Latest Entries »

Have you seen this headline?

It is repeated in one form or another at many diverse source spots on the web currently. It certainly has made some waves as I couldn’t get this post to stick at the place where I post most of my thoughts on any subject matter. See screenshot at the bottom of this blog entry.

I personally trust my own methodologies to be realistic, as I have fine tuned them for years; not for any one other than for myself. I have long known that a body needs to be able to trust their own accuracy as they judge situations and personalities in real time as they interact with the world. I’ve sought to test my methods at times, to deem for myself if I should trust my accuracy, and I can say, I didn’t do badly. This of course is me judging me but that along with some experience has allowed me to knowingly take some calculated risks with the confidence that I could handle the situation as it progressed. I’m older now and my acceptable risk factors has grown some what smaller with my aging. Still. I would not mind putting my methodology up against anyone’s as I dare say I would not be ashamed of the end results. Now you fine folks take all that above as you see fit. Use what ever methodology you have developed to determine for yourself if you think the odds favor it as accurate or not. I will now drive on with my point for creating this post.

I am angered by the obvious worthlessness of truth today. When did truth loose value to you? It hasn’t? Sure it has, and I say that because of the acceptance of a standard that now should be called Truthless from our leaders and much of the press. Specific case in point. I have NEVER understood how Donald Trump could be so well received as POTUS… But the man is even loved by many of my peers! I have honestly tried to give him every possible benefit of a doubt that I could create, in hopes that he could redeem himself from this harsh take I have on the man’s character. Yet when I look at the man I ALWAYS see him for the narcissistic, holier than thou, womanizing PIG, that he was OBVIOUSLY before the election cycle of 2016. But it gets better when you place all those fine character traits in with the few redeeming qualities of the man. Like him being one of the most petty personalities I have ever seen (especially holding public office), and then there is this ingrained propensity that he has to stretch truth to almost the believable level of a Roadrunner/Wiley Coyote cartoon. Let’s be honest with ourselves Mr Trump is undoubtedly a Pathological Liar! We all see this, so I have to wonder about the blindness exhibited by many of the intelligent folk around me. They actually seem all too willing to choose to stay blissfully unaware that the man has a credibility problem of ginormous proportions!

How can anyone believe a single thing that this President has to say to us about ANYTHING? On ANY subject matter? And folks, if you realize that he all too cavalierly lies to us at all. How can you choose to defend him in good faith? How can you continue to value him as a leader? Is it because he chooses to do a thing or maybe two that you find to be of great value? What might be of that high a value? Is it because he is building a needed physical wall at our southern border? We humans seem to be wired to over appreciate those we deem as “successful”; so my best guess is it must be because he comes to the Oval Office with his own money. Ergo, he must know how to make the wisest choices to get us in better financial scenarios as a nation. If that rings true for you, I have got two quick but important points I would like for you to consider. First one is Mr Timothy Ziemer, and the second one requires you to think about this current trend.

I could play Devil’s Advocate and quickly make about three more points, but in order not to digress from my main point I will choose instead to go on. Maybe it is more along the lines of…. He’s certainly not a Washington Insider and that is what we have been needing to get into the Oval Office for years. And I would have to agree with you that we did, and do need to get a fresh perspective and a fresh personalty for POTUS over either of the two accepted party’s normal nominations. But that doesn’t mean I want anyone with anywhere near the checkered reputation that Mr. Trump had going as he entered into White House. He had unanswered FRAUD allegations for Christ’s sake! [NOTE: if you want more specifics, dig a little because this incident certainly is not an isolated case of fraudulent allegations being leveled at the man]. I can supply a few more of them that at least deserve some thought, if it doesn’t just outright display criminal behavior. I can honestly say after seeing the value this man places upon truth, I do not find myself surprised that the man ran for, and even took office easily breaking a record on how many different cases were pending from, on, with, or about his business practices in civil courts. I jest not when I say the man keeps the courthouses busy! Such activity says SOMETHING about this man. You decide for yourself if it speaks of who you would choose to be representing you and your values to the world at large, never mind for a moment we have little choice but to trust this man to faithfully be representing our best interests in this pandemic situation!

You know I actually find myself thinking I had much rather seriously entertain a personality that had SOME criminal convictions on their records for the Oval Office! As long as they were straight up about them when asked and they were not of too heinous a nature. Why? Because honesty is still a virtue. And truth is still important to me. And I think TRUTH should be important to you too.

This is the screenshot I referenced in the first paragraph above.

If you know me at all, you know I am a technology junkie. I love watching us a species learn to do more and more complex things. Our technology is the key for our species to become more than just Earth dwellers. And that MIGHT can keep us from the same fate as that of the dinosaurs. It is very important that with the power these new technologies bring to everyday life that we do not lose sight of the principles that helped bring these changes and developments in the first place. It is all to easy to look the other way as citizens while those who would govern us loses the spirit of the freedoms that we have held so dear in abuses that are not how our fore fathers envisioned for this nation of free people.

Mr. Bruce Schneier caught my attention some years ago when I noticed that the man had a way about how he went about explaining things. Things that I already felt comfortable that I knew; and in doing so he would always give me ‘new’ ways to think about or to contemplate old concepts. To simple fellow like myself, I find value in that, sometimes a lot of value. So I tend to notice any personality that has a tendency to do that for me with any kind of regularity.

Mr. Bruce Schneier is undoubtedly a busy man, he wears many hats. One of those proverbial hats has a label that reads “EFF board member”. That hat likely isn’t his favorite if care to look at the man’s publicly declared resume, but that one hat alone is worth ALL my respect being the technology loving, traditional minded patriot that I am. I plan on highlighting some of the man’s work here and maybe with my social media presence in coming weeks. I hope you all will find similar value in it as I do.

I am going to start with one of my most favorite. Over the course of the last decade I have read this specific article (essay) a handful of times, and each time I did I felt it did me good to revisit it. In this new Information Age several most basic notions that our Founding Fathers held dear, (and a few more that where so basic that they took them for granted and didn’t spell them out specifically) need to be regularly revisited to ensure we are continuing to be true to basic notions that they put forth. The ORIGINAL IDEA of FREEDOM if you will.

I think we’re failing miserably in some areas.

This one is especially valuable to any American out there who has honestly said (or ever had the thought)
“I am not worried about the loss of my privacy, as the NSA knows I’m doing NOTHING wrong.”

Take a moment to give his essay a read at the link provided below.

Apple’s new MacBook Pro debut has brought me back around to looking at the “JEEZE! You gotta be kidding me! Whatta Cluster Scruff!” that STILL is ‘USB-C’. While USB-C boasts some truly impressive stats, like data rates up to 40 GB/S speeds in some configurations (on paper), and power delivery (up to 100 watts), in various company’s R & D labs, so far they can only seem to agree to the most basic standards (as specified here).

So, the buying public that is now seeing more and more USB-C ports on things they are buying now, really needs to be aware that all USB-C’s are not created equal, and that complexity is STILL a headache of Mount Everest proportions for some who wants a specific function from the USB-C port they have on their new device or with the specific USB-C cable that you have in your possession for that USB-C port!


HINT. DO NOT ASSUME ANYTHING, AS SOME CABLES CAN BE FINE FOR ONE APPLICATION AND DAMAGE HARDWARE PLUGGED INTO ANOTHER USB-C PORT!!! So, yeah. I thought by now some of this would be sorted and much less a mine field. But not yet. It is still a very confusing subject, even for many who are generally tech savvy.

Also check out these links…

Hello friends,

Today I am going to continue my observations of and re-look at my conclusions on the DuQu.

DuQu… The Evolution Of ‘Weaponized’ Malware Is Unfolding Right In Front Of Our Eyes!

I realize that ‘Weaponized’ is such a graphic term!  Yet, I think that using it to describe the DuQu is no more ‘scaremongering’ than stating Pakistan and India are nuclear powers. As the various unique DuQu infections are slowly being successfully disseminated by the Data Security industry, it is becoming very clear that this is not the work of some cyber-criminal gang or any ‘hacktavist’ group. The DuQu is the first salvo (or pre-salvo if you will) of another operation, or more likely, many seemingly-unrelated operations. Any one of these operations could potentially have a larger visible effect to the world’s population than ANY other malware ever documented before! Or, maybe not. In a flash-back to the CIA’s assassination days, the information gathered by DuQu could (& I wager would) be used to cause a seemingly-isolated ‘incident’ in some critical control system that would result in the death of some ‘High Profile Wanted’ person almost anywhere on the globe (with say, a few days to a week’s notice)! Or realistically it could even easily be all of the above!

Granted the DuQu as we know it now doesn’t appear to be much more than an unbelievably clever spyware, so to deliver on the above statements it would be needing some help. But I would bet the farm ‘that help’ is sitting ready and only waiting on specific parameters to be entered on various blocks of pre-existing code to be ready for compilation right now! Here is some of my reasoning and why I think this…

The first example the world ever saw of any type of ‘weaponized’ code was last year; it was called the Stuxnet. Its target was obviously Iran’s Natanz Nuclear Labs. It was unique in several ways, in that it used an unheard of four different Zero-Day exploits! It was specifically targeted to sabotage the normal operation of Siemens Centrifuge Controllers while simultaneously covering up its activities and presenting a seemingly ‘normal operation’ environment for Iran’s centrifuge operators physically present at those machines! Excuse my language but, that is quite a damn feat! There were a couple of variations of Stuxnet discovered, and the disseminations indicated that the code functions were written in ‘blocks’ (a common practice) and in several different programming languages and the second variation indicated the various ‘blocks’ of code might be interchangeable to add quick customizable functionality! Holy quick versatility, Batman!

November 1, 2011 DuQu is publicly announced by Symantic. Their first impression of the code was it was another variant of the Stuxnet because a percentage of this new code was quickly identified by heuristic scan engines as the Stuxnet. But there were more similarities. Of the six confirmed unique instances of the DuQu, currently being studied by various members of the Data Security industry, evidence exists that every instance was specifically compiled for a specific target. Each one involved in the manufacturing and/or maintenance of industrial control systems. Yes, the types that are commonly used for critical infrastructure control in the developed world. The ‘blocks’ of code seem to indicate that the DuQu’s programing was written in or about Oct ’07 (as did some of the Stuxnet) However, one security company thinks that some of this coding was written as far back as ’04.

The DuQu uses a fresh C&C (Command and Control) Server for every unique instance discovered, which gives DuQu great probabilities of over-all success, as any instance discovered and C&C identified and brought down doesn’t kill any of the yet to be discovered instances still ‘in the wild’. SIDE NOTE: Anonymity could be very fleeting here, as it stands to reason the more C&C Servers identified and studied increases the odds of accurate deduction of the programmer(s) behind these infections.

I find almost all malware’s propagation techniques very interesting reading. My favorite portion of the DuQu’s is its LAN propagation. The initial infection is delivered on to a web facing computer using a malformed .doc file. Where it sits still for 10 minutes or so waiting for computer inactivity. Then it completes its installation and starts sending ‘feelers’ out to find and identify other computers in the LAN neighborhood; specifically, the computers on a non-web facing sub-net. It gathers as much information as it can on this and sends it back to the C&C. Apparently, after human rationalization of the pilfered information, specific attack vectors are settled upon and new a new malware is compiled for the propagation. Then, operators instruct the C&C to send those files needed for the surgical infiltration attempt into the more protected sub-nets. They seem to employ several various tools including key-loggers. If this proves successful the web facing initially infected computer becomes a liaison between the C&C and hopefully the targeted information.

All this doesn’t add up to look like the work of any cyber-criminals or hacktivists that has ever here-to-fore been documented, it’s simply too sophisticated.

Here are some links I read as I formed my conclusions:

Until I sit down to write again, friends please stay safe.

Greetings folks,

As usual it has been too long since my last entry here. But today I want to talk a bit about the next generation of the Stuxnet it was recently found ‘in the wild’ and it is called DuQu.

DuQu’s initial discovery was by CrySyS, but since their bringing in Symantic for analytical help Symantic has been taking the primary lead in the study of, and the reverse engineering of the various processes the DuQu (referred to by Symantic as W32.duqu). Symantic reports that there is mounting evidence that despite the earlier thoughts of Anonymous dissecting and using the original Stuxnet code that this is again the work of some State Sponsored Cyber-Warriors. They think it is likely the same authors that originally developed the Stuxnet (which is widely believed to have been jointly developed by the US and Israel).

The DuQu (so dubbed by CrySyS because of the abundance of lines starting with “~DQ”) appears to be weaponized malware too mainly for the following reasons:

1) A great deal of the original Stuxnet code is employed but it’s objectives are quite different than ‘mussing’ with Siemens centrifuge control code. In this case it appears that it’s mission is to gather information on control systems currently employed in the power generation industry, map the networks they are found on, (I found this part to be really clever) set up ‘proxy servers’ in those networks to reduce the amount of infected computers on a network ‘calling home’ back to the Command & Control Server (thus keeping suspicious traffic to a minimum), and steal password(s) associated with the Administration accounts on those networks.

2) This code was so precisely and definitively aimed at very specific critical infrastructure organizations (6 organizations so far unnamed, in 12 different countrys, which includes the UK and France). Oddly enough DuQu could only install during a specific block of time (an eight day time period in Mid-August).

3) It’s installer utilizes a complex Zero-Day exploit (*1) in the Windows Kernel with a maliciously configured Microsoft Word (a .doc extension) document.

Duqu infection flow chart

Duqu infection flow chart

4) The first C&C Server discovered was shut down, another server in Belgium was then utilized (it too has been shutdown now) So far no other servers have been discovered to be actively acting as DuQu’s C&C.

Other interesting wrinkles are: there appears to be at minimum at least two different versions of DuQu (both versions have been discovered in Iran). There is evidence that part of this code (the zero-day exploit) could have been compiled as far back November 2010. This does not rule out Anonymous as the force behind this version but it does put it in doubt.

While Symantic feels that is most likely the original Stuxnet authors reusing their code and that Anonymous is not behind DuQu. I think that they are likely correct in that assessment. However, I would like to point out that there are some small points that makes me wonder. The Stuxnet is rumored to be in Anonymous’ possession since the HB Federal debacle and they have had enough time to be well into reworking it with some of their own knowledge of Windows Kernel vulnerabilities and having it ready for some other nefarious objectives.

Well folks what do you think? I think the logic of Symantic’s reasoning is sound enough to convince me that it is most likely to be the original code writers behind DuQu. I must admit that I was suspecting Anonymous as I started this reading!

(*1) Microsoft is reported to be scrambling to correct this kernel vulnerability (but there is almost no chance that a patch will be available before the next official ‘Patch Tuesday‘ (November 8, 2011) just because there is simply not enough time) so, hopefully by December the kernel patches will be ready.

Sources I read and used while writing this article: (in .pdf format)

Until next time I sit down and write, stay safe friends.


That’s right Zombie Cookie! I bet you right now there are Zombie Cookies on your computer! Most everyone is familiar with web browser cookies, but if you are not the premise is a simple one. A browser cookie is a text file stored on your computer, that a web server uses to uniquely identify your computer on subsequent return visits to that web page. It can be used to remember your name, sign-in and password information (and can be used for an automatic log on when you arrive at familiar web site), and is commonly used for remembering various mundane data and ‘background’ processes (like assigning a link’s color to the ‘visited link’ color as you run across it again in your surfing, and/or to store your site viewing preferences if you desire customization to make your surfing experience more enjoyable). While that fine and dandy and is in fact kind of handy, these cookies are actually used much more frequently for the convenience of others than yours. They are the preferred method by authorized third parties to ‘target you’ with more advertisements or site suggestions tailored to your personal tastes . Of course the advertisers love this notion as they can accurately present their ads to specific demographics, which makes their ad dollar MUCH more effective.

But what is a Zombie Cookie? Well just like you might expect, it’s a cookie that (with out any action from you) will resurrect itself from the dead (or deleted) and reinserted itself back into your ‘cookie jar’ (your web browser’s cookie storage area)! They are also referred to as a ‘super cookie’.

Most folks think “So what? I like the convenience of cookies!” The downside argument is as follows: Some of these authorized parties are way too cavalier with any information they glen or receive, and it’s your cookies that they’re using to determine the web sites you frequent, and since (in many cases) that information itself is too personal to be public knowledge, all cookies must be BAD. It’s true we actually don’t know what purposes this information might be used for, or by whom, as the information is commonly for sale. In deed many tech savvy folk consider cookies in general as an unacceptable privacy risk (dependent on who is talking about it at any given time). For this reason they are frequently deleted from web browsers by those who are wary of such things. But browser cookies are commonly required for many web sites to work properly, so those folks typically have their browsers set to delete them upon closing, and try to maintain an exceptions list to certain specific sites. Since that is a bit more complicated than most users want to have to go through on any regular basis, cookies are generally left on (even third party cookies where much of that abuse lies).

In the spirit of not taking myself too seriously, Allow me to tell you the tale of how I was introduced to the Zombie Cookie. As you well know, I have been and continue to be ‘into’ the study of potential security issues with today’s data technology. But several months ago I handed down my older laptop to an immediate family member, so I had not ‘cleaned it out’ like I would have done if it was to be sold to someone else, but I had uninstalled some programs that would be useless, and cleaned the cache, defragged it, deleted all my bookmarks (and installed theirs) and had installed some requested extra software. But when they to use it on the web I was in for a surprise. My log in information was already inserted into the sign in areas on Yahoo mail, and on the MSN page, I was already signed in! How did that happen? I reviewed both sites’ privacy policies, and noticed nothing suspect. I went to the URL bar and manually typed in a few addresses that I commonly surf to for security reading (I had kept these bookmarked previously), at the third one, there it was again! While typing in these addresses the browser couldn’t predict the URL, but upon arrival at this third site my log in information was there already! What?!?  That site’s privacy policy mentioned the use of super-cookies. A term that I vaguely recollected hearing before, but admittedly was unfamiliar with the workings thereof. It was time to do some reading.

A Zombie Cookie (or super cookie) is an Adobe Flash backed up cookie! In other words Adobe Flash replaced my cookie as soon as the web site checked for a cookie. In a very practical sense it detected it missing and so it automatically replaced it! I knew the Flash ‘engine’ had a few MB of space that I authorized it to have and it could be used for sites to store some information (makes some streamed video a lot less choppy), but I never imagined it could be used in such a way! It seems that a big driving force in this was those advertisers! They wanted a redundancy, so they could present proof that their client’s ads had in fact been seen by 100 people instead of 10 people 10 times each! And so the stage was set for the rise of the Zombie Cookie!

My concern is this. Adobe’s security record with the Flash engine is abysmal. This cache is a spot that could conceivably be used for malicious purpose. But if you restrict the caching space small enough for malcode to have no place to stay, Flash’s engine is severely restricted for legitimate purposes. Now we are back to maintaining an exceptions list! LOL

What is your take on this? Do you have questions or comments? Lay them on me.

Until next time, surf safe!

Robert Amerson

Hello again! Two days in a row! Wow, I’m surprised myself! Today I want to talk about my right TO NEVER have to incriminate myself. This is a subject that I enjoy thinking about because modern technology has so out grown what our fore fathers were envisioning as they were considering the wording of our Constitution. So there is a great need for us all to be focused on this type of thing if only to see that the spirit of their vision remains as pure as humanly possible as time and technology marches on. Case in point:

Recently in Colorado, the home of a suspect arrested in a mortgage scam case, was raided and an encrypted laptop was among the confiscated items. Any electronic data storage device is grabbed in any type of law enforcement raids, as I am sure you realize. These devices are a favored source for evidence in any forthcoming legal proceedings by the prosecution. The prosecution demanded that the suspect decrypt the laptop. The suspect refused citing 5th amendment privilege.

The prosecution argues that 5th Amendment protection is not applicable for two reasons, ONE: As they do not require the encryption key in any form (oral or written) and promise to not ‘observe’ the entry of said encryption key. TWO: The laptop in question was obtained in the execution of a search warrant, and not by subpoena “Evidence obtained through search warrants does not implicate the self-incrimination clause because search warrants do not compel individuals to make statements…”Again the suspect refused, repeating her 5th amendment rights. The Colorado prosecutor approached the Attorney General in Washington DC. The Assistant Attorney General Lanny Breuer agreed with Colorado’s prosecution and affirmed that the suspect can be ordered to decrypt the laptop or be held in contempt. His view of the situation seems to be best described by this close example: A safe holding documents of evidential value to the prosecution in any upcoming trial can be ordered opened for their review, and possible use.

I tend to see this more along the lines as does the Electronic Frontier Foundation. They argue: The Fifth Amendment says that “no person…shall be compelled in any criminal case to be a witness against himself.” and that the “Decrypting the data on the laptop can be, in and of itself, a testimonial act–revealing control over a computer and the files on it,” so “Ordering the defendant to enter an encryption password puts her in the situation the Fifth Amendment was designed to prevent: having to choose between incriminating herself, lying under oath, or risking contempt of court.” Forcing the suspect “…to decrypt the hard drive would be an unreasonable and therefore unconstitutional search and so a Fourth Amendment violation; and That to force her to decrypt the drive would not be the same as compelling her to surrender the key to a safe, the new technology making that analogy inapposite, but would instead be compelling her to use the content of her mind to perform an affirmative act to assist the government to prosecute her, which raises the Fifth Amendment problem.” Read their thoughts in .pdf form on this matter here.

So what’s your take here? If a prosecutor or a law enforcement official demanded your encryption key, would you decrypt for them? If yes please tell me why.

Until next post, stay safe neighbors.

Robert Amerson

Some of the sources I read while putting this blog together include:

Fresh off the press! Oh look it’s the wanna be ‘Super-Hero Hackers‘ who (like they were badly neglected as a child) think they can demand our love and respect, that’s right Anonymous is back! These folks want you to think that they are Robin Hood types, but the truth on the subject is manifested for all to see if you actually want to look closely at the incidents they have been involved in. Miscreants! They get a head rush being recognized for sewing chaos on any who happen into their sight! The few points I might could have agreed with them on, is more than mooted by their own conduct and their reactions to the responses their victims have had to their Cyber assault/onslaught.

Now they claim that Facebook will ‘destroyed’ on November 5. Not just attacked but ‘destroyed’ is their words! Why do you think these Robin-Hood wanna-be’s would want to target Facebook? Privacy (they say) or lack there of. Implied is their belief we (the public) of today are inherently incapable of realizing that there IS NO ‘real’ privacy in this new Information Age that we all are blessed to now live in. Hey just below here, I have included their ‘Official’ declaration of intent!

I say, we do not need them (or anyone) to look after our best interests. I alone am qualified to see to my best interests! Not the US government, and surly not a shadowy band of hacker types who by their very name will never be available to me for any kind of civilized introductions!

I personally think that they are about to stick their foot in it on this attack. Gone is any resemblance to any type of ‘higher purpose’ because a wrong needs to be righted! No this time they want you to think they are looking to our greater good! BULL HOCKEY!

That’s my take on the situation. What’s yours?

Until next time I post, stay safe guys!

Robert Amerson

It is so human nature to barrel straight ahead, progress must be realized! So forward! On and on! We seem to do this in every portion of our lives, from war, to industry research and development, technology. Everything. Since data security is what seems to be most on my mind I can’t help but notice it there. So that is how I will be approaching it in this little post.

Computers has come so far! Since my time in high school computers  has come from the humble beginnings of the Commodore 64 to the present day. The internet has come from nothing to the most used communication and data storage tool in human history. With all types of progress there is growing pains, but despite those we seemed to not pay enough attention to the heath of all our data security. It has progressed to a point now that if we do not back up and really start paying attention to the security of the protocols already in place that this inattention to the most basic health factor of our data systems (and everything that it relates too) will see a collapse of the complete system. Evidence of this is abundant anywhere you choose to look. Already confidence in the system is slipping from the common user. No longer is it the senior citizen that seems to exclusively be refusing to use the internet to their banking and bill paying. How can that be faulted? This year alone has brought an unbelievable amount news of successful hacks, all sorts of data breaches, new and some renewed or resurrected banking malwares, and there have been so many incidents of people’s personal information being  stolen that I have lost count! People this will not be getting any better in the near future! The main reason for this appears to be two-fold, the blitzkrieg continues on all business as usual, this coupled with the never before easy availability of the successful exploits used. This is largely due to the fact that those responsible for these hacks are more getting unbelievably brazen now, so confident in their numbers that they will even openly train you (the public) in the nefarious tactics commonly used and supply script kiddie tools the novice can successfully use to do the same!

While the future remains bright for the continued development of the cutting edges of today’s information technology, documented by the new applications this tech enjoys grows seemingly exponentially each and every year. I caution that we need to look to the foundations of it all and see to it’s basic health before we allow the lack of security to become (at minimum) a major stumbling block, or witness today’s Information Age become a product of it’s own self destruction!

Until next time people, enjoy yourselves! Have a comment? Feel free to lay them on me!

Robert Amerson

Is the term ‘Internet Security’ a myth? I’m there (from a practical sense). How many times in the last six months have you heard “…the accessed information included first and last names, email addresses, account passwords…”? I know you can make it more difficult to gain unauthorized access, but the landslide of publicized hacker successes in the very recent past indicates, the term ‘Secure Server’ should be looked at like the term ‘Low Fat’… ie a term coined from the marketing execs as the tech was in it’s infancy and not a term a seasoned IT Exec would have coined.
The fact is some information systems CAN’T BE tied to the net for security reasons. Some have to be but need constant vigilance. I personally think some of these systems should have a proverbial ‘quick disconnect’ that would deliberately sacrifice constant service to security (then specific rule defined anomalies would shut a server’s connection off physically). Until biometrics is the accepted standard for authentication to computers in general, and multiple biometric ID is required for really important servers, the quick disconnect method seems to be the safest course to take. It would save MILLIONS of dollars to companies that are responsible for customer privacy information (just a small breach of certain information costs millions).
But what about those servers that are cream targets for state or terrorist cyber-warriors. Those are the ones we should really be afraid of being breached. The fact is these servers are breached and with much more regularly than we (the general population) are ever privy to…
Got comments? Lay them on me.