80% plan to increase hiring for technical positions.
Here is the link: http://www.oregonlive.com/silicon-forest/index.ssf/2013/11/oregon_tech_survey_finds_unive.html#incart_river_default
This is huge as it indicates that the "pent-up demand" for technicians -- across the spectrum -- is finally at the breaking point and hiring MUST begin.
Additionally, the survey also revealed that the average annual wages for tech positions in Oregon is at $94,000 per year -- or TWICE the state average.
"Talent availability" is one of their biggest concerns. This means that there is not enough people in the pipeline to fill all the positions.
Or, another way of saying it is like this: For technology workers in Oregon, Demand is High / Supply is Low.
For the colleges and universities in Oregon, our challenge is not simply to turn out graduates; but, to turn out graduates who are trained in skill sets relevant to the need of the companies in our State. At MHCC, we believe we are doing just that with training in everything from Help Desk, to Heath Informatics, to Networking, to Cyber Security -- and points in between!
Want to know more? (click here and look for "Computer" and "Cyber")
Sunday, November 10, 2013
They got me! The DoSearches.com "virus"
As an instructor in Cyber Security, I was a little disappointed -- although not surprised -- that I caught a virus on my home computer. What was disappointing is that I downloaded it myself. The truth is, I wanted to watch streaming video of the San Jose Sharks game and the only free streams were coming out of Europe, and... you can guess the rest.
The net result was that I downloaded a nasty little PUP ("Potentially Unwanted Program", technically NOT a virus but sure does act like one) that hijacked every one of my browsers and some shortcuts, and redirects me to their search engine at DoSearches.com which in turn displays a Google knock-off home page but with advertisements. And, it is a rootkit so it dig deep into your operating system.
After some quick research, I located this web site (http://malwaretips.com/blogs/dosearches-com-virus/#adwcleaner) by Steven Pilici posted in September of this year. On this page, he discusses the dosearches.com PUP and provides a 5-step approach to getting it off.
I did the 5-steps and not only did it remove the dosearches, it found and removed a whole lot more. Naturally, you are always responsible for your own computer. And, if you think you have some viruses (and you probably do), here are some nice, free apps which can help you out.
The net result was that I downloaded a nasty little PUP ("Potentially Unwanted Program", technically NOT a virus but sure does act like one) that hijacked every one of my browsers and some shortcuts, and redirects me to their search engine at DoSearches.com which in turn displays a Google knock-off home page but with advertisements. And, it is a rootkit so it dig deep into your operating system.
After some quick research, I located this web site (http://malwaretips.com/blogs/dosearches-com-virus/#adwcleaner) by Steven Pilici posted in September of this year. On this page, he discusses the dosearches.com PUP and provides a 5-step approach to getting it off.
I did the 5-steps and not only did it remove the dosearches, it found and removed a whole lot more. Naturally, you are always responsible for your own computer. And, if you think you have some viruses (and you probably do), here are some nice, free apps which can help you out.
Tuesday, October 1, 2013
NSA On My Mind
I remember 1968. I was living near Chicago at the time and watched the Democratic National Convention on our new Zenith black-and-white TV. If you are old enough to remember that time, you might still have images in your minds about the Hippies and the Hard-hats, the war, the protesters, and the police.
Imagine you are there right now in the midst of it all. Then imagine that in the front, Richard Nixon stands up to address the crowd and says: “You will all be given a device that you are required to wear at all times. This device will track your every movement to within 32 feet of your actual location. It will record every communication, message, and purchase. And if you look up any information, computers will track your every search, and government analysts and marketing professionals will track your every move and make decisions about what you can see and what you should buy.”
“And best of all, you will stand in line for hours – even overnight – just for the privilege of being one of the first to purchase this device.”
What do you think would happen next? Pandemonium? Riots? Or subservience?
Forthy-five years later, the Smart Phone is all the rage and tracking your every move is exactly what it is designed to do. Yet, this should not come as a great surprise. We have known for years that devices on the Internet have been tracking searches, purchases, and such; and the massive amounts of data gathered is used to customize marketing, guide political campaigns, and determine what kinds of foods you like. The Center for Disease Control (CDC) monitors Google searches to determine where viral outbreaks are occurring – seriously. And amazingly, people seem to be willing to share their most intimate thoughts on a variety of social media. In Web Design, we call this “folksonomy” where the actions of the “folks” are monitored to make predictions (using analytics) about what the “folks” are likely to do next.
So, it should be no surprise that the federal agencies assigned to provide our protection, would use the very same tool for capturing terrorists that marketing people have been using to capture sales. In fact, it is surprising that people are surprised. And of you are concerned about the loss of your civil liberties, forget about it. Take one look at your cell phone and realize our civil liberties were not taken from us – we purchased the product that gave them away.
Thus, when one considers the impact of agencies like the NSA purchasing hacker tools on the black market, one has to wonder “do the ends really justify the means”? After all, the tools were used to catch child pornographers. Today, young girls are safe because of it. Think like this: if the NSA is mandated to provide security, and we are in a time of limited budget and staff. So, if a tool is needed one basically has two choices: build it or buy it. Building it would be expensive and maybe outside of the skill sets of your team. And, if you buy it, well, you won’t find many good hacking tools at Office Depot.
What would you do?
Wednesday, August 14, 2013
Peek-A-Boo. I See YOU
In case you missed it, there is a breaking story today about a family who had a webcam as the baby monitor. A hacker was able to locate the camera (easy to do), but then was able to move the camera to see around the room, and then actually spoke to the child through the camera!
For the complete story, click [here].
Clearly this is disturbing for a number of reasons. Not the least of which is the fact that a criminal or predator now has the ability to “see behind closed doors” and know exactly what you are doing, when you are doing it, and with whom; and, with sight and sound.
The second very disturbing aspect of this story is that the hacker could have come in through the Internet connection (in which case, he could be anywhere in the world), or he could have come in through the wireless access point (in which case, he is out front right now).
In Cyber Security, there is a technique called “war driving” where basically you drive around a neighborhood looking for any wireless signal that is not secure. It is very easy to do and most smart phones do it automatically (amazingly enough).
And, just in case you think your WAP is just too obscure to be noticed, take a look at this website at wigle.net. This site contains maps of wireless access points with accompanying information. Go to the home page, click on Web Maps and then enter in a location. Be prepared to be amazed.
Getting back to the webcam matter, while webcams are a neat tool not only for Skype-like communications and general security, unless you secure your webcam, you are only providing access to a well-organized enemy. Check out this story by Amar Toor on The Verge about “an interactive map of insecure webcam feeds”.
Now the best part is that nearly all phones, tablets, and laptops come with camera and microphone installed. Which means that no matter where you are or what you are doing, a committed hacker can find you and activate your camera and mic.
But wait, it gets worse. As we “discovered” only last week, Federal agencies are using hacking tools to locate potential terrorists. If that is true, is it possible they would even …[fill in the blank]?
Seriously, put some electrical tape over your webcam. And if you do need a baby monitor, lock it down!
Wednesday, August 7, 2013
1 Million Malicious Apps
In case you missed it – and with all that is going on this week, it
would be hard not to – a new study by Trend Micro indicates that by 2014, cyber hackers will have created more than 1 million malicious apps for the Android.
See the full story here.
This is big news for several reasons:
- Androids account for nearly 80% of all smart phones planet-wide. This means you,
- Most smart phone owners do not even have virusprotection on their phones and they don’t come pre-installed,
- And yet, many people use their phones for business, banking, and other “secure” activities.
And, don't think that because you have an iPhone, you are immune to the problem. Apple wants you to think the iPhone is immune (click here), but some do not agree (click here).
See, the way that apps markets are set up for Android, Apple, and Microsoft,
is that you can create any kind of app you want and post it in the market
place. Maybe the app is checked and maybe it is not. Either way, most hackers
know that it’s not the initial app that gets you; rather, it is the malicious
app “update”. This is because most people with allow updates without even a
question.
In a sense, you infect yourself. Pretty cool.
Remember, awareness is half the battle.
Monday, August 5, 2013
In Defense of "The Dive"
When it comes to recent cyber security events, these past few weeks
have been most strange. It was not terribly surprising to learn that the NSA
has been using hacker tools to monitor for terrorism – that was to be expected.
After all, if the bad-guys can use a tool, we should be able to use the same
tool.
It is also not too surprising that the NSA (and possibly others) are
tracking Google searches to look for anything “suspicious”.
After all, an Internet connection is not private. And as recent events in
Boston have demonstrated – if the Feds know that someone has potential to do
something and they don’t do something
about it, things can get bleak fast.
[BTW, here is a nice link about how the CDC uses Google search trends
to track influenza]
And, it is not even surprising that if someone Googles related terms,
such as “backpack” and “pressure cooker”, they can expect a visit from thelocal SWAT team.
Although in this case, we did learn later that the fellow did a search on “pressure
cooker bombs”. That changes the story just a bit.
However, when it comes to personal security, what does make me nutz is
when we do it to ourselves. A perfect example of a mental lapse is this story
which broke in today’s Oregonian where the folks at Sylvan Learning Center
tossed a massive amount of personal data on their clients – including social
security numbers and credit card numbers – into the dumpster!! It will cost them $100k for that slip up.
Grrr. And who says “dumpster diving” is a lost art?
Subscribe to:
Posts (Atom)