cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

The Actuator - August 7th

Level 17

Heading to Las Vegas this week for Black Hat. In preparation, I'm bringing a burner phone, wrapping it and my laptop in foil, and then burning them both when I head to the airport to leave.

As always, here are some links I hope you find interesting. Enjoy!

Woman arrested after Capital One hack spills personal info on 106 million credit card applicants

Secure your S3 buckets, y'all. This is a known attack vector, highlighted here as a "configuration vulnerability."

What We Can Learn from the Capital One Hack

Good summary of details regarding the "configuration vulnerabilities" existing within the open source code deployed by Capital One.

GitHub sued for aiding hacking in Capital One breach

This seems to be a stretch, but it's interesting to note. I'm not certain how GitHub is supposed to recognize leaked data is being stored (it could be fake data), or how they should verify code is secure.

Computer Science Curriculums Must Emphasize Privacy Over Capability

I like the idea, but don't think it's enough. Because most of the folks working in IT aren't CS majors, maybe we should have all fields of study include basic privacy and security information, too.

Google’s File on You is 10 Times Bigger Than Facebook’s — Here’s How to View It

In case you were wondering about the data Google is tracking as you surf the web.

All the best engineering advice I stole from non-technical people

A bit long, but worth your time.

NASA has created food out of thin air and it could be the solution to global hunger

Seems promising, but you'll have my full attention when you create bacon from thin air.

Got tired of mowing grass between the newly planted shrubs, so we built a new border path. At this rate, we won't have any grass to mow by 2021.

border.JPG

46 Comments
Level 14

I know my curriculum had a whole semester on cyber law.  We covered privacy, PPI, and the ethics of securing other peoples data.

Level 9

Following the law suit against GitHub.  Sounds like RegEx would have helped?

Level 16

Capital One blames a “configuration vulnerability” on their cloud server.

Level 16

@ sqlrockstar Nice job on the landscaping!

Level 13

As always, thanks for a bunch of great links.  I had no idea you could look at Google's history on you.  Pretty fascinating in the same say a car accident is.

The Capitol One breach highlights one of the biggest problems with security and public cloud - it's far too easy to leave holes you have no idea are there and can't tell if/when they are being exploited.  The me too rush doesn't favor things improving.

Loved the Marianne Bellotti post.  Definitely a worthwhile read.

Level 14

Thanks for the articles!  I especially enjoyed the advice from non-technical people one....

Level 12

327 million Americans. 100 million credit applications. I'm sure there are people who have applied more than once, potentially people outside of the US have applied, and applications from companies. Has 1/3rd of the US really applied for a credit card with one bank?  I wonder if this data also included "pre-approved" applications.

MVP
MVP

Nice article

MVP
MVP

Got tired of mowing grass between the newly planted shrubs, so we built a new border path -

Level 12

My goal is also zero mowing , unfortunately the decision maker likes grass .

MVP
MVP

Googles data gathering/processing is even more insidious.

They read your email and then pop up schedule reminders (say for a bill that has a due date coming up).

I encountered this recently on my phone....that is pretty much beyond what they should do.

That Capitol One hacker was reportedly a white hat.  Reportedly a former Amazon employee.

One doubts her white hat intent when she didn't immediately report the vulnerability to Capitol One, and when she (again, reportedly) accessed many files that would be valuable to the dark net.

Probing without permission and authority turns out to be a career-limiting decision.

I'm disappointed the things we can learn from the Capitol One hack don't result in advice to stop using the Internet for personal and financial data.  Sure, it would be inconvenient and cost ridiculous amounts of money to many corporations to leave it now.  But . . . isn't that exactly what happens each time PII and PCI is lost or compromised or stolen?

Continuing to do something that has a negative result isn't the sign of high intelligence.  Perhaps a sign of unwillingness to change, or a sign of greed.

Lumping GitHub into the list of defendants does seem to be a desperate attempt to spread the blame and possibly get more money in recompense, or at least more money for law firms.

Training IT people about privacy seems like something that is assumed from Day One, and if it's not taught, the folks responsible for the education/training of IT staff are culpable and should be held responsible and liable.

Even twenty years ago when Cisco began deploying their labs into public schools, the training included a section on ethics and moral behavior and responsibility.  However, at that age (14-18 years) it's not clear that the training was enough.  In some cases it may have even been enough to cause the curiosity that made students do things they suspected weren't proper, and which were difficult to discover and sometimes nearly impossible to assign blame.

If you haven't at least skimmed this book, you might not have a clue about what kids were getting into twenty years ago.  Some of those kids went to jail, but many simply spread their knowledge and promoted the spread of script-kiddies.

pastedImage_0.png

Worry about what today's kids are doing.

Worry about what kids from early 2000's are doing today.

Googles Files On You--depressing and scary stuff.

Remind me to send myself a time-machine snail-mail letter.  Maybe a couple, targeting me in 1980 and 1990.  Include a copy of that article, and some definitions of what the Internet is (will be).

Maybe I'll crawl into a hole and plug it behind me.  Find an occupation that doesn't require the Internet to get by.  Although, I'm not sure what that could be in today's world.  It seems like nearly everything has an Internet resource.  Even Mongolian yurts and their stubby-legged horses.

Maybe go back a few thousand years and find a way to encourage/enforce good morals and good ethical behavior?  Naw, even if the time travel were possible, I'm pessimistic about people and their willingness to do better.

The article about learning the best skills from non-technical people is a good one.  Thank you for sharing it!

Although I love the idea of getting bacon right out of thin air, more food--even at very-reduced costs--isn't the answer I look toward for correcting and preventing world hunger.

The immediate answer is altruism.

The long-term solution is fewer people--at least until we have a quantum breakthrough in FTL travel and energy and transporter technology.  And honor.

I was tired of mowing grass, too.  My solution:  build a home beneath towering Red or White Pines.  Their needles make the soil quite acid, and I rarely need to mow.

Another solution I tried and liked was bringing in black dirt for over the sandy loam and clay and seeding it with clover.  I never needed to mow the clover, and it was a delightful attraction for Ruffed Grouse, Marmots, and White-tailed Deer.  It's only drawback is it doesn't self-seed over time, and one must either reseed or become resigned to grass or other native plants eventually replacing the clover.

It was sweet while it lasted!

Level 12

Suing GitHub is just someone hoping they have deep pockets. When you want to sue, look for any potential defendant that may have money then sue for so much that it's in their best interests to settle.

And attorneys wonder why people don't like them.

Level 14

Just went to mowing better than half an acre to less than 5K sq ft when I relocated..... SO MUCH BETTER!   Looks awesome sqlrockstar

Capital One - They just provided the answer to "what's in your wallet?"

Level 12

I'd say it's more like "Who's in your wallet?"

Another example of having to trust someone else in order to do business in the modern economy.  A whole industry has been born to monitor and protect our identities due to a combination of criminals and lazy/uncaring/incompetent security practices across a broad swath of companies.

An ethics course really is a necessity for computer support persons, similar the ones that lawyers and business people must take.  (Yes, I know those aren't universally preventative, but they do have some effect.)

Grass sucks.  It is a terrible waste of resources, useless as a crop, looking only mildly attractive even with ridiculous amounts of work.  I've been steadily replacing my lawn with gardens, shrubs, bushes, and trees, striving for local native species.  I also don't mow very often, and leave the grass long so it doesn't go brown easily.  It's not a golf course!

Level 20

Nice garden there sqlrockstar​ Thomas!  I love gardening although it's much different for me now after moving from the midwest to the desert of Arizona.  When in the midwest I was a member of the American Hemerocallis Society and bread many of my varietals.

American Daylily Society

Desert gardening is much different but it's still a big thing.  Here's it's called being a Master Gardener:  Master Gardener | Cooperative Extension | The University of Arizona

Level 16

Of the 327 million around 22 percent are under 18. A good number of the ones over 18 have several cards. I wouldn't doubt the 100 million number.

Level 16

Instead of Zero mowing try a Zero turn mower A lot of fun!

MVP
MVP

Woman arrested after Capital One hack spills personal info on 106 million credit card applicants - Hmm

MVP
MVP

What We Can Learn from the Capital One Hack - agree to it

MVP
MVP

GitHub sued for aiding hacking in Capital One breach -

MVP
MVP

Computer Science Curriculums Must Emphasize Privacy Over Capability - Good thought

MVP
MVP

Google’s File on You is 10 Times Bigger Than Facebook’s — Here’s How to View It - lol nice

Level 13

Thanks for the articles.

Nice article. Thanks for the links.

Level 14

More interesting.  The FBI were able to track her down after being told who she was and her actually admitting it on line.  Well done the FBI.

Level 14

What can we learn from the Capitol One hack.  Big companies are really bad at security.  Public cloud just makes stuff less secure.  Management caused the issue by refusing to pay for stuff to be done properly but some scapegoat will be fired.  Lessons have not been learned.  Trust no-one and wear a tinfoil hat.    

Level 14

GitHub being sued.  Amurika really is messed up.  This should be thrown out before it gets anywhere near a court of law but I imagine it won't and GitHub will lose.

The UK isn't any better.  Someone was compensated for slipping on some pigeon poo at a railway station.  I'd hate to see the size of the pigeon that did something big enough for me to fall over slipping on it.  

Level 14

Computer Science curriculums.  Maybe they should focus on teaching something useful.  In the past few years I've had to deal with so many graduates who can barely turn on a computer and who have absolutely no idea of how to diagnose a problem.  They still believe they can teach me how to do things correctly though.  I soon disabuse them of that idea.  30 years working in IT support (and a degree in Computer Science when computer science involved designing and building logic circuits, writing software in assembler and making disparate systems talk to each other) really does trump whatever they are teaching nowadays.

Level 14

Google.  Just to throw them off a bit I randomly access websites that I have no interest in and wait for someone to e-mail me trying to sell me whatever curd they sell.  I then reply telling them they are mistaken and whoever sold them my details were just taking them for a ride.  I know it won't make any difference until loads of people do it.  Then people will start to mistrust the data and we win. 

Level 14

All the best engineering advice I stole from non-technical people

Now that really was well worth reading.  All very true too.  I always encourage people to come up with ideas no matter how daft they think they are.  Sometimes it is the thing that someone thinks is really stupid that actually helps us fix whatever the problem is.  Sometimes the only way to fix something a really stupid user does is to lower yourself to their level.

Level 14

If the NASA food thing isn't a late April Fool joke then it is huge.  CO2 capture is seen as really important in the fight against global warming (climate change), where do we store what we capture and parts of the world don't have enough food.  Seems like a WIN,WIN, WIN situation.  If it is true and can be mass produced then it will be interesting to watch where this goes.

Level 14

Hmmmm.  Think I will dig up my garden and tarmac it over.  Good thinking batman.

Level 14

true.. Exploiting weakness is not a new phenomenon...... it's just that in the 21st century the consequences are costly and dangerous!

MVP
MVP

All the best engineering advice I stole from non-technical people - Nice article

MVP
MVP

NASA has created food out of thin air and it could be the solution to global hunger - perfect

MVP
MVP

MVP
MVP

Yeah .. me too!!!  

MVP
MVP

I keep waiting for a picture a burning laptop and phone!

About the Author
Thomas LaRock is a Head Geek at SolarWinds and a Microsoft® Certified Master, SQL Server® MVP, VMware® vExpert, and a Microsoft Certified Trainer. He has over 20 years experience in the IT industry in roles including programmer, developer, analyst, and database administrator.