Category Archives: Basic Lessons

Security is mostly a superstition. It does not exist in nature…. Life is either a daring adventure or nothing.

~ Helen Keller (1880 – 1968), The Open Door (1957)

Schneier’s Latest: Liar’s and Outliers

He has modified a chapter in a recent IEEE article:

And this video has a number of interesting thoughts (the comments are interesting as well:

Schneier on Security: How Changing Technology Affects Security

{youtube}hgEQfDV6NnQ{/youtube}

And now this, part of Chapter 17 from Gizmodo:

How to Trust Your Neighbors in a Networked World

Liars and Outliers by Bruce Schneier explains how civil structure continues advancing despite our best efforts.

Society can’t function without trust, and our complex, interconnected, and global society needs a lot of it. We need to be able to trust the people we interact with directly: as we sit next to them on airplanes, eat the food they serve us in the cabin, and get into their taxis when we land. We need to be able to trust the organizations and institutions that make modern society possible: that the airplanes we fly and the cars we ride in are well- made and well-maintained, that the food we buy is safe and their labels truthful, that the laws in the places we live and the places we travel will be enforced fairly. We need to be able to trust all sorts of technological systems: that the ATM network, the phone system, and the Internet will work wherever we are. We need to be able to trust strangers, singly and in organizations, all over the world all the time. We also need to be able to trust indirectly; we need to trust the trust people we don’t already know and systems we don’t yet understand. We need to trust trust.

Making this all work ourselves is impossible. We can’t even begin to personally verify, and then deliberately decide whether or not to trust, the hundreds-thousands?-of people we interact with directly, and the millions of others we interact with indirectly, as we go about our daily lives. That’s just too many, and we’ll never meet them all. And even if we could magically decide to trust the people, we don’t have the expertise to make technical and scientific decisions about trusting things like airplane safety, modern banking, and pharmacology.

Writing about trust, economist Bart Nooteboom said: ” Trust in things or people entails the willingness to submit to the risk that they may fail us, with the expectation that they will not, or the neglect of lack of awareness of that possibility that they might.” Those three are all intertwined: we aren’t willing to risk unless we’re sure in our expectation that the risk is minor, so minor that most of the time we don’t even have to think about it.

That’s the value of societal pressures. They induce compliance with the group norms- that is, cooperation-so we’re able to approximate the intimate trust we have in our friends on a much larger scale. It’s not perfect, of course. The trust we have in actions and systems isn’t as broad or deep as personal trust, but it’s good enough. Societal pressures reduce the scope of defection. In a sense, by trusting societal pressures, we don’t have to do the work of figuring out whether or not to trust individuals.

By inducing cooperation throughout society, societal pressures allow us to relax our guard a little bit. It’s less stressful to live in a world where you trust people. Once you assume people can, in general and with qualifications, be trusted to be fair, nice, altruistic, cooperative, and trustworthy, you can stop expending energy constantly worrying about security. Then, even though you get burned by the occasional exception, your life is still more comfortable if you continue to believe.

We intuitively know this, even if we’ve never analyzed the mechanisms before. But the mechanisms of societal pressure are important. Societal pressures enable society’s doves to thrive, even though there’s a minority of hawks. Societal pressures enable society.

And despite the largest trust gap in our history, it largely works. It’s easy to focus on defection-the crime, the rudeness, the complete mess of the political system in several countries around the world-but the evidence is all around you. Society is still here, alive and ticking. Trust is common, as is fairness, altruism, cooperation, and kindness. People don’t automatically attack strangers or cheat each other. Murders, burglaries, fraud, and so on are rare.

We have a plethora of security systems to deal with the risks that remain. We know how to walk through the streets of our communities. We know how to shop on the Internet. We know how to interact with friends and strangers, whether-and how-to lock our doors at night, and what precautions to take against crime. The very fact that I was able to write and publish this book, and you were able to buy and read it, is a testament to all of our societal pressure systems. We might get it wrong sometimes, but we largely get it right.

At the same time, defection abounds. Defectors in our society have become more powerful, and they’ve learned to evade and sometimes manipulate societal pressures to enable their continued defection. They’ve used the rapid pace of technological change to increase their scope of defection, while society remains unable to implement new societal pressures fast enough in response. Societal pressures fail regularly.

The important thing to remember is this: no security system is perfect. It’s hard to admit in our technologically advanced society that we can’t do something, but in security there are a lot of things we can’t do. This isn’t a reason to live in fear, or even necessarily a cause for concern. This is the normal state of life. It might even be a good thing. Being alive entails risk, and there always will be outliers. Even if you reduced the murder rate to one in a million, three hundred unlucky people in the U.S. would be murdered every year.

These are not technical problems, though societal pressures are filled with those. No, the biggest and most important problems are at the policy level: global climate change, regulation and governance, political process, civil liberties, the social safety net. Historically, group interests either coalesced organically around the people concerned, or were dictated by a government. Today, understanding group interests increasingly involves scientific expertise, or new social constructs stemming from new technologies, or different problems resulting from yet another increase in scale.

Philosopher Sissela Bok wrote: “…trust is a social good to be protected just as much as the air we breathe or the water we drink. When it is damaged the community as a whole suffers; and when it is destroyed, societies falter and collapse.” More generally, trust is the key component of social capital, and high-trust societies are better off in many dimensions than low-trust societies. And in the world today, levels of trust vary all over the map-although never down to the level of baboons.

We’re now at a critical juncture in society: we need to implement new societal systems to deal with the new world created by today’s globalizing technologies. It is critical that we understand what societal pressures do and don’t do, why they work and fail, and how scale affects them. If we do, we can continue building trust into our society. If we don’t, the parasites will kill the host.

 

Schneier’s Latest: Liar’s and Outliers

He has modified a chapter in a recent IEEE article:

And this video has a number of interesting thoughts (the comments are interesting as well:

Schneier on Security: How Changing Technology Affects Security

{youtube}hgEQfDV6NnQ{/youtube}

And now this, part of Chapter 17 from Gizmodo:

How to Trust Your Neighbors in a Networked World

Liars and Outliers by Bruce Schneier explains how civil structure continues advancing despite our best efforts.

Society can’t function without trust, and our complex, interconnected, and global society needs a lot of it. We need to be able to trust the people we interact with directly: as we sit next to them on airplanes, eat the food they serve us in the cabin, and get into their taxis when we land. We need to be able to trust the organizations and institutions that make modern society possible: that the airplanes we fly and the cars we ride in are well- made and well-maintained, that the food we buy is safe and their labels truthful, that the laws in the places we live and the places we travel will be enforced fairly. We need to be able to trust all sorts of technological systems: that the ATM network, the phone system, and the Internet will work wherever we are. We need to be able to trust strangers, singly and in organizations, all over the world all the time. We also need to be able to trust indirectly; we need to trust the trust people we don’t already know and systems we don’t yet understand. We need to trust trust.

Making this all work ourselves is impossible. We can’t even begin to personally verify, and then deliberately decide whether or not to trust, the hundreds-thousands?-of people we interact with directly, and the millions of others we interact with indirectly, as we go about our daily lives. That’s just too many, and we’ll never meet them all. And even if we could magically decide to trust the people, we don’t have the expertise to make technical and scientific decisions about trusting things like airplane safety, modern banking, and pharmacology.

Writing about trust, economist Bart Nooteboom said: ” Trust in things or people entails the willingness to submit to the risk that they may fail us, with the expectation that they will not, or the neglect of lack of awareness of that possibility that they might.” Those three are all intertwined: we aren’t willing to risk unless we’re sure in our expectation that the risk is minor, so minor that most of the time we don’t even have to think about it.

That’s the value of societal pressures. They induce compliance with the group norms- that is, cooperation-so we’re able to approximate the intimate trust we have in our friends on a much larger scale. It’s not perfect, of course. The trust we have in actions and systems isn’t as broad or deep as personal trust, but it’s good enough. Societal pressures reduce the scope of defection. In a sense, by trusting societal pressures, we don’t have to do the work of figuring out whether or not to trust individuals.

By inducing cooperation throughout society, societal pressures allow us to relax our guard a little bit. It’s less stressful to live in a world where you trust people. Once you assume people can, in general and with qualifications, be trusted to be fair, nice, altruistic, cooperative, and trustworthy, you can stop expending energy constantly worrying about security. Then, even though you get burned by the occasional exception, your life is still more comfortable if you continue to believe.

We intuitively know this, even if we’ve never analyzed the mechanisms before. But the mechanisms of societal pressure are important. Societal pressures enable society’s doves to thrive, even though there’s a minority of hawks. Societal pressures enable society.

And despite the largest trust gap in our history, it largely works. It’s easy to focus on defection-the crime, the rudeness, the complete mess of the political system in several countries around the world-but the evidence is all around you. Society is still here, alive and ticking. Trust is common, as is fairness, altruism, cooperation, and kindness. People don’t automatically attack strangers or cheat each other. Murders, burglaries, fraud, and so on are rare.

We have a plethora of security systems to deal with the risks that remain. We know how to walk through the streets of our communities. We know how to shop on the Internet. We know how to interact with friends and strangers, whether-and how-to lock our doors at night, and what precautions to take against crime. The very fact that I was able to write and publish this book, and you were able to buy and read it, is a testament to all of our societal pressure systems. We might get it wrong sometimes, but we largely get it right.

At the same time, defection abounds. Defectors in our society have become more powerful, and they’ve learned to evade and sometimes manipulate societal pressures to enable their continued defection. They’ve used the rapid pace of technological change to increase their scope of defection, while society remains unable to implement new societal pressures fast enough in response. Societal pressures fail regularly.

The important thing to remember is this: no security system is perfect. It’s hard to admit in our technologically advanced society that we can’t do something, but in security there are a lot of things we can’t do. This isn’t a reason to live in fear, or even necessarily a cause for concern. This is the normal state of life. It might even be a good thing. Being alive entails risk, and there always will be outliers. Even if you reduced the murder rate to one in a million, three hundred unlucky people in the U.S. would be murdered every year.

These are not technical problems, though societal pressures are filled with those. No, the biggest and most important problems are at the policy level: global climate change, regulation and governance, political process, civil liberties, the social safety net. Historically, group interests either coalesced organically around the people concerned, or were dictated by a government. Today, understanding group interests increasingly involves scientific expertise, or new social constructs stemming from new technologies, or different problems resulting from yet another increase in scale.

Philosopher Sissela Bok wrote: “…trust is a social good to be protected just as much as the air we breathe or the water we drink. When it is damaged the community as a whole suffers; and when it is destroyed, societies falter and collapse.” More generally, trust is the key component of social capital, and high-trust societies are better off in many dimensions than low-trust societies. And in the world today, levels of trust vary all over the map-although never down to the level of baboons.

We’re now at a critical juncture in society: we need to implement new societal systems to deal with the new world created by today’s globalizing technologies. It is critical that we understand what societal pressures do and don’t do, why they work and fail, and how scale affects them. If we do, we can continue building trust into our society. If we don’t, the parasites will kill the host.

 

Schneier’s Latest: Liar’s and Outliers

He has modified a chapter in a recent IEEE article:

And this video has a number of interesting thoughts (the comments are interesting as well:

Schneier on Security: How Changing Technology Affects Security

{youtube}hgEQfDV6NnQ{/youtube}

And now this, part of Chapter 17 from Gizmodo:

How to Trust Your Neighbors in a Networked World

Liars and Outliers by Bruce Schneier explains how civil structure continues advancing despite our best efforts.

Society can’t function without trust, and our complex, interconnected, and global society needs a lot of it. We need to be able to trust the people we interact with directly: as we sit next to them on airplanes, eat the food they serve us in the cabin, and get into their taxis when we land. We need to be able to trust the organizations and institutions that make modern society possible: that the airplanes we fly and the cars we ride in are well- made and well-maintained, that the food we buy is safe and their labels truthful, that the laws in the places we live and the places we travel will be enforced fairly. We need to be able to trust all sorts of technological systems: that the ATM network, the phone system, and the Internet will work wherever we are. We need to be able to trust strangers, singly and in organizations, all over the world all the time. We also need to be able to trust indirectly; we need to trust the trust people we don’t already know and systems we don’t yet understand. We need to trust trust.

Making this all work ourselves is impossible. We can’t even begin to personally verify, and then deliberately decide whether or not to trust, the hundreds-thousands?-of people we interact with directly, and the millions of others we interact with indirectly, as we go about our daily lives. That’s just too many, and we’ll never meet them all. And even if we could magically decide to trust the people, we don’t have the expertise to make technical and scientific decisions about trusting things like airplane safety, modern banking, and pharmacology.

Writing about trust, economist Bart Nooteboom said: ” Trust in things or people entails the willingness to submit to the risk that they may fail us, with the expectation that they will not, or the neglect of lack of awareness of that possibility that they might.” Those three are all intertwined: we aren’t willing to risk unless we’re sure in our expectation that the risk is minor, so minor that most of the time we don’t even have to think about it.

That’s the value of societal pressures. They induce compliance with the group norms- that is, cooperation-so we’re able to approximate the intimate trust we have in our friends on a much larger scale. It’s not perfect, of course. The trust we have in actions and systems isn’t as broad or deep as personal trust, but it’s good enough. Societal pressures reduce the scope of defection. In a sense, by trusting societal pressures, we don’t have to do the work of figuring out whether or not to trust individuals.

By inducing cooperation throughout society, societal pressures allow us to relax our guard a little bit. It’s less stressful to live in a world where you trust people. Once you assume people can, in general and with qualifications, be trusted to be fair, nice, altruistic, cooperative, and trustworthy, you can stop expending energy constantly worrying about security. Then, even though you get burned by the occasional exception, your life is still more comfortable if you continue to believe.

We intuitively know this, even if we’ve never analyzed the mechanisms before. But the mechanisms of societal pressure are important. Societal pressures enable society’s doves to thrive, even though there’s a minority of hawks. Societal pressures enable society.

And despite the largest trust gap in our history, it largely works. It’s easy to focus on defection-the crime, the rudeness, the complete mess of the political system in several countries around the world-but the evidence is all around you. Society is still here, alive and ticking. Trust is common, as is fairness, altruism, cooperation, and kindness. People don’t automatically attack strangers or cheat each other. Murders, burglaries, fraud, and so on are rare.

We have a plethora of security systems to deal with the risks that remain. We know how to walk through the streets of our communities. We know how to shop on the Internet. We know how to interact with friends and strangers, whether-and how-to lock our doors at night, and what precautions to take against crime. The very fact that I was able to write and publish this book, and you were able to buy and read it, is a testament to all of our societal pressure systems. We might get it wrong sometimes, but we largely get it right.

At the same time, defection abounds. Defectors in our society have become more powerful, and they’ve learned to evade and sometimes manipulate societal pressures to enable their continued defection. They’ve used the rapid pace of technological change to increase their scope of defection, while society remains unable to implement new societal pressures fast enough in response. Societal pressures fail regularly.

The important thing to remember is this: no security system is perfect. It’s hard to admit in our technologically advanced society that we can’t do something, but in security there are a lot of things we can’t do. This isn’t a reason to live in fear, or even necessarily a cause for concern. This is the normal state of life. It might even be a good thing. Being alive entails risk, and there always will be outliers. Even if you reduced the murder rate to one in a million, three hundred unlucky people in the U.S. would be murdered every year.

These are not technical problems, though societal pressures are filled with those. No, the biggest and most important problems are at the policy level: global climate change, regulation and governance, political process, civil liberties, the social safety net. Historically, group interests either coalesced organically around the people concerned, or were dictated by a government. Today, understanding group interests increasingly involves scientific expertise, or new social constructs stemming from new technologies, or different problems resulting from yet another increase in scale.

Philosopher Sissela Bok wrote: “…trust is a social good to be protected just as much as the air we breathe or the water we drink. When it is damaged the community as a whole suffers; and when it is destroyed, societies falter and collapse.” More generally, trust is the key component of social capital, and high-trust societies are better off in many dimensions than low-trust societies. And in the world today, levels of trust vary all over the map-although never down to the level of baboons.

We’re now at a critical juncture in society: we need to implement new societal systems to deal with the new world created by today’s globalizing technologies. It is critical that we understand what societal pressures do and don’t do, why they work and fail, and how scale affects them. If we do, we can continue building trust into our society. If we don’t, the parasites will kill the host.

 

Free Wireshark Training

Which is what Laura Chappell figured out and has dealt with. It isn’t for everyone in your organization, but someone in your organization should know this tool well enough to be certified in the use of it. DCinema networks are getting more complex as the shift to IMBs and more reliance upon TMSs and outside resources like satellites.

Chappell University – Online Wireshark Training

Wireshark · the world’s foremost netowrk protocol analyzer – Go deep.

That said, when I saw FREE on one of the training pages, I said, “Color me there.”

Chappell University – Training Schedule

 

2012 COURSE LIST

[Register] FEB 15 10am PST Wireshark 202: Coloring Rules free

[Register] FEB 16 10am PST Filter with Snort Rules [AAP Event]

[Register] MARCH 14 10am PST Wireshark 101: Introduction free

[Register] MARCH 15 10am PST Filter Expression Button [AAP Event]

[Register] APRIL 25 10am PST First 5 Troubleshooting Steps [AAP Event]

 

There is so much more to the Chappell website of course. On this page (Chappell University Online Portal) is a DVD ISO image with a Lab Kit, just the thing to get your techs launched into the concept of being a professional in the art…instead of knowing how to thread a film in the projector, they have to see how the movie threads through the network and which parts need a little lite oil, which might need a touch of the hammer.

One could always go with An Idiot’s Guide…oops, the Network Monitoring and Troubleshooting for Dummies book, available for download from another network consulting group. Go to Riverbed’s page: Network Monitoring and Troubleshooting for Dummies | Documents | Media & Downloads

Good luck to us all. One way or the other, the ideas and techniques of training the cinema tech support staff in the tools of their trade will prove worthwhile. Outsourcing seems so year 2000.

 

Free Wireshark Training

Which is what Laura Chappell figured out and has dealt with. It isn’t for everyone in your organization, but someone in your organization should know this tool well enough to be certified in the use of it. DCinema networks are getting more complex as the shift to IMBs and more reliance upon TMSs and outside resources like satellites.

Chappell University – Online Wireshark Training

Wireshark · the world’s foremost netowrk protocol analyzer – Go deep.

That said, when I saw FREE on one of the training pages, I said, “Color me there.”

Chappell University – Training Schedule

 

2012 COURSE LIST

[Register] FEB 15 10am PST Wireshark 202: Coloring Rules free

[Register] FEB 16 10am PST Filter with Snort Rules [AAP Event]

[Register] MARCH 14 10am PST Wireshark 101: Introduction free

[Register] MARCH 15 10am PST Filter Expression Button [AAP Event]

[Register] APRIL 25 10am PST First 5 Troubleshooting Steps [AAP Event]

 

There is so much more to the Chappell website of course. On this page (Chappell University Online Portal) is a DVD ISO image with a Lab Kit, just the thing to get your techs launched into the concept of being a professional in the art…instead of knowing how to thread a film in the projector, they have to see how the movie threads through the network and which parts need a little lite oil, which might need a touch of the hammer.

One could always go with An Idiot’s Guide…oops, the Network Monitoring and Troubleshooting for Dummies book, available for download from another network consulting group. Go to Riverbed’s page: Network Monitoring and Troubleshooting for Dummies | Documents | Media & Downloads

Good luck to us all. One way or the other, the ideas and techniques of training the cinema tech support staff in the tools of their trade will prove worthwhile. Outsourcing seems so year 2000.

 

Lesson One: Who’s on the Network

{youtube}95om-Mr3Af0{/youtube}

The beauty of this tool is that it is free. Here is what they say the highlights are:

PRODUCT USAGE:

  • IP Address Tracker Highlights:
  • Track an unlimited number of IP addresses for a unified, at-a-glance view of your entire IP address space
  • See which IP addresses are in use – and which are not
  • Eliminate manual errors while ensuring that IP addresses are listed in the right place
  • Determine the last time an IP address was used
  • Pre-populate key statistics like DNS and response time

The Solar Winds IP Address Tracker can be downloaded from the Solar Winds site at: SolarWinds-IPAddressTracker-v1.zip For pro or beginner, it is a good first tool to use as the week turns to next week and the administration of your system hasn’t been done.

It is simple enough to use straight after download, but you will find an email in your inbox that will give you links to several courses of materials. Except for those who make IP their daily business, we’d recommend them all.

As you would expect, since everything in digital cinema seems to change every year, IP is going to change this year. Early in June the first official day of IPv6 will come and go. Nothing will change since so much of our equipment has been developed for this day to come and go. But it would be a good thing to have a handle on the situation well in advance. Who knows what switch or router is so old and the firmware so grey that it might freak on the new larger numbers.

On the more practical level, new projectors are going to have IMBs as well as SMS units. One more set of IP addresses to track. Why not train a few people on this in your organization?

Lesson One: Who’s on the Network

{youtube}95om-Mr3Af0{/youtube}

The beauty of this tool is that it is free. Here is what they say the highlights are:

PRODUCT USAGE:

  • IP Address Tracker Highlights:
  • Track an unlimited number of IP addresses for a unified, at-a-glance view of your entire IP address space
  • See which IP addresses are in use – and which are not
  • Eliminate manual errors while ensuring that IP addresses are listed in the right place
  • Determine the last time an IP address was used
  • Pre-populate key statistics like DNS and response time

The Solar Winds IP Address Tracker can be downloaded from the Solar Winds site at: SolarWinds-IPAddressTracker-v1.zip For pro or beginner, it is a good first tool to use as the week turns to next week and the administration of your system hasn’t been done.

It is simple enough to use straight after download, but you will find an email in your inbox that will give you links to several courses of materials. Except for those who make IP their daily business, we’d recommend them all.

As you would expect, since everything in digital cinema seems to change every year, IP is going to change this year. Early in June the first official day of IPv6 will come and go. Nothing will change since so much of our equipment has been developed for this day to come and go. But it would be a good thing to have a handle on the situation well in advance. Who knows what switch or router is so old and the firmware so grey that it might freak on the new larger numbers.

On the more practical level, new projectors are going to have IMBs as well as SMS units. One more set of IP addresses to track. Why not train a few people on this in your organization?

[Update] IPv6, Security, Future Near

The 27th Chaos Communication Congress – subtitled We Come In Peace had an excellent presentation on IPv6 by Marc Heuse, an expert in the field and creator of several tools to test IPv6 security.

IPv6 is the coming standard for intranets, the internet and most IT/IP interconnect equipment. It is quite different from the IPv4, which is currently in place in all of our network systems. The IPv4 protocols use the typical 4 octet system, e.g. 192.168.1.1 (taking 32 bits), while IPv6 uses 128 bit address of numbers and letters. The comparison is 232 v 3.4 x 1038 – the number is 340 undecillion unique addresses.

Other advantages include autoconfiguration of IP addresses and networking, a hierarchical address structure which reduces operational cost and several Integrated security features. 

As Mr. Heuse points out, all major operating systems and most modern routers already support IPv6, but it is turned off. For most intranet installations, IPv4 will probably continue to be sufficient and won’t need to be replaced by IPv6. But as with all new protocols, there are some advantages that might move manufacturers to use the system to uniquely identify equipment for communication security, or other features that are not available with IPv4. Therefore we need to stay abreast of its advantages and potential pitfalls. Especially when one of the current problems being worked out is security weaknesses in tunneling, when using IPv4 and IPv6 together (like that will ever happen!). And though it handles multicasting more securely than with IPv4, that area is also one that has some issues. 

The issues with security come from the standard’s original outline being laid out 15 years ago. It dealt with the security problems of the time. Recommended practices have been developed to upgrade the protocol’s implementaion, but there are many, and they aren’t always dealt with the same way by all manufacturers.

Notwithstanding this, IPv6 is being tested this month in a ‘live on the internet’ plug fest fashion. It will be rolled out in the coming months. The Youtube video that follows isn’t for everyone, but it should be for everyone who claims to be a professional in the entertainment technology field of digital cinema, as cinema is by its nature ‘unique addresses’, on the internet and very concerned with security.

This link points to a page that has several slide presentations on the subject:
27C3: Recent advances in IPv6 insecurities
Don’t miss this slide presentation: 
Recent Advances In IPv6 Insecurities

Side note before the 53 minute video, if you run across any interesting information in this field, or recommendations or comments by the technologists in the d-cinema field about IPv6, please forward it to the editor.

Other articles: 
Last of the IPv4 Addresses Allocated
Understand IPv6 Addresses

YouTube – [27C3] (en) Recent advances in IPv6 insecurities

{youtube}c7hq2q4jQYw{/youtube}

Simple Great Passwords v Cracking Dictionaries For Rent

 

Anyone who deals with projector or media players should certainly have good password practices. It would be logical that anyone who passes security keys around should also figure out a pattern for creating passwords.

The article’s idea of putting in the last letter of the site associated with the password is a good first stop. So, the password for dcinematools would start with an ‘s’, and since it is easier to have most letters following be small letter, making the ‘S’ capitalized is a second good stop. 

One imagines that eventually hackers will start putting the letters of typical phrases into their dictionary cracking databases. I find it easier to use the letters of some object that is in front of me all day, but never a whole word. So, if the American Heritage Dictionary is in front of me, I might choose the first three letters from each word, and put a number in between each, with one of them being shifted to a symbol. I also have found that I give numbers based upon sensitivity, so that public sites which might have their data stolen get higher (or lower) numbers while more secure sites get the opposite. 

Like all matters dealing with responsibility for other people’s assets (equipment, art, friendship…), passwords are a sometimes pain, often done away with without penalty, but important that one time that it was required. Having a pattern will, in this case with the human-machine relationship, make things easier the one time that it might matter.

Your Own Penetration Test

 

Typical defenses against these threats include:

• A firewall to separate the corporate network from the Internet

• An intrusion prevention/detection system (IPS/IDS) to detect when typical hacker activities, such as port scans, occur and to take steps to prevent them from successfully penetrating the network

• Malware scanners to prevent malicious software getting on to the network hidden in e-mail, instant messaging or Web traffic

• The use of passwords to prevent unauthorized access to networks, computers, or data stored on them.

Every organization should have these defenses in place, but this leaves a very important question to be answered: How effective are these measures?

It’s a deceptively simple question, but it’s essential that you know the answer to it. That’s because if you don’t it may turn out that:

• Holes in your firewall leave your network vulnerable

• Your IPS/IDS is not configured correctly and will not protect your net- work effectively

• The passwords used to protect your resources are not sufficiently strong to provide the protection you require

• Your IT infrastructure has other vulnerabilities you are not aware of, such as an unauthorized and insecure wireless access point, set up by an employee.


Since the professionals at your cinema are responsible for entertainment materials which are more valuable than the contents of your local bank, this is valuable information for them.

This set of instructions include where to download the free, open-souce files, and how to install them.

These are the chapter headings. We’ll go through these one at a time at a later date.

  1. Carrying Out Your Own Penetration Tests
  2. Network Discovery: Scanning with Nmap
  3. Sniffing Your Network with Wireshark
  4. Checking Password Security with Hydra
  5. Spotting Weak Passwords Using Offline Attacks
  6. Checking Wireless Security with aircrack ng

The attached file can be downloaded by those who are registered and signed in.

Example of PC Vulnerability, and Why Important

One of the magic rules of security is to presume that the bad guys think differently than you do. (That may be what makes them bad guys.) Hopefully, they won’t think that entering the locked portion of a facility is such a good idea, and messing with your system is just to worthy of being caught.

 

But if you are paying attention, there are constantly new updates to Adobe Reader, and most of them are to plug security problems. Same with Firefox. Same with many other common programs. And if your desk computer isn’t updated, and if some blackhat figures a way to put a worm into a pdf file that will only affect a Unix machine…like that server over there…it might not trigger your virus checker. But it could get placed onto the server.

Be a professional. Stay updated. Stay aware of updates. Stay aware of what a virus or trojan horse could do. If you can’t tell your sister’s friend what the difference is between a virus and a trojan horse, learn some more.

Meanwhile, think abou the implications of a story like this, and how someone (who doesn’t think like you) could take advantage of it….to your detriment. 

Matousec has discovered a relatively simple loophole that could leave Windows PCs vulnerable to malicious code, with all commercial anti-virus packages powerless to prevent it.

By Martin James, 10 May 2010 at 11:33

Security analyst firm Matousec claims it has revealed a vulnerability in Windows PCs that could leave mainstream security software all but powerless to prevent an attack.

The flaw exploits the way anti-virus packages use System Service Descriptor Table (SSDT) hooks to access the Windows kernel. Because of the inability of multi-core systems to track threads running on other processing cores, a simple bait-and-switch attack stands no chance of being detected if the timing is right.

Once an anti-virus program is satisfied a given piece of code poses no threat, it will give the code the green light to be executed. However, at this point there is a short window where the innocent code can be replaced by malicious code without the security software being any the wiser.

Read the rest of this lesson at:

Researchers find way to bypass all Windows security software

Security – The Psychology of Being Scammed

1. The distraction principle. While you are distracted by what retains your interest, hustlers can do anything to you and you won’t notice.

2. The social compliance principle. Society trains people not to question authority. Hustlers exploit this “suspension of suspiciousness” to make you do what they want.

3. The herd principle. Even suspicious marks will let their guard down when everyone next to them appears to share the same risks. Safety in numbers? Not if they’re all conspiring against you.

4. The dishonesty principle. Anything illegal you do will be used against you by the fraudster, making it harder for you to seek help once you realize you’ve been had.

5. The deception principle. Thing and people are not what they seem. Hustlers know how to manipulate you to make you believe that they are.

6. The need and greed principle. Your needs and desires make you vulnerable. Once hustlers know what you really want, they can easily manipulate you.

[The post and its comments are at:
Schneier on Security: The Psychology of Being Scammed  – November 30, 2009]

It all makes for very good reading.

Two previous posts on the psychology of conning and being conned.

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.