Model Threats, Apply Controls, Assess, Repeat.

You cannot have 100% security or zero risk. So protecting your digital assets and privacy are never perfect either. Business goes on and you have to accept some level of risk on the internet (and in real life). You need a level of security that fits your needs, security controls that will vary according to your acceptance of risk.

  1. Start with a list of assets you want to protect, e.g. a laptop.
  2. Determine what are the threats to those assets, e.g. theft or compromise.
  3. Determine the consequences of a successful attack/loss/compromise of assets (including privacy or anonymity), e.g. damage to reputation or identity.
  4. Select and apply security controls, starting with greatest risk, e.g. a hardware lock for the laptop, encryption of data at rest on the laptop, or using a VPN connection to protect your online activity on the laptop.
  5. Do the controls work? And how well? e.g. verify encryption is working, update VPN settings, apply patches. If there are weaknesses in the controls, go back to (1).

Take These Steps With Free Packages

The Amazon (or other retailer) brushing scam is going around a lot today(mainly since July 2020). Beware if you receive free Amazon packages. Your customer info (name, shipping address, phone, etc.) could be exposed and scammers can create bogus reviews for themselves. Worse, the scammer seller could send illegal materials and you could be charged. There could also be financial implications for you.

  1. Change your passwords, especially for banking or credit cards.
  2. Check your credit card and bank account statements
  3. Report the scam to Amazon or to the other retailer

Decide the Security Levels You Need

Do you want anonymity, privacy, pseudonymity, or some combination—and for what digital resources?

How important are your emails? How much privacy should your identification have? Are you off the grid? (Or think you are?) Whether you realize it, your digital assets all have security settings to them and possibly to different levels.

The security triad is Confidentiality – Integrity – Availability. Concerning the confidentiality of a resource (such as a file or directory), you will determine what level of access to your content you’re OK with, what level each person or group you know should be assigned, and which content to keep secret as a whole.

Continue reading “Decide the Security Levels You Need”

Taskforce to tackle the ransomware economy

The Institute for Security and Technology (IST) put together [a] coalition teaming up more than 60 software companies, government agencies, cybersecurity firms, financial services companies, academic institutions, and nonprofits to combat ransomware problem. Among the members, Amazon Web Services, Center for Internet Security, Cisco, Citrix, CrowdStrike, Ernst and Young, Deloitte, FireEye, Microsoft, and government organizations including the U.S. Department of Justice, Europol, and the U.K. National Cyber Security Centre(NCSC).

This follows the January takedown of the Emotet botnet by the FBI and law enforcement in Canada and Europe. A similar coalition was unsuccessful in permanently taking down the TrickBot botnet in late 2020.

China hackers target Southeast Asia militaries

Bitdefender has reported that APT group NAIKON targeted military organizations in Southeast Asia between June 2019 and March 2021. With cyber-espionage and data theft as its goal, NAIKON used a backdoor named Nebulae and the RainyDay backdoor as parts of the attack:
“NAIKON is a threat actor that has been active for more than a decade. Likely tied with China, the group focuses on high-profile targets such as government agencies and military organizations in the South Asia region.”

The Hacker News has reported on Chinese hackers targeting military orgs specifically in Vietnam.

https://thehackernews.com/2021/04/chinese-hackers-attacking-military.html

I have long thought China needs more focus in security. I hope to have a feature based on the threats posed by the CCP and corporate actors soon.

FBI sends exposed addresses to haveibeenpwned?

Back in January,  Europol, the FBI, the UK’s National Crime Agency, and law enforcement agencies from Canada, France, Germany, Lithuania, the Netherlands, and Ukraine collaborated in the takedown of the Emotet botnet. Emotet included several hundred servers managing a botnet consisting of over 1.6 million computers and devices. Now the FBI has forwarded a list of exposed email addresses to the Australian-built service, haveibeenpwned.com.

Emotet has usually been distributed in high volume malicious emails. The emails ask receivers to click a link or open harmful attachments disguised as invoices, shipping notices, and COVID-19 information. Enabling macros will install the malware on the device. The really nasty stuff deployed via Emotet is ransomware.

Just type in your email address and click to see if your email is among this and other breaches. Scroll down and view the specific services exposed with your email address.

Turn Old Samsung phones into IOT devices

I wish I had seen this before giving away an old S. It’s a good step for recycling and gives you warm fuzzies. With the latest software update, Samsung phones now have the SmartThings Labs feature on their existing SmartThings app to choose how they want to repurpose older devices, into childcare monitors, a pet care solution, or a light sensor. Earlier in the month, the company announced that the phones can now be attached to a handheld fundus camera called the Eyelike, which were made using Samsung’s own design. (Fundus cameras take images of the rear portion of an eye, including the retina, macula, fovea, optic disc and posterior pole.) The technology will aid healthcare workers in low income areas around the world in assessing eye health.

https://www.zdnet.com/article/samsung-launches-software-update-to-turn-older-galaxy-phones-into-iot-devices

It’s part of Galaxy Upcycling Program – Samsung US Newsroom

I think they’re on the ball here. Last year, 50 million tons of electronics were discarded. And Apple could do something similar, you’d think, with their new disposable iMacs being an unfortunate sign:
https://www.zdnet.com/article/the-new-m1-imac-highlights-everything-thats-wrong-with-apple

Gadgets 04/21/21: M1 iMac, create music with movement, & more

My new tech days are comprised of today’s deals and then upcoming tech that I think kewl.

I’m really a Win and Linux guy, but you have to admit that the speed and lower temperature output of the new M1 iMac are impressive.
https://www.wired.com/story/everything-apple-announced-april-2021

Make your own music with your movements.
https://www.kickstarter.com/projects/mictic/mictic-create-music-with-your-movement

Scary! I am intrigued.
https://www.kickstarter.com/projects/ujjo/ujjo-the-first-hot-sauce-for-coffee

Love this idea. I’m a big dog fan. Is it really wrong to want a purebreed?
https://academy.zdnet.com/sales/dna-my-dog-breed-identification-test

Alternative to AirPods.
https://academy.zdnet.com/sales/xpods-pro-true-wireless-earbuds-with-wireless-charging-case-white

I’m building a small survival kit. Yes, I know I live in a city and there is little you can do to get out in case of a real emergency. But here’s a tool set I just ordered.
https://www.amazon.com/EILIKS-Emergency-Earthquake-Equipment-Valentines/dp/B083KGPQL9/

Cycling the Strand in the Age of Covid

“We’re going to get you born again hard!”

“O.K. wild man.”

My response is in regard to Lennie’s suggestion of a 50-plus mile bike ride from Tijuana to Ensenada.

“Let’s focus on this right now.”

I was referring to the more-sensible bike trek south down the 7-mile-long Silver Strand Bikeway (Highway 75, part of the 24-mile, bay-encircling Bayshore Bikeway). You just have to use some gentle urging-on with Lennie the Road Warrior. I just want to start with the ride to the Coronado Cays, then to IB on subsequent trips. Let’s not push it, yet.

The strand is a slim sandbar with a beach, bikeway, and highway, a golden rope stringing together Imperial Beach and Coronado proper (also called “the village”). On the east side is San Diego Bay and on the west, the Pacific.

Right now, Lennie’s pressing me to push. “You can do it,” he says.

What a positive guy. Recently, his bike was stolen outside his place in East Village—but was miraculously then sold to his friend who owns a bike shop near him. Positivity and luck. Continue reading “Cycling the Strand in the Age of Covid”

7 Mental Health Tips for These Trying Times

Loneliness, anxiety, and distressing thoughts are part of life in the Age of Covid. I’m among those afflicted this season of woe. Dread sometimes intrudes on ordinary daily life. These thoughts have at times been disorganized and racing.

The Centers for Disease Control and Prevention (CDC) has said during the pandemic depression has increased by four times, anxiety by three times, and suicidal ideation by two times. With job losses and school closings, domestic and child abuse have been proliferating, and life expectancy has dropped 0.5 percent, particularly in the African-American population and among women.

While professionals offline (your healthcare provider) and online (pay services like tenpercent.com or joincoa.com) can help, I wanted to pass along some behavioral practices that I have learned over the past two decades: Continue reading “7 Mental Health Tips for These Trying Times”