Technical Tidbits

Someone on twitter the other day was really coming down hard on President-elect Barack Obama about his change of stance regarding the subject of net neutrality.

Before I address this issue fully, let’s take a step back and find out exactly what net neutrality truly is.

According to Google’s Guide to Net Neutrality page:

Network neutrality is the principle that Internet users should be in control of what content they view and what applications they use on the Internet. The Internet has operated according to this neutrality principle since its earliest days. Indeed, it is this neutrality that has allowed many companies, including Google, to launch, grow, and innovate. Fundamentally, net neutrality is about equal access to the Internet. In our view, the broadband carriers should not be permitted to use their market power to discriminate against competing applications or content. Just as telephone companies are not permitted to tell consumers who they can call or what they can say, broadband carriers should not be allowed to use their market power to control activity online. Today, the neutrality of the Internet is at stake as the broadband carriers want Congress’s permission to determine what content gets to you first and fastest. Put simply, this would fundamentally alter the openness of the Internet.
(source: http://www.google.com/help/netneutrality.html)

As you can see, these are some serious issues. It really borders the free speech, first amendment rights in the U.S. and corporate control of content.

In the recent election, it became very evident which networks were pro Republican, pro Democrat, and the minority of Independent networks. But, even with their pro Republican or pro Democratic slant, we all have the option to turn off the station or the television. We still have the right to choose.

You also may have heard the recent news that Comcast was told by the FCC that they could not block users from torrent networks and downloads. Comcast’s solution was to cap bandwidth, albeit a generous one. But this kind of behavior undermines the net neutrality fundamentals by restricting access.

There’s also the counter argument that you need to monitor Internet access to protect people. Many in the Internet community consider this a lame attempt at control.

We’ve been teaching online users how to protect themselves for many years, and still feel that education is the greatest protection against Internet threats including identity theft, malware, and security breaches. So we do not condone, nor support any attempt to control the content or access to the Internet.

That being said, let’s get back to the Obama Administration and their stance on this issue.

The person that was ranting on Twitter about the Obama position referred me to an article dated September 23, 2008 where they cited the removal of an entire section on net neutrality from the Obama postion statement. (See: http://lirneasia.net/2008/09/barack-obama-gives-up-his-plans-for-%E2%80%98net-neutrality%E2%80%99/)

However, comments from other readers - and I have seen it - state that the entire paragraph is still contained in the downloadable Fact Sheet PDF available here: http://www.barackobama.com/pdf/issues/technology/Fact_Sheet_Innovation_and_Technology.pdf

Further, the brief statements made on the new website does not read like President-elect Obama will be against net neutrality. In fact, I think his revolutionary use of technology with the campaign and his upcoming Administration shows just the opposite!

Why would a President wanting to promote transparency in government and publish a website like change.gov only to restrict our freedom and rights? It just doesn’t hold water with me.

I’m not one to drink the koolaid of any particular conspiracy theory or belief system. I research and try to determine the facts and right now, the way I’m seeing it, the facts aren’t adding up to Obama being against net neutrality.

Further, if you read the entire Google page referenced above and read the Open Letter from Google’s CEO, Eric Schmidt, he is clearly for net neutrality.

Add to that the fact that Schmidt is part of Obama’s transition economic advisory board, I don’t understand how this could be translated into Obama being against net neutrality.

Only time will tell, but right now, I can’t be convinced that President-elect Barack Obama is a wolf in sheeps clothing on this subject. The proof just doesn’t add up.

One of my favorite television shows used to be the X Files and Mulder always would always say, “The truth is out there.” Many people want to believe - for whatever reason - that every thing is a huge conspiracy. Maybe I’m delusional in giving the benefit of the doubt. Maybe I’m totally wrong and Schmidt and our future president are really aliens who came here from UFO’s. I mean it is possible. I don’t dismiss anything really.

But I am a very rational person. Facts have to add up. And on this subject, they add up to the fact that our future president supports net neutrality. And I don’t believe in “poo-pooing” Eric Schmidt’s involvement with the transition. If I wanted to build an open, neutral, transparent government online, I’d certainly want Schmidt in my corner!

What do you think he’s going to do? I mean really? Maybe he’ll sell your saved web search data to the FBI or CIA? Okay, maybe that is possible! But hey, you’ve been warned buddy. I’ve tried to tell you over and over again about big brother. So if the Feds end up with your data, you can’t say I didn’t warn you! You gave it to them freely. You have no one to blame but yourself.

And yes, I include myself in that because I’m a heavy user of Google for searches, webmaster tools, gmail, and the like. I will not download their software or share any of my documents with them online, but I do use a lot of their other services. So, I’m up the creek with you.

Roald Dahl’s, Tales of the Unexpected (SYN/1979-81) would begin with a narration that said,

“A wise man believes only in lies, trusts only in the absurd, and learns to expect the unexpected.”

I’ve held onto that belief since I was a young adult watching that series. (And a special thanks to http://www.tvacres.com/begin_occult_MZ.htm for publishing that quote! I’ve been looking for the exact quote for years!)

What would surprise me in the new Administration is if our new president would finally tell us the truth about whether or not we have proof of alien visits! Now that’s what I’d call an open, transparent government! And I may find my real father since my mother said I was the product from outer space! (Yes, she really said that!)

So, go visit change.gov and see the statement on net neutrality and decide for yourself.

If you gain anything from our new President, let it be the tools to think for yourself! Now there’s a concept for America!

http://change.gov/agenda/technology/

written by Admin \\ tags: barack obama, Big brother, comcast, Eric Schmidt, fcc, google, identity theft, malware, mulder, net neutrality, obama, president-elect obama, security breaches, the truth is out there, torrent, x files

I awoke this morning at 4:00 AM feeling pretty good! I hope you are having a great day too!

Before I embark upon the slow computer series of articles, I thought I’d clear out the list of updated information that I needed to post.

InfoWorld published the update in their article here:

Update: Tennessee man indicted for hacking Palin’s e-mail account

It appears the 20 year old young man, David C. Kernel,  is the son of Mike Kernell, a Democratic state representative from Memphis. He has entered a plea of “not guilty.”

The interesting point of this article however, is how Kernel gained access to Palin’s account.

As I’ve repeatedly shown my students and mentioned in newsletter after newsletter, you give away your security information on a daily basis.  In the case of Kernel, he guessed at her security questions based on freely available public information!

Now we know this is a widely publicised case because Sara Palin is running for VP. But, the truth is, Sara Palin’s identity could’ve been compromised with this hack had she more information in that account than what was published on wikileaks.org!

This is not only a random act of political hacking - it should be a warning to all of you out there!

I recently mentioned that my two sisters have become victims of having their identity compromised. My baby sister because she and my brother-in-law have Countrywide mortgage and they were notified of the recent employee breach.

My older sister had her identity compromised when someone used her credit card to purchase online games 5 days after she picked up her computer from a new repair shop and 1 day after using it to pay a US Cellular bill over her cellular phone.  Anthony Valente (our new instructor and Certified Ethical Hacker),  and I agree that it was probably a breach at the new computer shop.  (She didn’t want to bother me was her reason for taking it to a new repair shop!)

While you cannot avoid the breaches such as what happened at Countrywide, you can avoid the breaches like Sara Palin’s and my older sisters.

Remember, security is a process not a destination.  Knowledge is your only key to power! Learn to protect yourself!

---

For those of you looking for the Senator’s vote list, you can download it here: http://mice.org/getit/senators_vote.pdf

---

Be prepared for next Tuesday’s Patch Tuesday! Microsoft has released their advanced notification about the upcoming bulletins due to be released on October 14.

Scheduled to be released are 4 critical, 6 important and 1 moderate level bulletin, covering everything from Active Directory through IE and various flavors of Windows.

They are also issuing the latest update to their Malicious Software Removal Tool which should be named, “The I don’t know what I’m removing tool” as well as MU, WU, and WSUS.

And no, those are not Greek Sororities or Fraternities! They are Microsoft Update (MU), Windows Update (WU), and WSUS (Windows Server Update Service).

Check out the advanced notification here: http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

---

North Carolina settled with Credit Card Fraudsters.

You just never know what I’m reading!

In my latest edition from Direct Magazine’s Newsletter, North Carolina Attorney General settled with an Arizona company that was selling credit cards to consumers that they never received over the phone.

Note: Remember me speaking about identity theft above? DO NOT EVER GIVE AWAY ANY INFORMATION TO TELEMARKETER’S OVER THE PHONE! HOW DO YOU KNOW WHO THEY REALLY ARE?

It amazes me that people are still falling for these types of scams! Your concerns about your security and your identity should have you hanging up on these people or telling them to mail you whatever solicitation they’d like and you’ll look at it.

---

And since I was up so early this morning, I was able to get some extra reading done. And just when you think we don’t have enough problems with the world economic crisis, the UK gets hit with another problem!

A computer hard drive from the Ministry of Defense has gone missing!

Yes, Yahoo News published the report from London here: http://news.yahoo.com/s/afp/20081010/wl_uk_afp/britaindefenceitsecurityprivacy

According to the article, a portable hard drive containing the personal details of some 100,000 serving military personnel, over half the total armed forces has vanished.

Also on the portable drive was data on 600,000 potential applicants to the armed forces and the names of their referees, in the latest in a string of embarrassing data losses by the government in the past year.

We can only hope that they find the drive and realize it was just moved and they didn’t realize someone had moved it. It could happen!

---

One last thing! What’s up with Feedburner? One minute I have over 12 subscribers, the next day 9, the next day 6. Can this be trusted? Anyone?

---

Well, I think that’s my bit of housekeeping for today. Look for the upcoming series on slow computers to start this weekend!

Have a great day!

written by Admin \\ tags: david kernel, e-mail hack, identity, identity theft, Palin, sara palin, sara palin e-mail, sara palin email hack, Security

Yesterday, 08/07/08, I recorded Fox Business Network’s (FBN), Happy Hour with Cody Willard and Rebecca Gomez (Gogo) because former Mayor turned Real Estate Investor, Rudy Giuliani was scheduled to appear. I like Mr. Giuliani and wanted to see what he was up to.

Well, watching the program back late last evening, I received an unexpected surprise and blog fodder for this post!

It turns out that another guest appeared in an unrelated segment of the show having to do with Identity Theft, related to the news story: 11 Charged in Massive Credit Card Fraud Case, which brought up the whole TJ Maxx data breach, yada, yada, yada. So, Fox brought on an “Identity Theft Expert” (and I use the term EXTREMELY loosely) - Kevin Mitnick!

For those who are not aware of who Kevin Mitnick is, (is there anyone?) he is a convicted computer hacker turned security consultant. If you are so inclined to refresh your memory, you can check out his life on Wikpedia here: http://en.wikipedia.org/wiki/Kevin_Mitnick.

Now, before you all start coming down on me about how his sentence was excessive and all the other blah, blah, BS, let me say that I’m not condemning Mr. Mitnick for starting his own legitimate security consulting company. Nor am I saying that convicted criminals can’t do a 180. That’s not the point of this article.

What’s at issue with me is something that man said on national television - speaking as an alleged expert - that was down right WRONG! (For those who take my courses, remember the myths?)

At one point in the broadcast, Gomez asked Mitnick why aren’t the retailers secure? I believe she asked if it was a matter of not caring, or too cheap to put in the necessary security measures. Mitnick stated he believed they were, “too cheap.” (I agree, in part.) Then he went on to say that they are using WEP wireless security and that they should be using WPA because it’s unhackable. WRONG! WRONG! WRONG!

Dude! I know you were in jail until 2000 and that your supervision ended in 2003, but didn’t you do ANY RESEARCH before you started your security company and tout yourself as a security expert? Both WEP and WPA have been hacked since you’ve been freed!

Secondly, I don’t agree with your statement that retailers are just too cheap to put in the necessary security. The truth is both statements are true - they just don’t care and they are too cheap!

To retailers, identity theft and data breaches are a “cost of doing business” and a write-off. I mean think about this for a minute from a capitalist point of view. (And Cody, you should appreciate this!)

There is an underlying economy to this whole thing. Oh look! Another data breach! We’ll pay for your credit to be monitored for two years. (Credit reporting agencies make money - capitalism!) Oh look! Another data breach! (Security software and hardware companies make money as people scramble to secure networks - capitalism!) Oh look! Another data breach! (Security consultants and dove-tail businesses make money - capitalism!) It’s all about the money! From the thieves who steal your data to the companies who don’t secure your data! Capitalism at its finest baby!

And, I’m not complaining - just explaining!

So, there’s the first part of it.

Now, cheap or not, the REAL TRUTH IS WIRELESS IS NOT SECURE!

As we security professionals keep saying repeatedly, “Security is a process!”

Once we close one entry point, the hackers find another way in. And the truth is, what they’re coming up with is scary as hell! (But that’s an upcoming post later.)

Even if they were able to spend the money to secure their networks, the money wouldn’t be well spent realistically because the fix would only last a few weeks - at best! So, if the retailers are cheap about anything, it’s about not wanting to spend good money on temporary fixes!

Now, the other point of this post calls to question the fact that Kevin Mitnick also announced last night that he was asked to join the Lifelock Advisory Board.

Kevin, if you want any shred of credibility since you opened your company, DON’T ACCEPT! That’s career suicide!

Currently Lifelock has at least 5 class action lawsuits against it in a variety of states. I think the only reason they are still in business is because Goldman Sachs, the company being investigated by the FBI for subprime mortgage fraud, funded Lifelock’s last round of $25 Million in Series C Funding in January 2008. I don’t think they could afford another hit if Lifelock were to decide to walk!

I can’t believe anyone in their RIGHT MIND would want any association with that company! (But again, another blog post for another time!)

In closing, I’d like to say to Kevin Mitnick, “Stick to Social Engineering techniques or go back to school. A lot has changed buddy!”

To Fox Business, “Next time you need a security expert, call me!” (Ok, that was a shameless advertising plug! Hey! I’m only human!)

To Lifelock, “Good luck in court!”

Debbie Mahler
Founder
MICE Training & Education™
a Division of MICE Training & Technology™

written by Admin \\ tags: cody Willard, data breach, data breaches, fbn, Fox Business, fox business network, Fox News, goldman sachs, hack, hacked, hackers, hacking, happy hour, identity theft, kevin mitnick, lifelock, Rebecca Gomez, retailers, Rudy Giuliani, TJ Maxx, WEP, wireless, wireless security, WPA