cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

The Actuator - December 4th

Level 17

Good morning! By the time you read this post, the first full day of Black Hat in London will be complete. I share this with you because I'm in London! I haven't been here in over three years, but it feels as if I never left. I'm heading to watch Arsenal play tomorrow night, come on you gunners!

As always, here's a bunch of links I hope you find interesting. Cheers!

Hacker’s paradise: Louisiana’s ransomware disaster far from over

The scary part is that the State of Louisiana was more prepared than 90% of other government agencies (HELLO BALTIMORE!), just something to think about as ransomware intensifies.

How to recognize AI snake oil

Slides from a presentation I wish I'd created.

Now even the FBI is warning about your smart TV’s security

Better late than never, I suppose. But yeah, your TV is one of many security holes found in your home. Take the time to help family and friends understand the risks.

A Billion People’s Data Left Unprotected on Google Cloud Server

To be fair, it was data curated from websites. In other words, no secrets were exposed. It was an aggregated list of information about people. So, the real questions should now focus on who created such a list, and why.

Victims lose $4.4B to cryptocurrency crime in first 9 months of 2019

Crypto remains a scam, offering an easy way for you to lose real money.

Why “Always use UTC” is bad advice

Time zones remain hard.

You Should Know These Industry Secrets

Saw this thread in the past week and many of the answers surprised me. I thought you might enjoy them as well.

You never forget your new Jeep's first snow.

jeepsnow.jpg

31 Comments
Level 12

I worked for a government agency in Washington when ILOVEYOU hit. Yes, I received an email from the governor saying he loves me.

The state email team blocked access to the Exchange servers until they got a script in place to remove the attachment from any email with that worm. But, before doing so, one supervisor I worked with violated state IT policy by demanding subordinate passwords then again by logging into her workstation and opening her email program. When that subordinate returned from vacation, she asked us about the worm before starting her work for the day. Then she found the email, found the attachment, and opened it!

Ever since then I've been convinced that such foolish actions need to become cause for termination, along with leaving your password on a Post-It next to your monitor. Such policies, along with user training regarding standards and policies, may significantly reduce the risk of ransomware in government and corporate environments. This would have saved Louisiana and Boston.

I see your Jeep's first snow, and raise you my first snow of the season (23").

pastedImage_0.png

I feel for Louisiana, and any other victims of Ransomware.  Sometimes I feel insufficient protection from malware and hacking can be the result of decision-makers not providing the right training to employees so they can be SME's and ensure the right products are recommended and budgeted for, and all employees understand safe procedures.

Those decision makers can be CXO's or owners operating SOHO's, but they can also be legislators and voters.  When a person runs on the platform of "vote for me and I'll cut your taxes", they rarely include the rest of the story.  It might be "vote for me and I'll reduce funding for your government's data protection along with funding for road and school maintenance, public protection (police and fire departments), and more."  Hopefully we don't ever run into a case where an IT person recommended a good solution that was denied because someone's ignorance resulted in insufficient budget allocation for training and preventative and protective applications and environments.

The AI Snake Oil slides were encouraging.  Their authors might be missing some of the point when they mention certain items are of "ethical concern" due to their enhanced ability to fool the public even after some basic research.  The Ethical Concern is not that someone did a better job creating a lie that was harder to discover, but that they considered telling a falsehood in the first place.

Let's focus on doing better jobs with educating children and catching & punishing offenders.  That's the way to a better and brighter tomorrow.  Along with educating today's users to be more skeptical and less trusting.  A higher hurdle, indeed!

When anyone who cares has read the risks of IoT devices and continued using them, what hope is there for the average consumer when it comes to them increasing their vulnerabilities by buying IoT devices without understanding how to secure them?

It sure seems this is a great case of turning to the government for laws preventing IoT from happening at all, or at least making it difficult to exploit those devices.

The industry isn't doing it, consumers are blissfully ignorant; who else, besides the government, can take action?

If you think the question is "who created such a list, and why", surely the answer is "It doesn't matter who created it unless you can catch and punish them--IF they broke a law.  They did it for money and/or power, provided by those who leverage that information for illegal purposes."

When fraud and theft and other crimes are directly associated with crypto-currency, it's simple to show someone the risks.  It's simple to make it illegal.

You can lead people to knowledge, but you cannot make them think.

It's a sad commentary that so many have chosen unethical behavior for their income sources, and equally sad the rest of the people seem content in being victims merely for the chance at futures that are not guaranteed.

I'd no idea time zones were so hard until I researched it in the last few years.  Our records have veracity through correlation of NTP, but all our businesses work in the same time zone.  I don't like to imagine the vulnerabilities accompanying being in more than one time zone.  Especially for those smaller, lesser-known time zones.

Thanks for sharing this one.

The article about Industry Secrets is excellent!

Level 13

As always, thanks for a bunch of great links.  I particularly enjoyed the industry secrets and the AI snake oil, being exposed to those on a nearly daily basis.

Level 12

This is my favorite part of Wednesdays.

Level 13

Love the Jeep by the way.  Great color.

Level 14

Great color on the Jeep!! sqlrockstar

BTW 14" of snow in coastal Maine this morning! (our first storm too! ---- not as good as yours rschroeder​ )

State and local governments often lack the resources needed to keep the barbarians away from the gate. In smaller communities a "he/she knows computers" person is often doing the work in addition to their regular job. This problem is only going to get worse!

When will people realize the crypto-currency is a pit of quicksand?

Level 12

Haha, he called that snow!

I am a little south of you, down in the cities. We didn't get as much snow as you but were blessed with freezing rain. All in all, I'd rather have the snow!

Level 14

Thanks for the articles! 

MVP
MVP

Cool article.

MVP
MVP

I share this with you because I'm in London! I haven't been here in over three years, but it feels as if I never left. I'm heading to watch Arsenal play tomorrow night, come on you gunners! - Nice, have a great time

MVP
MVP

You never forget your new Jeep's first snow -

MVP
MVP

Hacker’s paradise: Louisiana’s ransomware disaster far from over - Hmm

MVP
MVP

How to recognize AI snake oil - Good write up.

MVP
MVP

Now even the FBI is warning about your smart TV’s security - New technology always comes with Un calculated risks and that is where certain norms should be set before its released. As always unless we use new technology we wouldn't know much about what norms to be set as well apart from the generic standards, hence they should come up with a rule where you can always challenge new technology after a certain period of time and it needs to be validated against the new norms set for continued productivity and sales.

MVP
MVP

A Billion People’s Data Left Unprotected on Google Cloud Server - So they are still tracking how and from where did the data come from

MVP
MVP

Victims lose $4.4B to cryptocurrency crime in first 9 months of 2019 - Hmm security, security, security is what they need ..................

MVP
MVP

Why “Always use UTC” is bad advice - Timezones no matter what you capture make sure you capture this in your requirement when are installing a monitoring tool for a customer and keep it simple and clear and tell them this is the timezone that we are going with

MVP
MVP

It depends....if you have to coordinate events across multiple time zones across a continent or hemisphere, UTC is the way to go but understanding the offset to local time is important too.

MVP
MVP

You Should Know These Industry Secrets - Nice

MVP
MVP

Merry Christmas to all of you

Level 11

Thanks for the articles.  A little snow builds character!

Level 14

I just re-read the AI Snake oil slides..... AI is data interpretation... no more no less. And like all interpretations vary based on the interpreter's backgrounds, bias and other extraneous factors.

This is just another in a long line of Doctor Feelgood's "Magic Elixer" promises that we as humans pine for but deliver little real satisfaction.

Level 12

snow snow, i love it

Level 12

here in italy it's too hot. i hope will snow for xmas

About the Author
Thomas LaRock is a Head Geek at SolarWinds and a Microsoft® Certified Master, SQL Server® MVP, VMware® vExpert, and a Microsoft Certified Trainer. He has over 20 years experience in the IT industry in roles including programmer, developer, analyst, and database administrator.