Latest Happenings in the mind of Travis Yeargan

i always have something new in the works From new solutions designed to boost your business sECURITY, to resources to help you understand your INFORMATION technology and secure business practices that help you focus on what you do best.

Here are some of the things I’ve been up to most recently:

With increasing demand for solid cybersecurity, both in human head count, capital and leading-edge security solutions, we have all, the cybersecurity pundits, educational gray beards, and public officials, missed a simple truth. Cybersecurity means nothing by itself. It is how it is engaged within the physical world where you see the positive results.

So, I must ask the Trade Schools, Colleges and Universities. For all engineering programs, have you added X classes on cybersecurity? Electrical & Mechanical engineers?  Nuclear Engineering? Petrochemical? Let’s drill in the mantra of cybersecurity within all fields. From within Trade Schools, how is the discussion on secure S.C.A.D.A. and Control systems going. Have we drilled into the heads of our students that cybersecurity must be defined within the project statement of work? How about you in the golden tower of computer science? How about a mandated 1-3 classes on basic cybersecurity covering secure coding practices? Big data? Code scanning? Secure systems design? Architecture?

Not to be left out, Hey Business majors, who me? Yeah you over there,  have you heard of secure supply chains?!?! Manchurian chips? How do you develop a double-blind validation system for your supply chain? How about a security committee of Procurement, Engineering, Legal, and Cybersecurity?  Whats the best collaboration method to cross reference your risks and align them to the specific business requirements?  

With new graduates coming into the work force with a drill down understanding of the challenges within cybersecurity we will see greater security results within I.o.T, I.o.M, Vehicle, Critical Infrastructure and much more.

Adding cybersecurity in hindsight increases the cost of any effort greatly, design upfront, in a proactive manner will insure the security of world we live in.

This evening I am making a public service post to raise awareness about malicious phishing sites getting valid SSL certificates from certificate authorities.
 In Chrome, this means that a phishing site is labeled as ‘Secure’. Even if a certificate authority realizes they issued a certificate to a malicious website when they revoke that certificate, Chrome still shows the site as ‘Secure’.
 The fact that the certificate is revoked is buried deep in Chrome developer tools where most users won’t find it.

It can be a scary place out there…


Hacking has come a long way since 1971 when Apple founders Steve Wozniak and Steve Jobs hacked into phone networks and sold hacking devices called “blue boxes” to their fellow students at UC Berkeley. 
Nowadays, hackers understand that whoever possesses information has the upper hand in “the game.”
 Thanks to Edward Snowden’s leaks, we’ve learned that this is exactly what the National Security Agency (NSA) is after when spying on billions of people and leaders around the world – the upper hand.
 But the US government isn’t the only one trying to get their hands on information. In fact, in 2010 Google publicly admitted that hackers in China’s People’s Liberation Army had targeted their global password management system, thus granting them access to the accounts and web searches of millions of Google customers worldwide. 
Or consider another mass invasion of privacy that occurred in 2013, when the personal information from 110 million accounts was stolen from retail company Target’s database by a 17-year-old Russian hacker. As our data migrates away from physical silos into “the Cloud,” the need to protect our information becomes even more pressing. 
From a business perspective, the cloud seems like a great idea because of its implications for innovation, productivity, and entrepreneurship. However, from the standpoint of public policy, security and law, problems such as privacy rights and the jurisdictional aspect of criminalizing hackers still need to be addressed. Questions like, “Where was the crime actually committed?” or “Where does the criminal operate from?” aren’t easily answered within the current legal framework.
 Thus, regular citizens share the responsibility of staying informed about cyber regulations. We must encrypt the data on our computers and phones with encryption programs, such as BitLocker and FileVault, and by keeping the operating system up to date.

 

Some things, such as stalagmites, grow very slowly, other things, such as puppies, way too fast. Then there are things like the Internet that grow at an exponential rate. 

In the beginning, the internet consisted of very few networks, today it is over 35,000, of which Facebook and Google are the most famous. 

In the 1970s there were a couple thousand internet users, today it is two billion each day and growing, most people probably including yourself use several devices to go online. In the case of a network, exponential growth is good because the higher bandwidth the networks are, the faster and more efficient they are. 

Currently, fiber optics networks are the peak as of this writing in which the individual bits race as light pulses through the fiber optic cable and contain, for example, information about my website that you are currently using on your device. If your network and the network of the website are directly connected, this is of course much faster than if the information had to travel halfway around the world to a common router that connects your two networks.

 For example, if you search the NASA homepage on Google and click on the link, this is quite fast that’s because Google and NASA have a direct connection between their data centers. In data centers they connect different networks, we need a physical location that connects many cables that connect different routers, companies, and networks. 

Even my website is hosted in a data center. 
Thanks for making it to the end of this rather boring article.

In its early days, the Internet was only used by very few people and almost exclusively at universities.

 As early as 1969, it was switched on for the first time at that time there were only a few computers at four different US universities. At this time, the number of Internet users was 5,000.  There were so few, that there was actually a kind of “PHONE BOOK” with all people on the Internet. 

One of the biggest problems in the early days of the Internet was that different computer networks did not use the same language and were therefore not compatible with each other. Finding something on the internet back then was then a bit like looking for a certain room in the Tower of Babel.

 This situation changed in 1982 when the official connection protocol of the Internet was TCP / IP a standard for every new network. Through this protocol, networks that had previously been cut off from one another suddenly exchanged information.

 With this decision, the Internet began to spread quickly. In 1982, for example, 15 autonomous networks were online, four years later it was already over 4,000. Even individual computers with Internet access were more and more, of them in 1985 about 2,000 pieces and 1989 already nearly 160,000. 

Today, the Internet is an integral part of our everyday life. Companies store their data online, people order their food on the Internet, buy their insurance, send files, meet their friends and find out what’s happening in the world. But only a few of them know how this actually works.

  

So how is it that Google, Facebook, Twitter, YouTube, and LinkedIn can all offer their services for free?

 Most people assume it’s because of the money they make from advertisements. But that’s only part of it. In actuality, you aren’t really their customer at all. Rather, you’re their product and primary source of income. 

Today, everything is connected via iCloud or Google products. But that convenience comes at a cost: our privacy. Just imagine all the intimate insights into your private life that you’ve unwittingly shared with Google: that time years ago when you googled “Symptoms of gonorrhea” or “Am I pregnant?” These searches didn’t fade with the passage of time. 

They’re still stored in a database somewhere, and could be used against you when you least expect it. 

That’s exactly what happened to British 26-year-old Van Bryan, who, before traveling to the US, tweeted to a friend that they should meet “before I go and destroy America.” Unfortunately, the US Department of Homeland Security didn’t appreciate the poetry of this party metaphor; they flagged him as a potential security threat and barred him and his partner from entering the United States. 

Very often we simply have no idea what kind of information we’re giving up and what it will be used for. That’s because terms and conditions, which outline that information, are designed such that we ignore everything on the page except “I Agree.”

 One day you might walk by a pharmacy and see a picture you took last summer of your child playing in the sand in an advertisement for children’s sunblock. If it’s on Instagram, it’s no longer yours. 

Similarly, all the documents you store on Google Drive belong to Google. 

If J. K. Rowling had written Harry Potter using Google Docs, she would have given Google the rights to the book and squandered her potential $15 billion fortune along with it.

Are you aware that many of the email addresses of your organization are exposed on the Internet and easy for cybercriminals to find?

 

With these addresses, they can launch social engineering, spear phishing and ransomware attacks on your organization.
To help prevent these attacks you should investigate your email attack surface and find out which employee’s email address are exposed.

 

It’s often a surprise how many of your addresses are actually out there. Let me know if you are interested!
We’ve come a long way since the 1950’s when a single computer could barely fit inside a small building. Compare that with the world of today, where the iPhone in your pocket has more computing power than all of NASA during the Apollo 11 moon landing. 
But nowadays, technology is more than machines and gadgets. Rather, it’s an essential part of our lives – so essential, in fact, that over 80 percent of us check our phones within the first few minutes of waking up. And then we keep the same phones within three feet of us at all times. Our attachment to our phones can also be highly emotional. 
According to one US study, more than 90 percent of Americans feel high levels of anxiety if they forget their phone at home. Similarly, research from 2013 showed that Americans were spending more than five hours online every single day!
 We book our doctor’s appointments, check our bank statements and health insurance bills online, and browse Facebook and Amazon without considering the digital footprint we’re leaving behind. Often, our obsession with technology makes us forget that we’re putting our lives in the hands of software that can easily be hacked. 
This ignorance (or negligence) comes at a price. One study showed that about 75 percent of the time, hackers successfully infiltrated the devices they attacked within mere minutes. This could in part be due to the fact that in 2015 “123456” and “password” remained the most popular passwords. To combat this, many companies have begun implementing multifactor authentication methods (e.g., using your password and a single use code sent to you via text message) to improve security.
 But you should nonetheless change your passwords regularly, keep them over 8 digits long and include numbers, symbols, and spaces to avoid being counted among the 50 percent of people who use the same password across all their online accounts.
We take our smartphones everywhere: to the toilet, to the gym and even to bed. You could say that our smartphones know us pretty well. 
They have plenty of data on our habits and our relationships, but how well is that data protected? 
As it turns out, you aren’t the only one with access to your personal information. In fact, your mobile phone acts a lot like a spy who knows exactly what you’re doing, where you’re doing it, who you’re doing it with, not to mention for how long and how often. For example, Google has developed technology that enables it to access calls made on your Android device, and use your conversation and the sounds around you to create targeted ads. 
Say you made a call while Usher was playing in the background; next time you googled something, an ad about his next concert might pop up. We’re mostly oblivious to all this data-gathering. A study done by Carnegie Mellon’s Human-Computer Interaction Institute revealed that only five percent of Angry Birds’ users knew that the app collects location data, which it then sells to advertisement companies. 
These companies then use this information as a forecasting tool to determine your future behavior and, thus, your purchases. In fact, according to a McAfee report, 82 percent of all Android apps check your online activities and 80 percent collect your location data without your permission. 
Should you care about location privacy? Who cares about your whereabouts anyway? In 2012 a Russian company launched an app called Girls Around Me that provided users with an interactive map displaying Facebook profile pictures, status updates, and check-ins of the women in their proximity. The app was even approved by the Google Play and Apple App Stores! Is this social media or stalking?
 Whatever it is, it should be enough to make you think twice before skipping through the Terms of Service Agreement for your next app purchase.