Posts

Showing posts from 2007

Skeptical on Skepticism

For every post here on God And Security, 20 posts go never make it out of my head, and instead go "unposted". Throughout the weeks, many items catch my fancy, thoughts come and go, and my job gets in the way (I need to post from home, ya see...). Today, one escaped. Here are some thoughts on skepticism . Many of todays atheists prefer to be called "skeptics". I suppose this is because "atheism" sounds like (and, indeed has largely become) a religion. Skeptics (in this context) are people who proclaim non-theism in light of the lack of proof, and then take the stance that the lack of proof (or acknowledging that they won't likely prove a negative ) is reason enough to take a contradictory stance. These pseudo-scientists seek to show that a lack of first-person, verifiable positive feedback (i.e. proof) is reason to take a stance on (or, more specifically, against) an item. In this case, the case for God. I say "pseudo scientists" becaus

The New Athiests

I don't have much to add to this. Many interesting point here. Peter, as with many people taking an apologetic view (if you're not familiar with my use of "apologetic", follow the link) don't have the time or space to fully cover the issues, but he does an excellent job of providing some first arguments (which means there are a dozen counter-arguments and counter-counter arguments) to some interesting issues, as well as his classification of what makes the "new athiest", which is what I found the most interesting.

Oh NAC, We Hardly Knew Ye...

...before ye were corrupted by the Forces of Evil(tm). An acquaintance of mine just returned from Interop with a drawerfull of information which he showed to me. Having spent 18 months doing NAC deployments around the country and overseas, I was bummed at the direction many of the security^H^H^H^H^H^H^H^Hsoftware companies are taking this technology. Let me clarify NAC (Network Access Control) for you. NAC is: -Verifying the security posture of a system and the identification of a user to allow the user to use the system to gain access to the appropriate network, such as the enterprise, management or guest network. (Authorization may then allow the user to access resources on said network). NAC is not: -Anti-Virus (A/V) -Anti Spyware (A/S) -Endpoint (personal) firewall (E/F) -posture/profile control (blocking USB devices, for example) -A patching system Once upon a time, NAC was a tool independent of the desktop security posture components (A/V, A/S, E/F, etc...) used to verify the

PGP Primer

I recently saw a posting in which the blogger answers a question about "how PGP works. " I have no real context for why the question was asked (there's a reference I didn't follow at the beginning) but I found the description of PGP (Pretty Good Privacy) a bit brief. So I'll give something more lengthy. Anyone who knows me knows that being verbose is *not* one of my gifts. However, I'll shoot for something between a brief one-line definition and a Wikipedia article . First, PGP's primary uses: Encrypting messages and files Digitally signing messages and files Encryption - Many people are familiar with a basic way to encrypt something on a computer. You put a password on it, and anyone who knows that password can read it. PGP is novel in that it uses a different paradigm. Rather than give you the specifics on how it works, I'll give you an illustration on how it functions: You have an unlimited number of safes (as in a safe you would put money or

Airport Security Part II: Anticipation is Making Me Wait

Over the last three years, I have probably had to go through an airport security screening line on average of once per business day. I've seen *many* things. While its popular to attack airport screening , and I suppose it's apropos considering some of the lameness we've seen from the TSA , I'd like to take a turn at defending it...a bit. I've read articles about people who have had all kinds of problems. Most of them involve the elderly, the young or the handicapped. I'm not making a judgment call, I'm just relating what *I've* seen and how I feel it probably extends to the world beyond me. My first observation is that the bulk of issues I see at the screening points surround people not being aware of the rules. Let's pick one simple rule that, from my experience, makes up way over half of the "issues" at the TSA checkpoints: liquids. Now, take a walk with me. We're going to start at the ticket counter at Denver International Airp

Know Thine Enemy

I know it's politically incorrect to generalize about a group of people. A small percentage of Mexicans enter this country illegally, and all Mexican-Americans feel the brunt of criticism. Similarly, when I was in college, if you were white and had a shaved head, you were probably a racist in most people's eyes even though I'd bet that "skinheads" were the minority of bald white men. At what point is something a problem? Recent census information shows about 41 million Hispanics in the US. With somewhere between 6 and 10 million illegal Hispanics in the country, that represents about 15% to 25% of Hispanics being here illegally (with the understanding that the percentage could be lower, as I have no numbers on how well the illegal aliens were counted in the census numbers, and therefore may add to the 41 million, instead of being a part of it.) If I were Hispanic (which I am) and I knew that some double-digit percentage of "my bros" were illegals,

Lenox Financial

Okay, you've heard the annoying commercials on the radio with the tagline "the biggest no brainer in the history of Earth." When it came time for me to refi (a few years ago), I decided to give them a shot, skeptical though I was. They did everything as advertised, to my great surprise! Why am I putting this in my blog? Because when I was researching them, I couldn't find anything about them. I couldn't find anyone who had blogged or posted or anything about them. So here you are, I used them and am happy. On an interesting side note, a local company ran a *brief* counter-ad which had the line "don't be fooled by no fee gimmicks..." That ad didn't stick around long, presumably because people are learning that they aren't "gimmicks". Well, at least mine didn't appear to be!

The Countdown to Copycats

Let's review the situation With 105,000 + K-12 schools in the United States, I'll venture to say that we see at least one copycat by the end of this school year. By copycat, I'm saying that some student somewhere will claim to see a few suspicious people with the hopes of shutting down school for a day. Whereas a bomb threat is a felony, and most students know it's a _big_deal_, others might not realize that such a claim as a suspicious intruder can still land them in a comparable world of ...badness.

It's Not What You Know...

Well, actually it is. "What you know" is critical here, because this is a security post. "Whom you know" (who? whom?) if *far* more important on the religious side of my blogging :-) Information Technology (IT) is a fascinating industry. As people jockey for position, I now see and older generation of IT people (35+ years old) and the young upstarts go head-to-head on issues. The "oldsters" say that they have all the experience, and the youngsters say that anything they learned in IT over 5 years ago is of little or no value. While I agree that the fact that I remember how to low-level format an MFM drive from the machine language monitor (debug;g=c800:5 or g=cc00:5) is of absolutely no value today, the same cannot be said for security knowledge. I was reading a random article I picked up from my daily trip to Infosyssec (www.ghosthip.com ) which posed an excellent question: "What basic security knowledge should be expected from security profes

Idea Explorer: Security

In his blog, Brad Jarvis identifies six of the approaches to maintaining effective security. These approaches are not IT-centric, but rather are for personal and civic security. They are: Offense Defense Containment Alliance Assimilation and Retreat. Specific descriptions may be found at this link: Idea Explorer: Security. I tend to look for "universal truths" as often as I can. In this pursuit, I looked at Bradley's list and attempted to put it towards IT (Information Technology) security. Truly, all of these approaches may be seen, even " alliance " and " assimilation ", in the IT world. While I was going to spend some time expounding upon the parallels, I became enamored with one in particular: offense. Offense, as Bradley identifies it, involves "attacking (destroying) someone perceived as a threat". I have worked in numerous computing cultures, from WFO (Wide Friggin Open) to military and financial uber-controlled. I currently wor

Mitt Romney is the Antichrist

...and I shouldn't use hyperbole in a blog post title. In a previous post, Dishonesty in Religion , I talk about my concerns with having a Mormon as the President. I few comments on the blog and a few discussions with friends have helped me to amend this position. I would have a problem with Mitt Romney as President. First, let me give you some of my assumptions: -Most things a politician says, s/he says with an agenda in mind. -Most politicians are interested in garnering as much of the vote as possible My problem is that when Mitt presents himself to Christians , he tries to present himself as one of them (see Dishonesty in Religion for why this is a problem). I believe, however, that he is not only being dishonest in how he presents his beliefs to Christians, but I believe he is subtly reaching out to other demographics in dishonest ways. When asked what his favorite novel was, Mitt stated that it was Battlefield Earth , a sci-fi novel by Scientology founder L. Ron Hubbard.

Death to Security Companies

Well, that's what Art Coviello from RSA would have us believe . To quote Art, "With the exception of a few exceptional start-ups, there will be no standalone security businesses within three years." There's no way he's just making this comment because RSA has joined forces (read: been absorbed) by EMC, the network storage giant. That is not to say that I disagree with all Art says. He comments that the security industry is too focussed on its own problems, and not enough on trying to perfect security. I wholeheartedly agree. Having worked with and for a number of pure security players, I can safely say that they are focussed on the "business" of security and not the "ideal" of security. Does that make them wrong? No, but it isn't encouraging, either. This particular problem, however, doesn't go away because security vendor "A" has now been purchased by larger corporation "Z". Now, EMC has a cute little securit

TMI

"Too Much Information" No, not another "Shave the Cheerleader, Shave the World" kind of post, rather it is a comment about the current headline over at the FBI.gov website . The interesting part begins with "So, what happens when...someting is amiss? First, our local WMD coordinator (there's one in each of our 56 field offices)..." and so on. Really, it's an interesting read on how the government will react should, say, a bunch of birds fall dead in Austin . Now, I'm not one to normally advocate " Security by Obscurity ", but doesn't there come a point in time when we decide to not tip the enemy's hands on exactly what we would do during a crisis? "The key for us is that conference call..." Great. If I'm attacking, I now know to take out the local field office (or at least disrupt the local the WMD coordinator). Just because of who I am, I have two theories about this article: 1. It's all PR to make peop

Shave the Cheerleader, Shave the World!

Image
Sorry, bad Heroes pun. I'm a huge Heroes fan. I will forego any other potential puns (and there are quite a few!) regarding Britney and her chrome dome. Suffice it to say that I have an opinion, and it is related to neither God nor security (though I'm sure God loves her). She's an attention whore. Of course, anyone who wishes to succeed in front of a camera or mike would do well to be an attention whore, but Britney is special. Things I wonder: -Did she fear that Anna Nicole Smith was hogging her limelight? -Did she think she had the potential to look good this way? -How many girls (I use the term "girls" advisedly) will see the sheer volume of attention this generated, and even the sympathy and concern, and will duplicate the feat? -How long before other Hollyweirdos condemn the media for talking about how "ugly" Britney is with no sensitivity to cancer patients? I'll bet we see a few of them shave their heads, not in support of Bri

Religious Dishonesty and Politics

Of course, if I had said "Political Dishonesty..." that would have been redundant. First off: Time for a "worldview check". My worldview is basically that anyone who accepts Jesus Christ into their heart and acknowledges Him as their Lord and Saviour will, through the grace of God, find salvation. As such, many Mormons should fit into this. The question here is that the Jesus that Mormons believe in isn't necessarily the same one I believe in, so I don' t know how that will work. Now, on to the post. In this article, Mormon and former Massachusetts governor Mitt Romney tries to ally himself with the Christian Right of the Republican party. He does so by trying (in a nice ecumenical spirit) to point out critical areas of agreement between his beliefs and those of Christians. Unfortunately, while he may use terms that sound familiar, they carry different meanings. 1: “I think I’ve found that people across this country want a person of faith to lead the

Teacher Accused of Porn

Surfing it...not doing it. (Just thought I'd clarify!) This article is *definitely* worth a read . It's MSNBC, so it's safe for work. To sum it up, she checked her email before her (seventh-grade) class (she was a substitute, by the way), left for a moment to the restroom, and came back to find kids surfing on the computer viewing a website on hairstyles. She chased them away, and later during the day the graphic images started popping up on the screen. She tried to click them away, but they kept returning. Furthermore, she had been given strict orders to not turn the computer off. Furthermore, she claimed to have little knowledge of computers. The defense claimed that malware caused the images to appear. They furthermore posited that the students had went to what they thought was a hairstyle site, and were redirected to a porn site. I was going to jump in and defend this woman, as I feel she is likely the victim of some drastic injustice (she faces up to 40 years in

School and Drugs

Ah, yes. I remember it well. Northeast Junior High (wtf is a "middle school"?), circa 1981-ish. One of the students at scholl (whom I didn't know) was caught with acid-laced stamps. I didn't know what acid was, save that it was some kind of illegal drug. I don't recall how big my school was, but my guess would be that the seventh through nineth grade school had over 400 students. Probably way over 400 students. So, when the local newspaper ("The Sentinel") ran the story, they interviewed the Principal (Mr. Albi) who said something to the effect of "there are only twelve students in this school who use drugs, and I know who every single one is." I recall commenting to my parents (they asked if this was true) that I could probably point out twelve kids in many classrooms that did drugs. I don't know if this was a principal in denial, or someone trying to minimize the perception of a problem to save his job. See my "Soliciting A

Don't Forward That Email

Awright, I'll admit it. It's a peeve of mine. I often get the same junky emails from friends that you probably do. Virus alerts, funny stories, scary stories, facts about this or that politician, whatever. Being a Christian who is active in his spiritual community, I also get many prayer requests, anecdotes and studies. 95% crapola. I'm going to make a few statements which may tick you off. If you're a Christian brother or sister, it may tick you off bad! Still, give me a chance to explain. I promise that: There are no hypodermic needles tainted with AIDS in McDonald's ball pits (there, that wasn't so bad, was it?) George W Bush Jr doesn't have the lowest IQ of any modern day president That shark isn't really attacking that helicopter flying low over the water There isn't a conspiracy with Dr Pepper regarding the Pledge of Allegiance Bill Gates isn't going to pay you squat to send emails. (and no one else will, either) Still with me? There&

Soliciting A Minor

Accurate thinking. How many people are able to examine a statement and logically deduce the likelyhood of its truth? I'm talking about more than being a "lie detector", rather I'm talking about evaluating statements to determine if what was said logically makes sense. Here's an annoying example . Apparently the Chief Privacy Officer from Facebook, a teen site, claims that a recent incident is the first time Facebook has been used to contact a minor for predatory reasons. Really? (another reference) Somehow I doubt that this first person who was caught was also the first to use this site. Facebook has been around since February of 2004 and has amassed over 8 million members . One of the requirements for Facebook membership (it's not open to everyone) is that "users must be members of one of the 30,000+ recognized schools, colleges, universities, organizations, and companies within the U.S, Canada, and other English-speaking nations. This generally in

Take My Privacy...please!

Okay, I'll be the first to say it: I think the whole "privacy" thing is overblown. Well, not the *whole* privacy thing, but much of it. I am *very* interested in protecting individual information, such as credit card numbers, health records, phone numbers and such. I am getting less and less concerned about other matters of privacy, and I believe that many of the pro-privacy advocacy groups are going to be blocking technologies that will make our lives better. What good is an "anti-paranoid" security professional? I dunno. What will transportation look like in the future? Probably automatically-controlled vehicles a-la half the sci-fi movies you watch nowadays. Many people don't give this a second thought, but let's think about a logical step towards that: Black boxes. Did you know that your recent-model automobile likely has one already? How do you feel knowing that, should you get in an accident, a law enforcement officer may collect this data a

MySpace "Hacked"

There have been a small number of phishing attacks against MySpace users. The latest round gathered some 56,000+ login names and passwords. Now, every security guy in the world is blogging (and blogging more) about peoples' crappy choices for passwords. Similar to websites that poll you about various hot topics, there is a fundamental flaw to this password analysis. Go to a news site with a story about Hillary Clinton, and there's a decent chance there's a sidebar poll asking you if she has a chance to win her party's nomination (or the Presidency). This poll will inevitably identify itself as "unscientific", but readers still put some stock in it. All that poll will tell you is what percentage of people who would read an article about Hillary Clinton actually think she will get nominated or elected. Furthermore I posit that the most likely people to read that article are ones who are in favor of her, and therefore the poll results should be skewed tow

Watching Sneakers Again

I prefer Wargames, but Sneakers is cool. Much to my surprise, the kids love it. They don't like me pausing and explaining stuff, but they love it.

My New Favorite Toy

Okay, I have a new favorite toy. It's called Engarde Secure Linux . This secured Linux distribution goes beyond the normal SELinux capabilities with a restricted root and true Mandatory Access Controls (remember your CISSP training?) Why do I care? A few years ago I was tasked with building a secure file transfer system that was built on existing tools which a "partner" company could acquire and tie into, and it had to be easily automated. Based on the requirements (and taking a guess at what regulatory requirements were going to pass legislation) I built a system running on a Solaris box that SCPed data to- and from- partner companies. This data was PGP encrypted (if we were sending it) to the customer's PGP key, or it was received from the partner and automatically decrypted via PGP command line. This posed a few problems. The enterprise version of PGP command line (from Network Associates at that time) required that the passphrase be read from a text file, sto

Past Performance Is An Indicator...

of future results. Quick rehash: Iraq kicks out UN weapon inspectors . Eventually, we get ticked off enough to do something about it. (For a brief post on this issue, look here .) Now, Iran has banned UN nuclear inspectors . By my count, they have either 11 years of cushion here, or until the next Republican majority in the House and Senate coincide with a Republican president. There is a part of me that would like to think that Iran is actually just trying to get nuclear power power for the pipples (if you don't get that reverence, post and I'll 'splain). It would be nice to stage a power plant in a good neutral country and "ship" power over to Iran, but there just aren't very many good neighbors to Iran that we (the US) are likely to trust with nuclear power. Anyway, I digress. We are at a weak point internationally, and this is not helped by the Democrat-controlled legislature. Iran will not back down until there is a legitimate threat of invasion,

Christian Rock Doesn't Suck...

...anymore. Heaven knows it did, at least to someone with tastes like mine. I spent quite a bit of time in the "gaming" community (Doom, Quake, Unreal Tournament, and now XBox games) and for some strange reason this interesting form of "melodic heavy metal" is immensely popular there. For those of you who don't know what I'm talking about, the best example I can give you is Evanescense . When Evanescence came out, they were quite popular, and most people thought they were a novel new sound. Those in the Internet communities I hung around knew about tons of bands who had been doing this female-led heavy metal for quite a while. It is these secular bands that I have had a hard time getting away from. Bands like: After Forever, Nightwish, Edenbridge, Lacuna Coil, Darkwell and Within Temptation. Other bands with similar (albeit male lead) sounds include Gammaray, Stratovarius, Therion, Luca Turilli/Rhapsody, and others. If you want a fun tool to see what

Oh, The Irony Of It All!

First, we hear that Tom Cruise is actively pursuing the Beckhams (specifically, Victoria Beckham) to join his profitable little Scientology cult. This spiritual change on Victoria's part was the subject of rumors as to why the Beckhams were looking at moving to L.A. Now, it appears that David chose to bring his family to LA to get the best care available for his son, Romeo, who has epilepsy . If this new revelation is true, I applaud David and Victoria for their move. Furthermore, this is the kind of exposure that helps raise awareness (and money) for these kinds of medical conditions. Buuuut, I am concerned about Cruise's attempts to drag the Beckhams into Scientology. With any luck, the Beckhams are South Park fans and have an idea as to how wacky the cult is. Maybe it would help Victoria if she were to read this . Or this . I understand that David and Tom are close friends, but if my "close friend" tells me to forego medicine for my epileptic kid (because he&

Reading List

Here are the books I picked up in the last few weeks. "Picked up" means I already own them, and I found need (or desire) to reference them. I haven't bought anything new for the last few months. For those of you uninterested in religion, I'll list the secular stuff first: Applied Cryptography - Bruce Schneier. (I would recommend "Secrets and Lies" to every IT person on the face of the Earth. It's that important). This book is actually a good read, despite the dry subject matter. How The Mind Works - Steven Pinker. Self-descriptive title. I read this beginning-to-end years ago, and found need to reference it again. I need to give it a full read again so I can remember exactly why I found it so interesting! In the mean time, I needed to verify some ideas I had in a discussion with my teenage daughter. Surfing Through Hyperspace - Clifford Pickover. This book does an awesome job of explaining multiple dimensions in laymans terms. Unfortunately,

"Do you really believe...

...what you believe, or do you have doubts?" -text message This is the single most thought provoking question I have been asked in the last week or so. Don't laugh, I get a ton of thought provoking questions at work and at home. This particular one came from someone very close to me who does not share my worldview (he is "skeptical" about religion). My immediate answer was "no". Furthermore, I amended that I struggle with people who do have doubts. Not personally, I just don't understand them. Didn't. Now I am doubting my answer. Thought provoking. I truly do not have doubts about my faith. I haven't for quite some time (ten-plus years). Of course, I will concede that in that time I have lead a rather charmed life. Great wife, great kids, great parents and siblings. Great friends, and great jobs. No unexpected deaths, and my critical job loss was followed up with a miraculous series of job offers over a *very* short period of time.

Future (Present?) of Privacy

You have no privacy. You can take my statement one of two ways: the ramblings of one who fears God and knows that God knows all that has been, is, and will be, or you can view it as the ramblings of one who has faith that we will not destroy ourselves (completely) before we develop amazing new technologies in the next 1000 years. Your choice. For the sake of this argument, however, I'm going to focus on #2 (which is what some of you may think this article is...a bunch of #2) As I did with my post "The Future of Christianity I" , I will first look to the past to predict the future. Furthermore, I shall explain the present. Can you imagine being a murderer and getting away with your crimes (let's say Jack the Ripper) and you have someone from the future approach you and tell you that they were able to solve the murders using a technology that was unheard of (indeed, undreamt of) in your time? The "Jack the Ripper" case may be a far out example (for now) b