FIR B2B Podcast #72: WannaCry Newsjacking and a tribute to Walt Mossberg

Last week the WannaCry ransomware raged around the world. I go into some of the specifics, and have more on my blog if you want links to the exact operations of the malware who has been hurt by its attack. There are several great stories from the media about how one British researcher accidentally tripped a kill switch and gave American IT managers a bit of a breather, and how Microsoft has created patches even for Windows XP versions to try to stop its spread. But there are some important lessons for PR pros who want to become newsjackers. Both Paul and I received dozens of emails with insipid quotes and me-too “sky is falling” non-news releases. Instead, the next time one of these events occurs, try to be fresh, be quotable, be unusual, find the story within the story. Don’t just trot out your CEO or expert, but look for something specific that your client can leverage.

Next, we pay homage to Walt Mossberg of the Wall Street Journal. We reference this article in Recode.

Both Paul and I owe Walt a lot in terms of how they approached their own work over their decades in tech, along with how reviews were constructed and how sources were accessed. The Recode article looks at the current crop of mass media tech reviewers and what they owe to the great man himself. We also talk about how reviews have changed over the years and the prominence of Google and the crowdsourced reviews sites. Sadly, vendors today are getting too sensitive about negative reviews, don’t understand that good reviews take money and experience, and think that “placement” is more important that the actual content of the review itself.

Listen to our 21 min. podcast here:

Read More
WannaCry ransomware analysis

The WannaCry ransomware worm that plagued many people last week is notable for two reasons: first, it is a worm, meaning it self-propagates. It also uses a special exploit that was first developed by the NSA and then stolen by hackers. It first began on Friday and quickly spread to parts of Europe and Asia, eventually infecting more than 200k computers across more than 100 different countries. It moved quickly, and the weekend saw many IT managers busy to try to protect their networks. One researcher called it a “Frankenstein’s monster of vulnerabilities.”

Most of the victims were using outdated Windows versions such as XP. This map shows real-time tracking of the infected systems, where the bulk of infections hit Russian sites, although Telefonia in Spain was also attacked.

The hardest-hit were numerous hospitals and clinics run by the British National Health Service. Apparently, they had an opportunity to update their systems two years ago but didn’t due to budgets. So far, the best analysis is on The Register.  

WannaCry attack summary and timeline

American sites weren’t infected due to an interesting series of events. A young British security researcher who goes by the Twitter handle MalwareTechBlog discovered by accident a kill switch that stopped its operation. His account of that fortunate happenstance can be foundhere. Basically, by reverse engineering its code, he found that the malware checks for the existence of a specific domain name (which didn’t exist at the time and which he quickly registered). Once that domain had an operating “sinkhole” website, the malware attacks ended, at least until new variations are created without the kill switch or that check for a different site location. Sadly, the researcher was outed by the British tabloids. No good deed goes unpunished.

The story on payouts

One curious story about WannaCry is the small ransom payouts to date. About 100 people have been recorded paying any ransom, according to the three Bitcoin accounts that were used by criminals. (Yes, Virginia, Bitcoin may be anonymous but you can still track the deposits.) Other Bitcoim addresses could be used, of course, but it is curious that for something so virulent, so little has been paid to date.

Microsoft reaction and mitigation

The malware leverages an exploit that had been previously patched in mid-March by Microsoft and assigned the designation MS17-010. The company and took the unusual step to provide patches for all currently supported Windows along with Windows XP, Windows 8 and Windows Server 2003 versions.

Microsoft also recommends disabling SMBv1 and firewalling SMB ports 139 and 445 from the outside Internet. If you haven’t been doing these things, you have a lot of other problems besides WannaCry.

Microsoft’s president posted an op/ed blog piece saying “this attack demonstrates the degree to which cybersecurity has become a shared responsibility between tech companies and customers. The fact that so many computers remained vulnerable two months after the release of a patch illustrates this aspect. Users are fighting the problems of the present with tools from the past.” Speaking of the past, they didn’t mention how many people are still running ancient versions of Windows such as XP, but at least should be commended for having patches for these older systems.

Numerous security vendors have posted updates to their endpoint and network protection tools that will catch WannaCry, or at least the last known variant of it. And that is the issue: the hackers are good at morphing malware into something new that can pass by the defensive blocks. One interesting tool is this Python script that will detect and remove DoublePulsarexploits. That was the original NSA hack that can creates a backdoor to your system. In the meantime, as I said last week, hope is not a strategy.

Read More
Network World: Linksys Velop boosts home network throughput

I take a look at the Linksys Velop Wi-Fi access points. This is the third in my series of reviews for Network World on smart home devices. If you are going to invest in smart home tech, you want a solidly performing wireless network throughout your house. While I had some minor issues, the Velop delivered solid performance and I recommend its use, particularly if you have existing radio dead spots in your home or have to use multiple networks to cover your entire property. You can read the review here. 

Read More
Hope is not a strategy

In my day job as editor of the Inside Security email newsletter, I read a lot of infosec stories from various sources: some technical, some legal, some for beginners. But I was struck by reading this piece in Dark Reading this week by this sense of failing purpose, and how IT is at best at parity with our attackers.

The piece is by a security consultant, Mark Hardy. Entitled, 7 Steps to Fighting Ransomware, it does what it says, providing some practical advice for corporate IT managers on how to prepare for the coming attack. Make no mistake: it is coming. All it takes is one person and one careless click and your network is compromised.

Some of Hardy’s suggestions are pretty predictable: make sure your systems are kept up to date on patches. Segment your network to limit the exposed systems that an attacker can easily access. Backup frequently and move them offline for further protection. Yeah, yeah, we’ve heard it before. Some corporations actually do these things too.

But one suggestion stopped me in my tracks: Buy some Bitcoin to prepare in advance, in case you have to fork over the ransom on short notice. That was a chilling point to make because it says no matter how carefully you prepare, there is still the off chance that you may have missed something and will need to pay out the ransom.

This is what I mean when I say we are at parity with the bad guys. We are fighting an asymmetric war against them: they have the ability to penetrate our networks and steal our data with a vast array of tools that are only getting better and more finely crafted. There is malware that can operate in memory and hide by using bits and pieces of software already part of your operating system that is very difficult to detect. There is malware that changes its attack signature every second. There is malware that uses flaws in the operating system (such as one that was patched this week by Microsoft, ironically in its malware protection engine program). And there are malware kits that run completely in the cloud, so all it takes is money and a few commands to launch an attack.  So it is inevitable that someday your company will be hit, it is just a matter of when.

Security strategies are forged in the heat of battle when you realize that no matter how many spare copies or protective procedures, something went wrong: your copies are bad, you have mission-critical data lurking on some executive’s laptop that wasn’t part of the backup, or some phisher dangled some bait and succeeded. Game over.

I speak from sad experience. Not over ransomware, but a simple backup error. Many years ago I lost my mailing list server due to a flooded basement. All the content on my server was duplicated elsewhere, offsite, save for one thing: the actual names on my list. A pretty critical piece of information, don’t you think? If that server didn’t come back online (it did), I would be out of business. I didn’t have a spare copy of my list. All it took was a simple command to have that list of names. But somehow I forgot to include that in my workflow. Oops.

Hardy says, “Ransomware is a clear and present danger. Companies can no longer afford to take a wait-and-see attitude. If you’re vulnerable to ransomware and take no precautions to mitigate those vulnerabilities, then the only thing you’re relying upon to prevent an infection is hope — and hope is not a strategy.”  So stop hoping, and start preparing.

Read More
Understanding Auschwitz

One of the reasons why we came to Poland in the spring of 2017 was to visit Auschwitz. I have been to Dachau outside of Munich about 12 years ago, but even so was unprepared for this visit. The first hurdle was getting a ticket to the site. The problem: it was the week of Yom HaShoah, and the day we wanted to go was the day when thousands would be participating in the annual March of the Living. Various tour operators were sold out or said the place was closed, so we tried to get tickets for the following days, and they were also all sold out.

There are two ways to visit the place: one is by being part of a group tour, which is what the vast majority of people do. They take you from Krakow (usually), get you a guide that takes you around to the various exhibits and tells stories and answers your questions, and gets you back to your hotel. Two of the major tour operators — out of the dozens there are and

The other is as an individual. You have to make your own arrangements for the transportation to and from Krakow. There are four public bus companies that run frequent service from the main bus station directly to Auschwitz, and it takes about 90 minutes. There is also a train, but the Auschwitz station is a bit of a walk. We took the bus. If you go this route, you save money (bus tickets are 12-15 zl. each way) and there is no entrance fee. But you have to get there early (say around 9 am), as they sell out quickly of the walk-in tickets. Once you get to Auschwitz, you can sign up for their own tours that the museum offers if you wish, there are a dozen each day in various languages, listed as you enter like an airport departure screen. For some reason, these tours are different than the public tours that the museum has listed on its website. I don’t know why. Also, when you visit you can go to two sites: the original Auschwitz site, where the tickets are required, and Birkenau, where you can literally walk in without any prior arrangement.

Enough of the logistics. You can read this guide here which is very well researched, and offers more pro/con details. I mostly agree with the author’s recommendations. What you should know is that there are so many people walking around that it is easy to leave one tour and join another if you are there on your own. Which is what we did.

One of the guides we met was the patriarch of an Orthodox Jewish family from NYC telling his stories to his grandchildren about his experiences. We stayed with them for a bit, as he has been to the camps numerous times and gives organized tours to Jewish groups quite often. You can check out his website here.

At Dachau, there is some curation and exhibits, but mostly it is restored to what it would look like back during its use. You walk around and get a sense of what life was like back during the war. Everything is pretty much rebuilt, because the German officials in charge of that camp had time and the inclination to destroy most everything before the camp was liberated. I learned at Auschwitz that this was an individual decision: some officials were proud of their work and wanted to leave the place intact. At Auschwitz, much was destroyed. With the neighboring Birkenau camp (which is a couple of miles away), much was left alone.

Even the buildings that were intact after the war are now long gone: they weren’t constructed to last. At Birkenau you got to see the foundations and the remnants of two stone chimneys that remained at each barracks site. One guide told us that these primitive heating systems — essentially a small firebox attached to the chimney — were placed there just for show. They never were lit. People froze in the winter and boiled in the summers. Ironically, like Ozymandius, the stone chimneys remain standing.

Each barracks in the Auschwitz camp has been turned into a different museum exhibit, focusing on the particular national identity of the prisoners and the relief organization that was sponsoring the exhibit: so one hut might contain a memorial to the Dutch Jews, one to the Romanian Gypsies, one to the Poles, and so forth. Each exhibit is curated differently and some are designed simply, others are more elaborate. There is a lot to read, and I imagine that if you are with a group you don’t have much time to spend in each building, plus you spend a lot of time waiting to get in and out of the buildings as the place fills up. None of the buildings is set up in Auschwitz to show its original use: that is the case in Birkenau, where you can see how closely packed the inmates are housed, and how many barracks there are. It would take you probably 20 minutes to walk from one end to the other. If you want to read more from someone who does a better job describing the current state of the camps, check out what my colleague Shelly Palmer wrote in a post he did here in January.

Perhaps the most infamous part of the camps were the crematoria. They have been demolished at Birkenau and have been reduced to a pile of rubble (as you see here), made all the more somber by the thought of what happened there. At Auschwitz (and Dachau) they have been reconstructed, so you have some understanding of what they looked like.

In addition to these reconstructions, the most moving exhibit we saw on our visit was a temporary one about the crematoria were constructed, from a German engineering firm called Topf and Sons that still is in business today. I never really thought about this in engineering terms, and the problem they were faced with was that the gas chambers could kill more people than the Nazis could dispose of the bodies. These engineers developed higher-capacity crematoria. It was clear from the documents shown in this exhibit how complicit they were in this process and how cooperative they were in designing the ultimate killing machines used at the camps. In this brochure linked to this page above, you can see something interesting: The original engineering plans were unavailable for many years because the archives were purchased from a leading Holocaust denier. When he reviewed the plans, he eventually came around to accept the reality of what happened. Indeed, how anyone can deny that these events of the Holocaust took place is beyond me.

The horrors of the place are made even more so because you are actually there. The crumbling structures make it feel even more intense. Every Israeli school kid goes on a field trip to Auschwitz as part of their education. I think this is a good idea: I wish it was a part of my own education too.

Read More
What Schindler represents to us today

Krakow once had a very vibrant Jewish Quarter where tens of thousands of Jews lived before the war. Now there are virtually none, as in many other Polish and European cities. But their presence is very strongly felt: there are numerous synagogues within a few blocks of each other (this one shown here was used by the Nazis as a stable during the war), and remnants of places where they lived and owned businesses. That area of the city isn’t as renovated as other parts, although it does seem to be making a comeback.

My sister and I visited Krakow in the spring of 2017. If you go, you can choose to tour the city independently (which we did) or join one of the numerous tour groups that walk you around the city (which you can easily tag along). Krakow is the home of Oskar Schindler’s actual metalworking factory and is now a museum.  The factory which was featured so famously in the Speilberg movie is actually across the river from the original Jewish quarter. (BTW, Schindler had a second factory which is also being turned into a museum in what is now the Czech Republic).

If you go to the Krakow Schindler museum, go early especially if you want to see the place and have time to go your own pace. The problem is that the rooms are small, and the crowds large. It is well worth the visit, well curated with lots to read and videos to watch.

Be warned though that most of the place isn’t about Schindler, which I think is a good perspective. Instead, you see the progress of the war through Krakow and how they treated many of the residents subsequently. The exhibits document the original invasion of Krakow by the Nazis in the early part of WWII and how quickly they established control over the city and created the Jewish Ghetto. The number of artifacts from the wartime activities, the photos of both Polish and Germans involved, and street scenes was all overwhelming. I particularly liked the art projects that were created as contemplative spaces, and reminded me of the large Serra sculptures that put you inside of them.

The couple of rooms that documented the life of Schindler are also interesting.  What I learned is how he is a very complex person, that you may not have gotten the first time you read the book or saw the movie. Yes, he saved 1200 Jews and was honored for that later in life, well before the movie came out. (He died in the 1970s.)  But he wasn’t saving Jews just because he had a soft spot for us: he wanted free labor and wanted the profits. Granted, he spent the vast majority of his firm’s profits on bribes to keep his workers alive later on in the war.

He was also an entrepreneur but not a very good one. Almost all of his businesses eventually failed. He was a Nazi spy, joining the German intelligence agencies early on and spying against his fellow Czechs. He was arrested numerous times and barely managed to escape death himself. And he was a rogue, interested in wine, women and having a good time.

But it turns out understanding Schindler is a good entry point to learn more about the wartime era and its complexities. Many people were semi-complicit in terms of outwardly supporting Nazi policies but personally affected by helping to save Jews. Many profited by the wartime business, only to donate vast sums of money to Jewish causes and reparations or philanthropy. It is important to see the shades of gray here.

One tour guide told us that the Spielberg “Schindler’s List” movie (here is an alley that was used in the movie) was a big economic engine that began in the mid-1990s after the movie came out. While it has taken time for this development to get started it can be seen as a lot of construction is happening and the original Jewish Quarter of Krakow now has a solid bar/club scene which is always a sign that the neighborhood is on the way up. At the local flea market, one table was filled with Nazi memorabilia. Not sure if genuine or reproduction, but either way somewhat unsettling.

If Krakow has any downside, it is because it attracts too many tourists and the infrastructure just can’t support the hordes. The vast majority of tourists come there as part of groups and so the big attractions, such as the salt mine, Schindler’s factory and Auschwitz have to cater to them, leaving little opportunity for independent travelers such as Carrie and me to get in and maneuver around them. I guess this is a good problem to have but it means if you want to see these sites you need to plan a lot further ahead than we did.

Read More
Conflicted over Bialystok

My sister and I visited Bialystok, in NE Poland, as part of our discovery trip in the spring of 2017. Here is my report.

Our grandfather’s family comes from a small town about 20 miles from there. Luckily for us, he left before the outbreak of WWII and raised his kids in America. I tried to find out more information about his town (Zambrow) and get someone to show us around, but I wasn’t successful. So going to Bialystok was the next best thing: the town of about 300k people is famous for two of its residents who were the inventors of Esperanto and the polio vaccine. It has enough of a tourist infrastructure — but barely, especially for American Jewish tourists. More on that in a moment. It is a two hour train ride from Warsaw and the trains operate frequently, which is how we got there.

But it is a study of conflict, and that is an interesting part of our trip and could be part of your own, should you decide to go there. It is absent of the big-ticket items of Warsaw and Krakow that attract thousands of tourists. But it also absent of many of the things that an American Jew would want to see from the wartime years: the city was heavily bombed and the Jewish districts pretty much obliterated. The city once had Jews for half of its population: now there are almost none.

So the challenge of visiting someplace is understanding its history, and understanding the various layers of the city that you don’t see, along with the ones that are part of the modern fabric. Part of travel is discovering these new places and how they weave the old with the new. One of the reasons why I am drawn to Europe is that the old is very old, and the new is often very new. The contrasts are interesting. You see centuries-old structures next to new shopping malls and restaurants. Or renovations that incorporate both new and old in interesting and clever ways.

Let’s take as one example the Great Synagogue in Bialystok. It was built in 1913, replacing another structure on that spot that dated from the 1770s. In 1941, the Germans entered the city, rounded up 700 Jews, and brought them there. They then fire bombed the place, killing everyone inside and destroying the building. Here is a picture of me standing inside a replica of what was left of one of the domes of the building. You can see me standing in a parking lot, surrounded by a set of apartment blocks that were built in the 1950s.

It took us over an hour to find this memorial, even though we had all sorts of maps and brochures that mentioned it. And that is the conflict of Bialystok: yes, they did honor this terrible moment in their history. But it is almost an afterthought now, and that is sad and frustrating. Another former synagogue is now the HQ for the Esperanto society, which is somehow a fitting adaptive reuse. Their grand palace that was built in the 1700s was destroyed in the war, rebuilt in the 1950s by the Russians and is now their medical school. Again, somewhat appropriate reuse. But the difference is the palace is still palatial, and the grounds remind one of the grounds around many palaces, such as Versailles. The Great Synagogue was never rebuilt, and the memorial stands surrounded by parking spaces.

If you want to see more, here is a brochure for Jewish sites in and around Bialystok. But here is the problem: the brochure is several years old. Many of the sites mentioned in the guide don’t exist, have been significantly changed, because as I said there aren’t many Jews there now.

Should a Jew visit Bialystok? Yes, certainly, if you are interested in seeing these sorts of things. The restaurants are extremely cheap and good, the people friendly, the town square is lovely and there are numerous festivals that add lots of charm to the city. (We stayed in an excellent AirBnB BTW that was steps from all the major center-city attractions.) But be prepared to look long and hard to find the evidence of the past that connects our shared heritage.

Read More
Network World review: Smart home hubs from Google and Amazon

The first decision you need to make in your smart home journey is selecting the right ecosystem. By ecosystem, I mean the voice-activated smart hub that is used to deliver audio content from the Internet (such as news, weather, and answers to other queries) as well as the main interface with a variety of other smart home devices, such as lighting, thermostats and TVs. In this review I look at two of the three main hubs from Google (the white-topped taller unit on the right) and Amazon (the smaller black unit on the left) and how they stack up.

You can read my review in Network World here.

This is the second in a series of articles on how to successfully and securely deploy smart home technology. The first one can be found here.

Read More
Remembrance Day 2017

I was a teenager before I first even knew about the Holocaust. My parents never told me about it, and as a baby boomer growing up in the 1960s I didn’t learn about it in school. The numerous Holocaust museums that have sprung up in recent years didn’t exist either. Learning more about the Holocaust was one of my reasons for going on this trip to Poland with my sister in the spring of 2017.

Carrie and I didn’t plan our trip to spend Yom Ha Shoah/Holocaust Remembrance Day in Poland but I am glad we did. Last year she and I were in Israel for my daughter’s wedding, and first I want to tell you about that experience.

The day is a normal working day in Israel, as it is in most places around the world. Most of you probably don’t give it much thought or if you do this year it is because of certain ridiculous remarks earlier by Spicer. But in Israel there is a moment where everyone stops what they are doing, and sirens go off. You can’t miss it. I was walking around the center of Jerusalem with my friends, doing the normal touristy things that one does there. Traffic all over Israel comes to a standstill, and some people get out of their cars. The normal sounds of the city are replaced with the sounds of nature. It is somewhat eerie, somewhat beautiful, somewhat odd. You certainly will remember the moment if you are there. Carrie and her family were driving near Tel Aviv and listening to the radio, where the announcers tell you what to expect. (They are speaking Hebrew, so it didn’t much help her.) If you are on the freeway, people start pulling over early. If you have seen any videos of this, it looks like a science fiction movie. But it is very real. Anyway, that was last year.

As I said, this year Carrie and I were in Poland. We were in Krakow, and walking around the city. I wish I had gone to Auschwitz but we were told (incorrectly) that the site would be closed to the public and only people who were part of the March of the Living, which happens every year on that day, would be allowed in. I heard 20,000 people attended this march, but can’t verify that figure. We did get to go to the site the following day and I have posted some thoughts about that elsewhere.

While in Poland, I thought about the first time that I learned about the Holocaust — it was when I was 15, and with my family to visit Israel for the first time. We went to Yad Vashem, the museum of the Holocaust outside of Jerusalem. At that time it was a much smaller facility but the little that was there back then was very moving. As I said, I had no idea about the Holocaust– my parents weren’t direct survivors but both of their families had many members who perished then and they just decided not to say anything to their kids. I remember how annoyed I was about that decision and glad that at least I had some solid foundation to learn more.

Part of that desire was why I was motivated to go on this trip with Carrie — I wanted to see more of what happened during wartime firsthand. It is one thing to read books about the Holocaust and I have read many of them: some non-fiction, some deliberately fiction (meaning not written by deniers but using wartime fictional settings to tell a story). It is another thing to actually live in Europe and be reminded of this era all the time. Granted, a lot has changed: cities have been rebuilt. Monuments erected. But there are a lot of memories captured in many different places and different ways. These blog posts and pictures are to document my own search.

I can’t imagine what it must have been like, to be sure. I am glad that I went on my trip to Poland. There is perhaps no more complex Holocaust story than there: the country was quickly occupied by both Russians and Germans, saw many casualties of Jews and non-Jews, housed many of the concentration camps, and had many cities obliterated at different times. My trip was a beginning for me to learn more about our family roots, and start to see both the bigger picture and some of the nuances about those times.

What makes it hard when as a Holocaust tourist is the delicate balance between being morbid and sympathetic, being understanding and being judgemental, being nosy and being inquisitive. I learned a lot this past week.

Many Jews are taught to ask a lot of questions. (If you have any doubt, try one of this series of books in The Jewish Book of Why, one of my favorites.) That is how I dealt with, and still deal with the Holocaust today. This trip has raised many more questions than answers for me, which is a good thing.

It is a delicate balance because we didn’t live through it, and can’t possibly comprehend the horrors of the times. But I think it is important to learn more, which gets back to my frustration with my parents about not saying anything to us when we were growing up. That was their way of dealing with their loss, and I have to respect that.

I think Israelis have the right idea and glad that my daughter is getting their perspective first-hand. Take a few minutes out of your day, think about what happened during then. And if you have questions, find your own answers.

Read More
Thoughts on cybersecurity from Krishnan Chellakarai at Gilead Sciences

I spoke to Krishnan Chellakarai about his thoughts. He is currently the Director, IT Security & Privacy at Gilead Sciences and has been a security manager at several biotech firms in the past. One thing he is concerned about is the increasing threats from IoT. He gave me a theoretical example. “What happens if you are reading your emails on your Apple Watch and you click on a phished link. This could lead to a hacker gaining access to credentials and use this information to stealing information from your network.” As users bring in more Fitbits and other devices with Internet access to corporations, “every company needs to worry about this threat vector because it is a foot in the door.” This is part of a bigger trend, where “we have less data stored on individual devices, but there is more access” across the corporation. What this means is that there is “less visibility for IT security pros in case of an exploit.”

Certainly, some of the responsibility with keeping a firm’s infrastructure secure has to lie with each individual user. Chellakarai asks if “people ever look at their Gmail last account activity in the right bottom corner?” Or do we ever click on the security link that pops up when you are signed in to your account from multiple places? This is food for thought. “IT managers need to put some common sense controls in place so they can have better network visibility,” he says. Another example: when was the last time anyone checked their printer firmware or other legacy devices to ensure that they have brought up to their latest versions. “It is time to stop thinking of security after an app is built, and start thinking about security from the beginning, when you are planning your architecture and building your apps.”

Chellakarai says, “One of my first things when I start working for a new company is to do a data analysis and network baseline, so that I can understand what is going on across my infrastructure. It is so critical to do this, and especially when you join a company. I look at policies that aren’t being enforced and other loopholes too. Then I can prioritize and focus on the risks that I find.”

Like what you are reading?

Subscribe to Inside Security!

Read More
1 2 3 189