Security Under Fire

Here is an interesting article that talks about emerging technologies and the vulnerabilities, threats, and risks that they increase as they are adopted.  Several experts are interviewed in the article, and although their experiences vary, they are consistent for the most part in their opinions that businesses are scrambling to adopt these technologies fast, and to figure out how to secure them.  Good work Howard!

Computing Canada – May 2013 Read it now: http://epubs.itworldcanada.com/i/129542/23

Licensing Security Professionals

I recently read an article insisting that Information Security Practitioners should be licensed.  This debate has gone on for quite some time, apparently.  Guess I missed the conversation.  I’m not one to stop yapping about security, just because everyone else has had a say…

Continue reading →

Happy 1st BaKtun!

I woke up this morning feeling the ravages of the common flu.  Pushing back the viral fog, I looked out my bedroom window, expecting to see the streets flooded with zombies, the skies dark with winged bodies of alien invaders, a maelstrom of clouds swirling and the blaring of trumpets.  December 21st, 2012 has passed, and still, the world spins upon its axis.  Hmmm, what about all this talk about he Mayan calendar, and the prophesied apocalypse?

Well, hold on tight, earthlings.  Our best and brightest may have mis-calculated by just a few days.  Apparently, the calculation should have pointed to the 23rd ’round midnight!  I’m hedging my bets, and shopping light this Christmas.  Ya never know, it might not happen at all.

The Mayans used calendars kind of like we do, and what happens when we run out of days on our calendar?  We get a new calendar!  That’s all.  That’s it.  The Mayans observed the cycles of nature and the universe.  The key to cycles is that they repeat.

I am truly blessed, as I got to see the shenanigans as the second hand swept across twelve in 1999, ushering in a new era where technology would fail us all, elevators would rocket through the roof, and nuclear plants would melt down.  And now I have seen (or will soon see) the end of time as we know it.

Interesting write up about all of this at the link provided in the image above, if you are interested in all this.  For me, it simply shines the light on what people will believe.  If a story is repeated long enough, if no better explanation can be quickly presented, rumors and myths will rule.

Doomsday in my opinion, will come, and far too soon I’m afraid.  However, it will be either by our own hand as a species, or by the laws of nature and luck.  I will be as prepared as I can be, as aware as I’m able, and as accepting as possible of the outcome.  Until then, I wish you all peace on earth, and goodwill to all mankind.  Happy 1st BaKtun, and stay secure!!

Why Do We Network, Socially?

A LinkedIn acquaintance of mine has posed what I believe is a very good question, and has caused me to reflect this weekend.  I have responded, but am frustrated with the very short box (a few hundred letters?  I’m noisier than that!!)  that is allotted to respond.  I will try to say here what I have said on LinkedIn, with the complete freedom to use as many characters as I please.  I would appreciate your input as well, to find out why others use LinkedIn to connect.

HC’s question:  Why do we connect on LinkedIn?  When I log into LinkedIn, I usually see just line after line, “So-as-so is now connected to So-and-so…”.  Okay, that’s great.  Then I see that I have something in my Inbox, and it’s a couple of folks I’ve never met, or perhaps someone who attended a presentation, who wants to connect with me.  For the past couple of months, I’ve been asking folks, “why do you want to connect with me?”  What’s the value in this “relationship” to you?  Most often, the response is, “oh, sorry to offend…”, and then nothing else.  The thing is…I’m not offended.

I too have been asking, if I didn’t invite the link, what the nature of the request is, or how I can help them otherwise.  Again, not intended to offend, I have always been somewhat selective with my Social Networking connections.  I will gladly share information with others, but will try my hardest to avoid sharing others’ information.  In my 5 or so years on LinkedIn I still only have 250 connections. Continue reading →

Samsung RIM Deal?

Rumor mill is churning wildly with speculation Research In Motion will be bought by Korean based Samsung, as RIM stock took a 5% JUMP.  Yes, a jump, upwards movement, positive trend…

It’s been a long hard row for RIM to hoe this past year.  A takeover of any PDA company is complex and risky.  Consumer preference is fickle, and tends to drop off in ways that influence relationships with mobile software developers, impacting the overall value of the business, as RIM has witnessed with third-party application developers desserting the platform.

RIM has always provided secure services to business users and governments, however the rapidly changing nature of the smartphone space complicates any potential deal.  RIM is a strong example of Canadian innovation, and the federal government could use the Investment Canada Act to block a foreign takeover.  It wouldn’t be the first time that Canada used the act to protect its major interests.

Many of RIM’s key clients would be skeptical of any deal that saw RIM become part of a company based in Asia.  I would personally toss mine out, as it would no longer be anymore attractive to me than the myriad other Asian platforms out there.  The integrity that I rely on, that Canadian securtiy content that drives me to continue using the Blackberry, would cease to exist.  The Asian market is too “open” to influence and subterfuge.  That’s my opinion, based on observation and experience.  There is simply too much espionage and unsavory traffic in that region for me to accept Samsung’s ability or interest in maintaining the devices’ security and privacy.

I dearly hope that RIM is not sold to a foreign company.  Any foreign company.  I do hope that RIM finds its legs again, innovates the hell out of the mobile platform market as they did in those early days, and finds itself right back in the saddle again, producing a reliable, respected and essential tool for those of us that require security in our communications.

Job Search Responses

Interesting discussion over at TechCrunch regarding potential employer response (or lack thereof) to hiring candidate submissions.  (Please, prospective employers, don’t get your knickers in a bunch, I’m not complaining, really I’m not.  Everybody updates ME.)  Most of this diatribe is based on the article, but I recommend reading and posting your own comments at TechCrunch.

There are plenty of job search engines, recruitment vehicles and so on out there on the Web.  If you’ve ever been on the job hunt, you know how frustrating and time consuming it is to manage the job hunt process.   </Start Griping>  You spend hours filling out forms and fields, manually recreating your resume in yet another database, adding more and more “action verbs” to your resume, etc.  You fire off application after application.

Then you wait.  Your prospective employer doesn’t respond.  You send a follow-up email.  Nothing.   Another follow-up after a couple of weeks, still nothing.   Maybe you get an interview.  You send a thank you and a follow-up email.  Nothing…….

Job searchers absolutely hate this resume black hole.  This deficiency impacts the relationship that the company may have with potential employees, who may also be potential customers.  It can damage your company’s reputation.  In a recent study 72% of respondents said they would be less likely to recommend companies’ products or services or write a positive review online if companies don’t respond to their applications.  All people want is a response or an update.  </End Griping>

This is the pain point a startup called StartWire is trying to solve.  Their value proposition lies in being a sort of project management tool for the job search process.   StartWire launched in early 2011 and had attracted 50,000+ registered users by January 1st of this year. Continue reading →

Bomb Kills Iranian Nuclear Scientist

Well, I think I may restart the digging of my re-inforced concrete bomb shelter that was put on hold when Bush announced that the war was officially over.  An Iranian university professor working at a key nuclear facility has been killed in a bomb explosion, the latest in a series of assassinations and attempted killings linked by the country’s authorities to “a secret war by Israel and the US” to stop the development of what Tehran insists would be a peaceful nuclear capability.  Two assailants on a motorcycle attached magnetic bombs to his car and sped off.

This conflict is getting ugly, and I personally anticipate an escalation to outright war is not far off.  I hope that I am wrong.

http://www.guardian.co.uk/world/2012/jan/11/bomb-kills-iranian-nuclear-scientist

Got Any iPad App Recommendations?

As I’ve been bragging all week long, my beautiful wife bought me an iPad2 for Christmas this year.  I’ve been poking around the app store, downloaded some new tunes (the kids have had it with my ragged old country music), and have scooped up as many free or cheap tools as I can find.  I’ve downloaded, tried and deleted so many apps already, but I’m still looking for a few choice ones.

What apps do you find useful?

My keepers list so far:

• Media/News
  • Facebook
  • LinkedIn
  • ResumeHD
  • CardMunch (for Linkedin)
  • CityNews
  • TO CityMinute
  • TheStar
  • DarkReading
  • CIO Digest
  • Security Tech Reader
  • ProSec Mag
  • WordPress Blogger
  • International Gamers News
  • National Cyber Security News
  • McAffee Threat Feed
  • CP24 News
  • Toronto Metro
  • FeedlerRSS
  • Bunch of iBooks (PDF)
• Travel
  • Toronto Path Map
  • TTC Rocket Man
  • TripIt
  • iTranslate
  • Compass
  • WeatherEye
• Utility
  • CompassFree Spreadsheet
  • QRScanner
  • Sci-Calculator
  • Project Mgmt Flash Cards
  • Liquid Planner
  • iJobs
  • Monster Job Search
  • CCTV Tools
  • Vtrace
  • NoiseSniffer
  • Fing (Network Scanner)
  • MobiControl
  • NetStat
  • Log Caliper
  • iVulnerable (CVSS Lookup)
  • Free WiFi Finder
  • Unit Converter
  • Cisco Tech Support Tools
  • Cisco Subnetting
  • NetMon
  • 5-0 Radio (Police Scanner)
  • Gadget Guide
  • SAP StreamWork
  • AnyConnect
  • SpiceWorks (LAN Management)
  • ROVE Mobile Admin
  • Dog Trainer
• Audit
  • Mobile Auditor
  • Device Inspector
  • iWorkFlow
  • Audit411
  • Internal Auditor Mag
  • iAuditor
  • CMO Audit Tools
  • Palm-T Home Inspector
  • Audit360Pro

775th Posting To This Blog

Wow.  Probably doesn’t mean a lot to anyone other than myself, but this post marks the 775th blog post that I have published to this blog since moving it to WordPress back in November, 2008.  Before that move, I was running it out of Rogers-Yahoo.  Back then, I didn’t even realize that I was “blogging”, the term is rather new. 

Happy Holidays everyone, and may your new year be healthy and prosperous.

Exchange 2010 SP2 Released

Microsoft has released Service Pack 2 (SP2) for Exchange 2010.  You can download it from the usual MS download site.  Great care has been taken by Microsoft to ensure that SP2 is high quality, and doesn’t suffer from the issues that affected two roll-up update releases for SP1 earlier this year.

• A key new feature in SP2 is the hybrid configuration wizard (HCW), designed to automate the setup of hybrid connectivity between an on-premises Exchange 2010 organization and Exchange Online running in Office 365.  Previously, admins had to tweak Exchange settings manually to get this kind of connectivity.  HCW will now do the heavy lifting, and reduce the number of necessary steps. 
• Another new SP2 feature is Address Book Policies (ABPs).  ABP is an answer to demand from large companies and hosting providers to logically segment their Global Address List (GAL), rather than allowing all users to see the complete GAL.  ABPs allow admins to filter different objects from the GAL and build a customized address book which is assigned to specific mailboxes by policy.  Once an ABP is assigned, the mailbox user can only see and address objects found in their customized view.  ABPs depend on Active Directory and Microsoft provides a schema update to make ABPs available to Exchange.  You will have to apply the schema update in any Active Directory forest where you want to deploy Exchange 2010 SP2.  Schema changes in the past have been problematic, and always seem to cause concern.
• The reintroduction of Outlook Mobile Access (OMA) will allow small screen mobile phone use.  More interesting to the Asian micro market segment than North American, as our screens appear to have gone in the opposite direction.

Exchange customers should prepare for deployment of SP2 after thoroughly testing within their environments.