November 24, 2006

A Product Deserving Of Praise

I definitely have to say something good about the new Trend Micro PC-cillin Internet Security System 2007 I downloaded last week.

In the past, I’ve had Norton and McAfee security.

Norton let all sorts of stuff in and didn’t always find it during scans, and I once even had to have some computer experts walk me through eliminating some Trojan horses, nearly 20 of them, that Art Carney Norton couldn’t delete or quarantine.

McAfee tried to take over my computer – in fact, for an entire week after I installed it, even after I turned off the spam filter altogether, not a single piece of email arrived in any of my inboxes, yet after I completely purged it from my computer, emails came flooding in.

I’ve had the current Trend Micro system for nearly a year, and it was good, though nothing compared to the 2007 upgrade I now have.

This one is awesome. It slowed my computer down for the first 12 – 16 hours after it was installed (direct download from Trend Micro, though they are sending me a back-up CD), also sending up cautionary flags whenever I visited another blog or other site ("unfamiliar website"), then it became “accustomed” to my browsing habits and seemed to make itself at home.

Whenever I go to a commercial website or open a curious piece of spam or other email, if it contains viruses, Trojan horses or any kind of spyware, hacking capabilities, etc, a red bordered rectangle appears on my screen and warns me about it, listing the hazards there while the system prevents them from invading my computer.

Since I travel a lot and consequently use provided access at hotels, the system is good to have as it has special applications for just such mobility, both ethernet port and wireless.

It also protects my home wireless network, and will protect the laptops of any of my guests while they are accessing it.

It downloads updates quite often, but they are fast (less than 30 seconds) and non-interruptive.

The tutorial that downloads with it is much easier to understand, even for a technologically challenged guy like me, than the Bangalorian “engineers” you get when you call customer support. You know, those folks you can hardly understand unless you’ve been smoking hashish for a few hours first. Not being a hashish smoker, I’m grateful for the tutorial matter.

This is the list of its functions and benefits, as provided at their website:

AntiVirus Security Detects and removes viruses and the latest threats from your emails, Internet downloads, removable media and PCs. Automatic updates immunize your security system against the newest virus outbreaks.

Spyware Protection
Blocks and removes spyware, adware, grayware, and root kits, a new type of deep-hiding invader.

Personal Firewall
Intercepts hackers and network viruses trying to attack your computer and home network.

Fraud Defense
Protects you from online phishing scams designed to steal credit card and bank account numbers. Configures easily and notifies you of the latest Web-site risk.

Wireless Network Monitoring
Safeguards against unauthorized users invading your wireless home network.

Home Network Control
Manages, configures and updates security for every PC on your network, with an easy-to-use management console.

Bonus Services

Trend Micro PC-cillin Internet Security 2007 gives you access to TrendSecure, an online suite of security tools:

Transaction Guard™ protects your online transactions conducted at Internet Cafes or other public wireless hotspots.

Remote File Lock™ safeguards your private files in case your laptop is lost or stolen.

Trend Micro Mobile Security protects your cell phone against viruses and other threats.

As far as I'm concerned, this security system is a great deal, well worth looking into.


Posted by Seth at 05:06 AM |

August 19, 2006

The Inherent Victory Of Terrorists....

.... is in what comes after they strike. The measures necessitated for security purposes -- "screw me once, it's your fault, screw me twice, it's my fault" -- at airports, in government buildings and in places where large numbers of people congregate, such as convention facilities, sports arenas and concert halls.

Here is where terrorism comes into its own. There is more to terrorizing than simply murdering quantities of human beings. Killing those victims is merely a tool to terrorize those who survive and carry the horror of the act with them, in their hearts and minds. To the late, unlamented Chairman Mao's way of thinking, successful terrorism breaks the will of a people to the point that they will capitulate with the terrorists rather than run the risk of enduring more of the same.

The Islamofascists who employ these tactics, however, thanks to the spineless years of the Clinton Administration, fail to realize that they are up against The American Spirit, the same spirit that won us a nation 230 years ago, seized by a relative handful of colonists from what was then one of the strongest military powers in the world, and has since driven this country to being the wealthiest and most powerful nation on earth.

In short, we're not the French {spit!}.

But we still feel the sting of terrorism, even as we fight it tooth and nail, in the security measures we must endure to prevent further acts of Islamic terror against Americans and our freedom loving friends around the world. We feel it whenever we pass through an airport security checkpoint, or enter a stadium for a concert or sporting event and are told we cannot bring in such items as coolers or back packs.

The inconveniences we, as individual citizens, are required to make are picayune compared to those endured by many large corporations and by government agencies, however, in whom are vested the responsibilities of both providing a safe environment for their employees, tenants and visitors on their respective properties, and protecting their own physical assets, which in the government's case means all Americans.

The point here is that we are all victims, in one way or another, of every terrorist act that is perpetrated or even foiled before it can occur, as in the recent, successful preventive operation in England. When a private firm is compelled by events to spend large sums of money upgrading their security venues, the cost is inevitably, and arguably rightly, passed on to the consumer as it is an increase in the cost of doing business.

The events of 11 September 2001 caused serious, if relatively temporary damage to our economy, effectively brought the airline and hospitality industries to their knees for months to come {ask anybody in the convention business about the massive cancellations and the significant drop in attendance that followed 9/ 11 for nearly a year} and slammed home a new awareness of the necessity for taking security seriously.

A case in point is the Sears Tower.

Trizec Properties Inc., the Chicago real estate investment trust that previously owned and managed the Sears Tower, took a hard look at security immediately after the Sept. 11 terrorist attacks. Major changes included beefing up the security staff — it now numbers about 75, including off-duty Chicago police officers on each day shift — and installing metal detectors, X-ray machines and keycard turnstiles in the lobby. Management also increased the number of security cameras and upgraded many of them from analog to digital.

The Skydeck on the 103rd floor was considered particularly vulnerable, because the structural mass of the tower is thinnest at the top, meaning an explosion there could cause the rest of the building to collapse, as happened with the World Trade Center. So metal detectors and X-ray machines were added there as well. New restrictions and protocols were put in place for the garage and loading docks, too, including explosives detection. Phones and speakers were installed throughout stairwells.

While the rank and file Muslim terrorist crows about the murders of Americans and other westerners by him and his cohorts, in his pedestrian viewpoint he is actually missing the "big picture" that really matters to the bin Ladens and other head honchos who use the little fanatics as pawns, and that is these residual effects that come after the act of terrorism. After all, you can't terrorize the dead.

We are at war with an enemy that is a lot smarter than we give it credit for and knows how to play the game from every angle, right down to maintaining public relations agencies such as CAIR and recruiting such internal enemies of the state as the ACLU -- A lovely combination, that: a union of theology-based fascism and blatant Marxism. They employ the Useful Idiots of host states the same way the Soviets did, enlisting via their propaganda the usual collection of air-headed liberals and other leftist entities to sabotage from within our self defense capabilities.

While we have enjoyed overwhelming success since 9/ 11 in preventing further terrorist operations on U.S. soil, any sense of victory we experience at the prospect is merely an illusion -- the enemy has inflicted lasting damage on our society as a whole, and continues to do so as he sets us up, through his exploitation of our own laws, our politically correct politicians, judges, mainstream media and leftist political organizations, for further and undoubtedly unprecedented acts of terror somewhere down the road, but not very far down that road.

Until we embrace Islam as the enemy of mankind that it is and either isolate it, neutralize it or destroy it, root and branch, we will continue to have to make costly, inconvenient or downright disruptive sacrifices of one kind and another in the name of our very survival.

Posted by Seth at 01:35 AM | Comments (19) |

July 15, 2006

Just When You Thought It was Safe...

They're not showing much concern for the protection of your card info in their systems, though they're more than happy to take your money.

It would seem that in this age of identity theft, all too many retailers are chaffing at the bit to accept payment for their merchandise via your credit cards and debit cards while, at the same time, they're not quite as tenacious where protecting the confidential information -- your confidential information -- their card processing terminals collect to obtain transaction approval.

What's up with that?

Posted by Seth at 12:53 AM |

July 02, 2006

Insecurity

Well,

One of the nation's largest unions has dispatched more than 100 organizers and members from around the country to Los Angeles as part of a full-scale two-week push to sign up thousands of licensed security guards for a new union local.

By "licensed security guards", they mean people who have a “guard card”, meaning that they took a 40 hour course in “security” and passed the simpleton-level “exam” the state collected a fee on. It’s like watching the PSTN (Professional Security Television Network)’s most rudimentary security officer courses, passing the super-easy quizzes that accompany them and then being issued “credentials” as a “professional” security officer. This is one way a state can collect lots of money off practitioners of a mostly unskilled job while contract security lobbyists gain a liability defense: “We hired our co-defendant based on his certification by the state as a licensed security officer.”

Meanwhile, most of these “licensed” personnel don’t have a clue where Security is concerned, they wear a uniform to earn their sawbuck an hour for whatever reason, nothing more, a tiny percentage even knowing about, let alone earning, even the very basic but effective CPO (Certified Protective Officer) certification.

Now here’s the Service Employees’ International Union, an organization representing waiters, bartenders, hotel employees and so forth, wanting to include “rent-a-cops” in their membership. Of course, they do: There are a whole lot of ‘security’ guards out there, certainly more than enough to make those potential union dues, collectively, a veritable pot of gold.

And they can negotiate on behalf of the security employee. Instead of standing around, doing nothing and knowing little for eight, ten or twelve bucks an hour, perhaps the union would be able to get them significantly more money and up their benefits for the same around-standing and total lack of real security skills.

The Service Employees International Union is expected to announce the public phase of the campaign, called Five Days for Freedom, today. Some organizers and union members — many from New York, Chicago, Oakland and Seattle — have been in Southern California since early last week, working with local union members and clergy who have been slipping in and out of office buildings and urging security officers to sign union cards.

The goal of the drive, say union and religious leaders, is to secure signatures from more than half of the approximately 6,000 licensed security guards who are employed by five large security contractors in office buildings around the county.

If they can collect about 3,500 cards, union officials said, they would be in a strong position to pressure security companies and building owners to quickly recognize a security officers' union. The service employees union and other unions prefer this strategy to the often costly and time-consuming step of holding a formal election.

When the feces finds the fan, most of these people will be utterly useless, probably among the fleeing rather than among those innate and deserving professionals protecting, restoring order and documenting events – after all, they only took the job because they were desperate for work.

And now the SEIU wants to unionize these folks? Fine, but only those who have taken it upon themselves to at least earn a CPO, thereby demonstrating that they are serious about doing security work rather than simply “making a living”.

If my business were big enough that I owned an office building, you can bet your life that the security personnel therein would be well trained, well compensated and experienced, and nothing a union could offer them would either equal or exceed what they they already had.

Instead, these L.A. unionistas want to make companies assume more responsibility for their unskilled proprietary security employees, or for the contract security personnel that work on their premises.

I’ve always been utterly contemptuous of the “guard card” laws that states like California employ because they’re geared more toward gaining employment for the unemployable {and collecting a fee, to boot}than they are towards ensuring that security people are in a job where they actually belong.

Hmmm, I wonder, out of sheer idle curiosity, if there are any liberals involved in this….

Extra, extra, read all about it here (free membership may be required)....


Posted by Seth at 12:38 AM |

June 25, 2006

Footloose And Fancy Free Security

One of the downsides of our technological age is the large inventory of security vulnerabilities it has brought with it. Like all advances in technology from the primitive to modern day, the new invariably phases out the old so that it eventually becomes a necessity, especially in business and government.

Electronic data storage isn't new, but as it has evolved, so have the computer skills of criminals who know how to make use of data they steal. This has created a collosal and still blossoming branch of the Protection Industry called Information Security that attracts many of the best and the brightest in the computer field.

Unfortunately, even in these days of heightened security awareness, many companies that possess confidential information fail, for any of a number of reasons, to adequately address security concerns and as a result, a lot of confidential data, much of it criminally usable personal information on people who have no affiliation with the companies in question and therefore no "say" in how their information is secured, is stolen.

Here's one government contractor that practically offers up its proprietary information to anyone who steals any of five thousand laptops from employees' homes.

A laptop containing personal data -- including Social Security numbers -- of 13,000 District workers and retirees was stolen Monday from the Southeast Washington home of an employee of ING U.S. Financial Services, the company said yesterday.

ING, which administers the District's retirement plan, known as DCPlus, notified the city about the theft late Friday.

The company is mailing a letter to all affected account holders to alert them to the risk of someone using the information to commit identity theft, spokeswoman Caroline Campbell said. The company is also telling customers that it will set up and pay for a year of credit monitoring and identity fraud protection.

The laptop was not protected by a password or encryption, Campbell said. Encryption safeguards information by scrambling it into indecipherable codes.

The letter should open something like this:

Dear Fragonard and Elise Boosprinhoffer;

Some time ago, your city government entrusted us with a quantity of your vital personal information, for whose security we automatically assumed responsibility. This letter is to inform you that we've screwed the pooch, and that your information is now in the hands of person or persons unknown.We are very sorry we didn't even bother using security encryption in the 5,000 laptops containing your confidential data, scattered to hell and gone among employees nationwide....

A Social Security number can be used by thieves to open new lines of credit in the victim's name. In the past 15 months, more than 85 million U.S. consumers have been told that their personal or financial data might have been compromised because of data breaches, disgruntled employees or incompetence.

Last month, the U.S. Department of Veterans Affairs announced that the personal information of 26.5 million veterans and military personnel was endangered after a laptop and external hard drive were stolen from an employee's home in Montgomery County.

I must say, laptops with peoples' confidential information on them are a hot item these days.

There is no reason in the universe for this kind of stupidity, and it really does demonstrate how seriously many firms don't take security, especially yours and mine. A competent security director, unless he was constrained from so doing by the fine folks in the executive suite, which happens more often than many people realize, would centralize all the confidential data in one place, where it could be safeguarded much more easily, and according to their work needs, employees could access it via a password protection system, each with his or her own password. Further, access could be both monitored and restricted to individual employees' specific need-to-know datum. All of that is within the range of modern security technology.

A lot of security people are in working environments in which, if permitted to do their jobs properly, they would have to "inconvenience" employees like "ladeedah" Larry the Latte Man, who wants to take home some confidential documents, breaching security policy, because it's oh so much easier to work in his office at home, an employee who "accidentally" left his or her company ID at home, but is almost late and has to run. "Sorry, ma'am, I see you every day, but for all I know, you might have quit or been terminated yesterday, and policy requires that I check. Please be patient while I confirm that you still work here, and then I can issue you a one day pass." Unfortunately, companies often require their security personnel to "look the other way once in a while" without actually documenting these requirements, all part of "promoting an employee friendly work environment". Then there's the PC factor that's forced on people whose job is often anything but PC friendly. Protectors cannot protect if they are not given both the needed resources and the authority to do what they have to do to protect their principals.

However, in not taking security as seriously as it is needed -- as in ING U.S. Financial Services, taking the path of least resistance, as it were, companies invite infinitely more costly problems down the road.

Isn't it nice that thousands of people can take your confidential information home with them? What are the odds that ING and the U.S. Department of Veterans' Affairs {one a city government contractor, the other a federal agency} are the only two such entities in the entire country that observe this practice? Not very good, I'm afraid.

I love this part:

ING executives say that they believe that their computer was stolen for its value as hardware and that thieves may not have been aware of the data it contained. ING said it is working with District police and has hired a private investigative firm.

How silly is that?

What they are really saying is, "We haven't a clue, this incident has thoroughly embarrassed us and the lack of confidence it has no doubt inspired will cost us a lot of new business and very possibly a number of our present clients, so in an effort to circumvent any kind of uproar at our incompetent security measures, we're feeding you this line of transparent bullcrap."

ING executives say that they believe that their computer was stolen for its value as hardware and that thieves may not have been aware of the data it contained.

A. What evidence do they have to support that "belief"? How do they know it wasn't stolen for the data within? It could as easily have been a dishonest friend or an ex with an axe to grind who knew what the employee brought home with him, because he had told them.

B. Even if the thief had stolen the laptop for its 'value as hardware', um, chances are that he or someone he fenced it to (there are computer savvy people in all walks of life, from flophouses to mansions) might discover the data and, both obviously possessing a criminal turn of mind, might either use it themselves or, if they weren't that expert, bring it to someone who knows how. Maybe some computer wiz kid from the suburbs who occasionally buys crack from one of them, someone's brother or someone's aunt, for that matter. Or a nine year old who lives down the street and spends all his free time in front of his computer, hacking into places he doesn't belong. This is a new age, friends, a real world remake of Alice In Wonderland, only rated R (and in some places, XXX).

C. Efficient crooks work just as hard at their respective trades as the rest of us do. Some use burglaries as camouflage for other crimes. To momentarily digress, I'll relate an example from my casino security days when I lived in Nevada:

One of the charges we made a lot of arrests for was called "Uttering A Forged Instrument" and dealt, among other things, with cashing or attempting to cash checks that weren't... well, weren't made out to the casher by the party or company whose name appeared on the checks. Casino cages cash payroll checks all the time, knowing that at least some of the money will find its way into their slots, across their tables or into the cashiers' windows in Race & Sports.

That said, there was a group of criminals in the city who bought up found or stolen IDs, passports and driver's licences from street people, pickpockets, etc. Their "gig" was burglarizing small businesses -- they would steal a couple of computers, whatever cash they found.... and then go into the business owner's book of blank payroll checks, removing a few pages of checks from the bottom where nobody would discover they were gone for possibly months. The owner would call the police, they would take a report and the stolen office hardware would disappear into a lake or someplace.

Next, they would draw from the pool of street people(in Las Vegas or Reno, the only way a homeless person can live with even minimal "dignity" is by staying clean and respectable looking, and they find ways to do it) local druggies and other petty crooks, matching faces to IDs as closely as possible and making out stolen pay checks in the names on the IDs. The checks averaged $800.00 to $1200.00 in amounts, and the deal was that the casher got to keep half of the amount. This was very well organized, the only flaw being the inevitable one when a lot of people are involved -- we were able to persuade a few of the cashers we caught to roll over on the people giving them the "work".

My point being, if ING doesn't know who pulled off the theft, how can they know the motive behind it? The employee from whom the lap top was allegedly stolen could, himself, have committed the "theft" in partnership with an identity thief who knows what he's doing.

Monday's burglary has prodded ING to analyze whether any of its other 5,000 laptops in circulation across the country lack adequate protection, Campbell said. Steve Van Wyk, the company's chief information officer, said he did not know how many of its computers lacked security measures but believed it was a small number.

"For us, this is very unfortunate," Campbell said. "But we're moving forward, we're very focused and committed to find any other laptops that don't have encryption software and to fix that. This incident revealed a gap."

It wasn't the first time, however. Two ING laptops that carried sensitive data affecting 8,500 Florida hospital workers were stolen in December, and neither was encrypted, said Chuck Eudy, an ING spokesman.

Emboldening mine.

So it happened to two (count 'em, 2) of their other unencrypted laptops about six months ago, and they didn't fully(assuming they are telling the truth about most of their laptops being encrypted) address the problem then. There are still a few Lone Rangers out there with the laptops from hell.

To my thinking, this is a double whammy. Not only didn't ING have competent information security policies in place before the first hit, but they didn't correct the vulnerability that the incident had flung right in their face.

I believe, also, that some blame goes to the DC city administrators that placed this data in the hands of ING without first having competent, experienced Protection professionals do a security survey on the firm and see that such vulnerabilities were addressed adequately. This was, after all, citizens' personal information their agency was sharing with a private sector company.

One thing about the Post article that shows someone, somewhere is thinking -- just in case it was merely a "hardware theft", they were smart enough not to release the employee's name and address. The DC cops are also totally right in not releasing any information on their investigation.

Posted by Seth at 02:15 PM | Comments (6) |

January 22, 2006

One Rewarding Career Path For Serious IT People

Over the last decade or so, the Protection(safety and security) Industry has proven itself as, and as such begun to achieve status as a "business enabler" rather than its outdated reference as "necessary overhead".

IT security has become one of the principal winners in the field, many of its best and brightest moving up to management positions.

Information security professionals, already experiencing a surge in demand for their badly needed technical skills, may also get a chance this year to flex their business acumen.

IT security professionals are being invited into corporate board rooms around the globe, wielding more influence and finding increased opportunities.

This is an industry sector hungry for talented people, and definitely worth looking into for those with the right skills.

Posted by Seth at 07:38 AM |