How do you manage your #InfoSec #CyberSecurity #Privacy #Policy #Security news intake?

I’m in the process of reevaluating my news feeds. The method is much the same as evaluating Cyber Security threat intelligence feeds. Is it:

  • Timely?
  • Accurate?
  • Actionable?
  • Updated?
  • Adding value?

I categorize my information intake in several ways:

  • News
  • Analysis, Editorial & Opinion (most blogs, podcasts, and personal social media feeds)
  • Technical
  • Press releases

With all of this, I find myself overwhelmed with data. Much is redundant and not adding value. Some adds value but isn’t timely. Some opinion is fopped of as news. Branded content permeates.

What sources do you use? How to you consume them? How do you value them?

The Strange WannaCry Attribution

I’ve been trying to figure out why the U.S. government thought it was useful to attribute the WannaCry attack to North Korea

The Strange WannaCry Attribution:

I’ve been trying to figure out why the U.S. government thought it was useful to attribute the “WannaCry” attack to North Korea …

… I must be missing something here. Probably what I am missing is that the public attribution sends an important signal to the North Koreans about the extent to which we have penetrated their cyber operations and are watching their current cyber activities. But that message could have been delivered privately, and it does not explain why the United States delayed public attribution at least six months after its internal attribution, and two months after the U.K. had done so publicly. Perhaps the answer to the delay question, and another thing I am missing, is that the public attribution is part of larger plan related to a planned attack on North Korea because of its nuclear threat. Bossert’s unconvincing op-ed and incoherent press conference wouldn’t support either interpretation; and if either interpretation is right, it still comes at a cost to general deterrence. But perhaps, surely, hopefully, there is more here than meets the eye.

(Via Lawfare – Hard National Security Choices)

This WannaCry Attribution was a head scratcher for me, too. Listeners of the late lamented PVC Security podcast know that I am generally not a fan of attribution, or more specifically see only limited real life usefulness for 97% of companies’ and individuals’ security. For governments, intelligence agencies, the military, and law enforcement there is more value, but how much value so far after the fact?

This piece by Jack Goldsmith lays out pretty much every issue I have with this plus provides something of a timeline for those for whom this is ancient history (in security terms, anyway).

Got a theory or opinion on this?

[2017] Emergency Preparedness

I am a big fan of planning for “the Big Dark”, where the power is out for more than 3 days. Analog systems, like printed and hand-written records, will be more useful. 

Remember: Emergency preparedness isn’t only for you. it is also so others can contact you when something bad happens to them.

There are drawbacks, mostly around family dynamics this article assumes are moot when emergencies happen.

Note: These are my recommendations. Your mileage may vary. I look forward to constructive input on how best to prepare in the digital age.

Keep an off-line list of emergency info & numbers with you

There was a time where people either knew important numbers and information or carried a address book – a printed out, dead tree address book – and a much of change to use a pay phone (remember those?) to call people. We need to embrace at least a subset of that.

Your health insurance information should be in here. Insurance providers, policy information, doctors information, and maybe prescriptions information should be included.

In certain countries you may need your ID number as well (though US residents should NOT carry their Social Security card or number).

How about this: keep the numbers of your family and close friends in case your phone dies. I could not call anyone except my children if my phone failed, and they don’t often answer their phones – especially from an unknown caller.

As I’m living in a foreign country I carry a card or two that I can use to get me home. In case you’re traveling, disoriented, or inebriated having a card or two to help you get home can be a life saver.

Carry a bit of cash with you, too, in your wallet.

Keep an off-line list of emergency info & numbers at home

This should be a superset of what you carry with you. Your actual cards and birth certificates and stuff (if they are not in a safe deposit box already) should be in a ready-to-carry locked fireproof box in case of emergency. Bank account information, other financial records, and whatever else needed to rebuild after a disaster should be in here.

Throw some currency in the box, too. While it is in there it isn’t working for you, gaining interest or buying food. But if the power goes out no credit or debit card will help. Having cash will help.

[iOS] Enable Emergency Bypass in iOS 10:

I’ve used the Do Not Disturb feature in iOS since it was introduced. This feature allows you to set “quiet times” when your device won’t alert you with notifications, including phone calls and text messages. It can be activated manually or set to activate at recurring times. I have my set to activate from 10:00 p.m. – 6:00 a.m. each day, mainly to avoid “wrong number” calls at all hours of the night.

You have always been able to set a specific group of people you want to exclude from the Do Not Disturb settings. This can be a group you designate in your Contacts or your iPhone’s Favorites list. For years I’ve created a contacts group called “VIP” that I had excluded from Do Not Disturb that included family and a few close friends and other important numbers. While this is handy, it may not cover everyone you want to be able to reach you in the event of an urgent matter. With iOS 10, you have more granular control and can now set contacts on an individual basis to bypass the Do Not Disturb Settings.

To activate the feature select the contact card you want to exclude, edit the contact and select ringtone. At the top of the ringtone menu you’ll now see a toggle for “Emergency Bypass”.

… This is a segment of an article that first appeared in the November Issue of ScreencastsOnline Monthly Magazine. ScreenCastsOnline monthly magazine is packed with hints, tips, articles and links to streamable versions of ScreenCastsOnline tutorials and delivered monthly on the iPad. You can find out more at https://www.screencastsonline.com/membership_benefits/

(Via KatieFloyd.me)

I am not sure if Android offers a similar feature.

[Android] Use Google’s Trusted Contacts App

Trusted Contacts runs on top of a pretty simple concept, with the tap of a button an approved list of people can request your location from wherever they may be. Users will need to manually approve who can request their location, and once a request is sent, the user will have 5 minutes to approve or decline the request before the app automatically approves and sends it.

This app takes things up a notch as well by adding offline support, in a sense. If a user heads outside of active cell service and internet access, the app will report the last known location for that user 5 minutes after a request is sent. Contacts can also “walk each other home,” virtually. This essentially enables one user to keep track of another user’s location as a live feed.

… Before you can share your location, though, you first have to go through the process of adding contacts to the application…

How to add contacts:

  1. Open the Trusted Contacts application
  2. If this is the first time setting up the application, Trusted Contacts will walk you through adding contacts
  3. To set up new contacts, either tap on the Add contacts button found at the bottom of the home screen or open the menu by selecting the Menu button in the upper left-hand side of the screen and tap on the Add contacts option
  4. Here you can search through the contacts on your device and select Add next to the individual to send them an invitation to be a trusted contact

(Via 9to5google.com)

i am not sure if iOS offers a similar feature.

Set up lock screen emergency information

This is a old tip but still useful.

Basically take a picture of contact information and make it your device’s lock screen. Tailor the content to provide what is needed without going overboard. Imagine you are passed out on the sidewalk and the only thing people can get to is your phone’s lock screen. What is the critical information you can provide on there that doesn’t open you up to identity theft?

I find this more useful than the login banner message most devices support. One doesn’t have to wait for the message to scroll, where almost all users put the contact email or phone number.

What else?

What other things, simple and inexpensive and effective, that folks should do?

My latest Thursday, 20160908

It’s a rainy, hurricane #Tokyo today. Yesterday was earthquake Tokyo.
@edgarr0jas and I recorded @pvcsec #EP78. I edited and uploaded #EP77 but the show notes are slow going. Someone deleted last week’s run sheet. No @timothydeblock or @cmaddalena or @infosecsherpa, sadly.
I’ve been diving into #blockchain and #fintech during breaks working on a client deliverable.
I can’t help but chime in on the @apple announcement: I’m glad I bought my iPhone 6s+ a few weeks ago. I think there might be a run on them (https://apple.news/AtodeT67IQiKYmKB2s3fvvA).
Big security day today, product and provider oriented. @Dell finished their @EMCcorp acquisition ( http://www.wsj.com/articles/dell-closes-60-billion-merger-with-emc-1473252540), @HPE sold their enterprise software to @MicroFocus (whomever they are; http://reut.rs/2ckMx4c), and @Intel spun off @McAfee Security (http://www.wsj.com/articles/intel-nears-deal-to-sell-mcafee-security-unit-to-tpg-1473277803).
Oh, and I’m playing around with http://www.dayoneapp.com.

Ad hoc operations in the SOC can lead to pain | Me on IDG.TV

At CircleCityCon, CSO’s Steve Ragan chats with Paul Jorgensen, host of the PVC Security Podcast, about ad hoc processes within many security operations centers (SOCs) and how organizations can prevent these types of mistakes.

Source: Ad hoc operations in the SOC can lead to pain | IDG.TV

I relished talking with Steve Ragan at CircleCityCon in Indianapolis last weekend (Saturday 11 June 2016). He recorded us in a bite-sized elevator-pitch of a summary of a key point or two of my talk, “Top 10 Mistakes in Security Operations Centers, Incident Handling, and Incident Response”.

Yes, our first take failed. We were joined then by Chris Maddalena, my co-host from the PVC Security podcast. Chris couldn’t be bothered to join us for the redo, probably because he was busy winning the whole conference or something.

Not only was I moments away from my talk as Steve mentioned in the open; I left straight from my session to the airport en route to Tokyo for work. You can’t see my luggage lurking behind me in the video.

Many thanks to Steve and IDG.tv for having me on. It was fun, deja vu included.

p.s. – I think the rhyme in the title could have been exploited more #justsayin

Interim Symantec President Says Things, Causes Space/Time Rift To Open

Symantec will be filling an important product gap with its acquisition of Blue Coat Systems, Symantec’s interim president and chief operating officer Ajei Gopal said in an interview with Dark Reading this week.

Source: Symantec’s Purchase of Blue Coat Fills Critical Product Gap, Interim President Says

Translation:

Symantec was smart to buy my company, Blue Coat, and install me as the new president and CEO of Symantec. And as I’m the new Symantec head honcho I agree with the comments made by the former president and CEO of Blue Coat, the company Symantec just acquired.

And thus the PR multiverse folded in upon itself.

Presentation: Top 10 Mistakes in SOC, IH & IR from @CircleCityCon

Here is the PDF with speaker’s notes of my CircleCityCon 2016 talk: Top_10_SOC_CCC2016

The video of my talk is here.

I thoroughly enjoyed speaking at the conference. Thank you to the audience, who were fantastic. I would be remiss if I did not also thank the CCC organizers for bestowing the honor of speaking upon me.