The Price We Pay

Sorry for the lapse in new posts and information, life has been coming at me quick lately.

Anyways, THIS is a shorter article I found on CNN.com about the rising cost of cybercrime and how it has been affecting the bottom line of major companies more every year.  In my opinion, there is a direct link between the profits made using the technology and the amount lost to the cybercrimes.  The reason being, that most companies use outdated security, both hardware and software, on systems that were not designed for the extensive use they are getting.  I know a company I once worked for used an old Dell desktop machine with Windows Server 2003 to host their company website.  While by all accounts the system could handle it physically, the security on the machine was questionable at best.  One of the other programmers at the time suggested that we also store the client database on the same machine; luckily I was there when the idea was put forth so I could properly quash it.

In this age of technology and advancement, companies are having to cut corners in order to cope with the down economy and unfortunately one of the first things tossed is their digital security.  Hopefully this report will give a little bit of perspective to the companies that are just trying to save money by avoiding security bills; because I guarantee the amount that they spend for a little security will pale in comparison to the amount they lose once a system is compromised at a higher level.

China is Getting Serious

Link to Article

China has been a threat towards our nations computer infrastructure for years, and only now are they beginning to test the waters on our companies.  Unfortuneately the fact that our companies and corporations are being successfully infiltrated means that they will have an even easier time with everything else.  This is the reason that in the next 10 years it will be crucial that our nation pushes for computer security and digital forensics experts to divert or stop the full blown cyber-attack that China has the capacity to perform.

What's your opinion?

Article Link

I came across the above article this morning while sipping on my coffee and trying to get my head out of an insomniatic fog, so I only really processed it at about 30% capacity.  None the less, when I read the article header I at first thought about how terrible it was that a police officer who killed a man would be honored.  However, as I read on (and later read about the original case) I realized that in the situation described, the officer had every right and a duty to other officers and citizens to stop the young man before he could harm anyone else.  I do not understand why anyone would think that an officer being hit by a car (in a fire lane... by an obviously intoxicated man... who did not stop after hitting someone... and was driving towards innocent people...) is in any way an acceptable action.  As is, the man behind the wheel would have been in prison 25 to life for hitting the police officer with his car, and it would have sealed the deal when he DID NOT STOP after hitting him.  That's like saying "I did not know the gun was loaded when I shot him by accident, but I was drunk so I kept pulling the trigger and aiming at him."

I am one person who has always said that too much power is a bad thing, and that authority has it's place but in this case I concede that the officer in question had every right to fire his sidearm and deserves the award in question for potentially saving the lives of those around him.

Quick Post

Program Link

Who thinks I should try out this program?  It's online so it would be possible...  But it would let me get an advantage with the specialized training.

What do you think?

Article Here

This story kind of made me have to think.  I would suggest reading it and/or watching it yourself and think about how you feel on the matter.  After some consideration I feel that what the guy did was very ignorant and slightly moronic... But it should not have been a crime...

Secure Passwords and You

Something that I have been thinking about for quite some time is the method of creating the perfect password for those account that I just can not have accessed.  While I know of some of the latest trends in password rules make for strong passwords on average, this is not something that I want to limit myself to.  I know having a capital letter, at least 8 characters, and a number in the password makes it difficult to hack an account of this type; but as most Computer Forensics junkies know, social engineering is a much more lucrative means of obtaining someone's password.  While the arbitrary rules listed above make for a good starting point I would like to give my input as to a few other tricks that can help with the security of a password.

1)  Misspellings

One trick I have learned in my time of password use is that when a word in a string of characters making up a password is misspelled, it becomes almost impossible for you to remember even your own password.  This can be used to your advantage.  Find a word that you personally know that you mess up often.  Such words will stick with you, but it is not often that your tell anyone of this weakness.  While this use of the word won't help you learn to spell it properly in future writing/typing, it will give you a stronger password.

2)  Symbols

Something that is often not brought up in password rules is that some symbols are not allowed in the string of characters for a password.  The trick here is that some symbols ARE allowed.  It is not always the case, depending on rules set by the admins, but you could have a random symbol separating specific parts of your password in place of a space or any other use.  This is a very strong method of securing a password, especially if you use it in a way that most people would find arbitrary.

3)  The Past

My last idea is using things from the past as a guide for your password makeup.  The trick of this would be to use something from your past that not everyone knew about or things that come from a family specific tradition or something your friend told you that stuck with you for any number of reasons.  For example, imagine if you had found a turtle when you were younger in a pond near your house.  Let's just say you live in the country...  Anyways, your parents were firmly against having pets at the time so you hid him away and fed him in secret.  One day the turtle was gone; and while this upset you it was never something your parent's knew of.  Even if later in life you had more pets, they would never know the secret name of your hidden pet turtle.  This would be a premium name to use for a password, because you are the only (OK...and maybe Joey from down the road...) person who even knows of this pet.


These are just a couple of my more thought out ideas in terms of password security, and is nowhere near an exhaustive list.  Some day I may elaborate on this a bit more but for now, try these out and see if your nerd friends can break the new password.

A day of reflection.

No article today, just a bit of rambling from me.  Today I did alot of thinking, and for better or worse it let me focus on some things.  First of all, I have decided that I absolutely HATE having ANYTHING done by another person.  I soundly dislike waiting for someone else to do their job with no set deadline and no timetable beyond "eventually".  Also, when the end result is a decision that must be made, and that decision is very important to me, it feels like someone is intentionally making me have to wait to make a decision that I don't particularly feel like making.  You would think that it would be nice having time to consider, but I know what I want to choose, but I am not sure if I will be able to choose it.  It's all up to the person doing their job or not.

Secondly, I really need to find a pattern that I can follow.  I am a person who really does like to have a set of things to do in a day, and it has proven impossible for me to plan ahead.  I know what needs done but I either have no ambition or no time to do them.  I know this is mostly my fault but I also have been so exhausted lately that I just want to sit.  Even that has turned into a chore...

Anyways, that was today's rant.  Sorry about no intellectual stuff...

Just read the article...

This article made my day.

Despite how bad my day is going, this article kinda gave a glimmer of happy.

Not sure how I feel on this case...

CNN Marijuana Article

Like the title says, I am not sure how I feel about this case.  While I do not agree with the tactic the feds used to raid these establishments, I also can tell I do not have all of the information.  I would like to assume that there had been some circumstances that indicated illegal activities at these establishments but the article did not detail it enough.  They focused more on the companys' reactions to the incident, and not on why the feds actually raided in the first place.  This could be due to a lack of knowledge on CNN's end, or it could be that the feds did not release that information to the media yet.  Either way, I do not know if I can decide if the raids were legitimate or not based on the limited information given in the article.  In my opinion, there is plenty of room for law enforcement to bend the rights of businesses who work in a trade of this fashion, but it does not necessarily make it right.  While I agree that this type of business needs strict regulation and constant observation, I do not think that the occasional police raid is justifiable unless absolutely necessary.

This is amazing!

Justice is sweet

The thing I saw today was short, but sweet.  It really gave me a new perspective on how the justice system works.  I am talking about getting back at people in a fair way that might leave them speechless but when all is said and done, they even might smile about it.  This kind of justice that I learned about is actually being used around the world for many different purposes.  It mostly pertains to the digital world, but can be used in a many different situations as well.  Just like what I read, I will keep this short.  Check the link to see what I can't really describe myself.

This is just sad...

Main Article

This is an article I found earlier today relating to prosecutors overstepping their bounds in a number of California cases.  It is always painful for me to hear about situations like these, where a miscarriage of justice once again ruins the lives of those it is meant to protect.  The problem that I see as common among all of these types of cases is that the prosecutor typically works in some way that is both underhanded and typically illegal; presumably to get a conviction.  While I can understand it is their job to get those convictions, I doubt an employee at Wal-Mart would be commended for stealing money from people's wallets or giving away things from the shelves.  I mean, their two primary functions are to obtain people's money and move merchandise.  Right?

I can not be certain (because of different state's and county's rules) but most often I think this situation stems from the DA's office being an elected position.  The best way to get into a higher seat of power or retain your current one is to have many convictions, damn the consequences.  This is especially true among the ADA's under the current DA who most likely want to curry favor with their boss, or work towards over-taking him/her.  While I do not discount the guilt of those who act dishonestly in court, I do feel it has more to do with the system than the individuals.  I do not profess to have an answer, nor a suggestion, on how to fix this.  However, I do feel that if something is to change fundamentally in the system, it will most likely need to be spearheaded by innocence organizations such as the ones mentioned in the article.

Old people should not make laws.

The article that I posted is one of the most irritating stories related to computer crime that I have ever read.  I just want to begin by saying that I am totally for the freedom and speech and expression, however there is a line that has been crossed in this situation.  There is a difference between a company (in this case Facebook) having full rights to it's digital information and a company being allowed to obtain and hold in secret the effects of a criminal act.  In my mind, this is comparable to a non-employee walking into his friend's office, lighting up a blunt, getting arrested, and the company being allowed to hold onto the illegal marijuana and do with it as they wish.  The law was originally created to protect Facebook and other such sites from being held liable for what users did using their software/hardware.  It was NOT intended to give Facebook an all access pass to digital information that crosses it's internet threshold.  Seriously, what brilliant mind thought that a company should be given... Oh yeah... Old, rich, white guys... Sorry, I tend to forget that our lawmakers tend to think the internet is a series of tubes and that every company is just someone who tends the horses... But anyways, I just read this article and wondered if anyone else felt the same as me.  There has to be some accountability on the part of Facebook, even if it just means destroying the digital information (as best they can) so that it can not be dispersed further.

Going to start blogging more!

Despite the fact that my few initial attempts at blogging were total failures, I feel that I now have a responsibility to myself to begin anew.  The failure to write is my own doing; it was mostly due to my own lazy nature, but also because I felt no real reason to write my thoughts down.  I have always had a bad habit of keeping my thoughts to myself except in certain personal arenas such as talks with my family, with my fiance, or in the CS lab.  Having graduated and started my life in the "real world" I feel it will be important for me to express myself in a way that college used to let me do and I have little real time for recently.  I fully intend to use this space as my personal page and possibly write down some of the research and intellectual ventures I hope to work on.  If that becomes a more regular occurance, then I may make a blog dedicated specifically to my research.  I want to start independantly looking into digital security and computer forensics on a more driven scale and possibly start taking some graduate level criminal justice classes in the near future if I can afford it.  Until this starts up, I will just ramble like I used to.

On that note, working security is fun and boring at the same time.  By this I mean that it is nice to help people at the company I do security for and it is nice to be in a position that is actually related to what I went to school for.  The problem is, I thought the security position would be much more exciting than it has turned out to be.  It most likely is just the site where I am working, and I will not complain because it beats all my old jobs.  I just hope that in the meantime I can boost my resume a bit with some of my own efforts in learning and can work towards a more computer focused position in this company.  They mentioned that a bank needed a security officer with programming experience but then I got placed at a medical facility's front desk.  I don't want to push my luck however, because I know just how nice this job is and everyone that works above me treats me well... for a change.

I can't wait to start my training at AlliedBarton tomorrow. That is all...