What they know about you

What do they know about you - a lot.

It is difficult to understand how much digital signatures you leave on your computer even though you turn off cookies. I found this sction in Wall Street Journal that is dedicated to many ways that you can be tracked in cyberspace. http://online.wsj.com/public/page/what-they-know-digital-privacy.html

The section on digital fingerprinting is http://online.wsj.com/video/what-they-know-your-digital-fingerprint/49B4A220-88A5-4F53-BA89-20BBB0A83CB2.html  

Should we be worried? Just like in the real (non cyber) world, one has to be careful.

• You don't visit irreputable stores online or in real life.
• You don't talk to strangers online or in real life, unless they are introduced by a friend that you know. 
• You check out the person or the company before you interact with the person or company. There are many ways you can find out.

We are in the cyber world. There is no turning back. We just have to learn to live in it safely.

Are there other best pratices you can share?

Bike Theft - there is always a lesson that can be learned

Cable lock that's been cut.

Bike Theft - living in a city with the reputation of being bike friendly, it should be of no surprise that bike thieves love the city as well.

So what does a bike theft got to do with cyber security? Bear with me, and I hope to draw some parallels.

Yes, couple of years ago, I had my new bike stolen, on a Saturday afternoon, from a busy street that I thought no thief will be brave enough to take. I just thought I was unlucky. Not until a couple of weeks ago after I actually witnessed a bike theft first hand that I realized that it was my stupidity instead.

Then, yesterday, I was in some email exchanges that discussed whether an End of Life security device has any value. It dawn on me that bike theft and security theft have analogies.

Let me first relay to you my first hand experience of the bike theft. It was also on a Saturday afternoon but only 2 weeks ago, in front of a theatre, with packed crowd on the sidewalk. This guy walked up to the line of locked bikes. Most of the bikes used the U type lock but one used the cable lock. The thief took out the bolt cutter from his draw string backpack, clip the cable lock - all within half second and not more than 5 feet from me. I yield at him, challenging him. He replied with some stupid answer, got on the bike and took off.  This all happened within 5 seconds. I dialed 911 and reported it . The reporting took me 5 minutes.

These incidences taught me a few lessons.

1) Bike thieves have lots of practice. They think like thieves, not like good guys. Stealing a bike in a busy street is no worse than in a quiet street.

Analogy - Cyber thieves are the same. They think like bad people. They don't care if you use the internet a lot or just occasionally, you are the same victim.

2) After my personal bike was stolen, I've learned that cable locks are useless. This is a widely known fact and well published. So, why are bikers still using cable locks? The bike thief took the easiest prey.

Analogy - an End of Life security appliance means no more support, patches. This also is a widely known fact and well published. Bad guys know it too. So why are we using outdated security appliances? The bike thief can identify a security device and take his easiest prey.

3) Even though I reported the bike theft, do you think the thief will ever be caught? Even if caught, do you think he will go to court? Highly doubt it.

Analogy - cyber thieves stealing a couple of thousands dollars from our bank or credit card. You reported it, do you think he will be caught? Stealing smaller amounts from lots of people is much less noticeable than stealing a large amount from a big company.

The bike thief was clean cut and looked just like any other tourist. Lessons learned, you don't know what a bad guy looks like.

Any other lessons learned? Please share with me.
 

The lazy days of Summer

Summer are lazy days. Kids are on break. Families are thinking about vacation. Office is quiet and spam traffic is down. So life is good!

I only wish hackers look at summer the same way we do. Seeing the activities behind the scene, hackers are not taking a break. CRN released this report .

Just because you don't see it, doesn't mean it went away. The hidden ones are worse than the ones you know.

So make sure you delegate the vigilance of data security to someone before you take off on your vacation.

Lessons learned from the Space Shuttle Program

As I sit watching the final landing of Space Shuttle Atlantis, 18 minutes from the final touchdown, I come to reflect on what the space shuttle program has taught us.

Yes, it is the end of an era. The end of a glorious era that started 30+ years ago. We have gained tremendous knowledge from the space program. Hubble Space Telescope is not possible without the Space Shuttle.

How the world has changed! Collaboration is the future.
When the program was started, America was the undisputed leader in space exploration. It took bold steps to put man on the moon. It took bold steps to bring the Space Shuttle, which is the size of 2 semi trucks end to end, into orbit. America was able to do this alone 30 years ago. Now, America depends on its one time rival Russia to reach the Space Station.

The international collaboration on space program started when the International Space Station program was started. Many countries contributed to complete the construction of the ISS. Modules from different countries are interconnected and functional as one.

I am sure when first started, America had doubt whether other countries can produce a space module that is up to its standard, we had doubt if the modules can connect. Yet, upon completion, there is a connected ISS and it is airtight!

Collaboration and exchange of information is what made this possible. NASA and America decided that the cost of doing this alone is too high, that co-orporation and collaboration can achieve the mutual goal faster and less expensive.

If NASA can do it, will large corporations learn from this? Especially in the cyber security world, can we react fast enough alone to counter the attacks?

I am starting to see companies reselling each other's products. That's a good sign, but is this good enough? Until we can mimic the ISS where astronauts can pass freely from one module to the other modules, we are not functioning efficiently. Image if they have to put on a space suit each time they go from one module to the next. That's what reselling other products are like. Until we can pass from one module to the next freely, we are still not utilising each others strength to its full potential.

With the end to the Space Shuttle, some people will retire and some will carry on to accomplish new goals. Either way, it is the future and it is collaboration!

The NASA commentator's remark on Atlantis touchdown was "Its voyage at an end". But I would add that "it is the beginning of a new era".