Avast blog: A Bruce Schneier reader

Posted on by
Reply

Bruce Schneier’s work has withstood the test of time and is still relevant today.

If you’re looking for recommendations for infosec books to give to a colleague – or even to catch up on some holiday reading of your own – here’s a suggestion: Take a closer look at the oeuvre of Bruce Schneier, a cryptographer and privacy specialist who has been writing about the topic for more than 30 years and has his own blog that publishes interesting links to security-related events, strategies and failures that you should follow. In my blog post for Avast today, I review some of his books.

Book review: A Small Affair by Flora Collins

Posted on by
Reply

This was a difficult novel for me to get into for some reason. You don’t really know the four central women that are part of a very toxic and twisted relationship: Two are sisters, both interested at different times in the same man, one of whom she marries and is about to have her second child with when they are both found early on in the book dead in their house. The other two women are friends of the sisters at varying times over the course of ten years. One of them was the murdered husband’s lover shortly before his death, and is eviscerated by the press over that relationship. It took me several tries to get past the first couple of chapters before I could interested in the book, and then the plot thickens. We find out what happened the night of the murder, how the four were introduced, how their lives took various turns and how this novel is really the poster child for bad friendships and relationships. The venality of the women involved is breathtaking and fascinating — it is like watching a huge traffic pile-up on a snowy freeway — but the setting in the modern social media era where oversharing your life can lead to disasterous consequences rings quite true.

 

Avast blog: An update on international data privacy protection

Posted on by
Reply

The 38 member countries of the Organization for Economic Cooperation and Development (OECD) have recently adopted a new international agreement regulating government access to its citizens’ private data. The OECD draws on its membership from countries on several continents, including the US, Israel, Japan, Chile, the Czech Republic, and the UK. The document was released with the rather ungainly title of the “Declaration on Government Access to Personal Data Held by Private Sector Entities.”

There are seven common principles that were adopted, all in the interest of serving to the free flow of data across country borders and promoting trust between citizens and their governments.

You can read more on my post for Avast’s blog today.

Bitcoin for banks takes hold

Posted on by
1

CBD is not what you think it is. I know many of us think that CBD has something to do with drugs, but another version of the abbreviation has to do with central bank digital currencies or CBDC to be more accurate. As the legal spectacle of  Sam Bankman-Fried of FTX unwinds in various courts, it might be time to focus our attention on CBDC and how the world’s banks are moving quickly into this legal type of cryptocurrency — call it bitcoin for banks if I want to be cute about it.

The idea is taking hold around the world. The Atlantic Council keeps track of these projects and to date 11 countries have active CBDC programs, mostly in the Caribbean plus Jamaica, Bahamas, and Nigeria. Yes, that Nigerian prince wants your bitcoins! How ironic can that be? Another 17 countries are engaged in pilot projects, most notably in China (which intends to expand its pilot from 230M people to cover the remainder of its population in 2023) and other parts of Asia along with several in the Middle East, including Saudi Arabia, UAE and Iran. And Australia, Thailand, Brazil, India, South Korea and Russia intend to continue or begin pilot CBDC testing in 2023.

CDBC has a lot of different reasons for this growth spurt.

  • First off, banks want to be a safer source of crypto. Certainly, a central bank moves slowly because they have to. But there is a lot of appeal and they want to be involved.
  • They also want to promote financial inclusion by providing easy and safer access to money for their unbanked and underbanked populations. Governments and central banks realized they needed a faster way to get money in people’s hands.
  • They can introduce competition and resilience in the domestic payments market, which might need incentives to provide cheaper and better access to money. This is not a new idea: net-based payments have been around since the 1990s. But the central banks could help make payments more efficient and also lower transaction costs.
  • CBDC also can help create a new category of programmable money, through smart contracts and other new payment automation methods.
  • The banks see an opportunity to improve transparency in money flows and make these flows more seamless.
  • The open source community has responded. MIT is spearheading an “Open CBDC” effort that has the US Fed’s interest.
  • Finally, the banks need to have better ways to transfer funds internationally. A cross-country CBDC system could be the solution, avoiding any need for the SWIFT system. The Ukraine war has also motivated banks to get on board with better international tracking methods that a cryptocurrency could provide.

CBDC isn’t for every country: there have been two cancelled projects so far — in Senegal and Ecuador — but that is to be expected.

“A CBDC could be an opportunity for a ground-up redesign of our legacy payment systems, offering a chance to reimagine market roles and incentives and to solve foundational problems in our financial system,” as the OpenCDBC project writes in their FAQ. The trick is navigating the numerous challenges around protecting user and payment data, understanding the resulting impacts to financial stability, and to properly leverage the current innovation in the private crypto sector. Certainly, that is a lot to consider.

Avast blog: DoD supply chain lessons learned

Posted on by
Reply

A July 2022 survey of 300 U.S. Department of Defense (DoD) IT contractors shows a woeful lack of information security in the majority of situations. These contractors are part of the DoD’s supply chain that, in typical government speak, is labeled the Defense Industrial Base (DIB). The report should be a warning even for those technology contractors that don’t do any DoD work, as I explain in my latest blog for Avast.

 

Book review: The boys from Biloxi by John Grisham

Posted on by
Reply

The boys in this novel are from two families and tracks their lives. One chooses a life of crime, the other of public service. We see the boys as they compete in school sports together and then gradually grow apart into their respective careers. One of the things that I like about Grisham is that his characters seem so true-to-life: we are witness to their triumphs and challenges, loves and friendships both won and lost to moments of critical decisions and fate, The plot takes place in and around Biloxi Miss. and the decades around its infamous coastal “strip” of bars, brothels, and gambling parlors. I found the book as engaging as his other novels, and while a bit heavy on the court scenes, no more so than necessary to move the narrative and characters along. Highly recommended.

Avast blog: International police operation takes down iSpoof

Posted on by
1

Last week, an international group of law enforcement agencies took down one of the biggest criminal operators of a spoofing-as-a-service enterprise. Called iSpoof, it collected more than $120M from victims across Europe, Australia, Ukraine, Canada, and the United States. During the 16 months of the site’s operation, the group took in more than $3.8M in fees from its victims. In my blog for Avast, I summarize what happened, why this gang was so significant, and how spoofing has gotten more advanced over the years since those early days when Paris Hilton spoofed her friend’s cellphone.

Skynet as evil chatbot

Posted on by
4

Building the Real Skynet - The New StackWhen we first thought about the plausible future of a real Skynet, many of us assumed it would take the form of a mainframe or room-sized computer that would be firing death rays to eliminate us puny humans. But now the concept has taken a much more insidious form as — a chatbot?

Don’t laugh. It could happen. AI-based chatbots have gotten so good, they are being used in clever ways: to write poems, songs, and TV scripts, to answering trivia questions and even writing computer code. An earlier version was great at penning Twitter-ready misinformation.

The latest version is called ChatGPT which is created by OpenAI and based on its autocomplete text generator GPT-3.5. One author turned it loose on trying to write a story pitch.Yikes!

The first skirmish happened recently over at Stack Overflow, a website that is used by coders to find answers to common programming problems. Trouble is, ChatGPT’s answers are so good that they at first blush seem right, but upon further analysis, they are wrong. Conspiracy theories abound. But for now, Stack Overflow has banned the bot from its forums. “ChatGPT makes it too easy for users to generate responses and flood the site with answers that seem correct at first glance but are often wrong on close examination,” according to this post over on The Verge. The site has been flooded by thousands of bot-generated answers, making it difficult for moderators to sift through them.

It may be time to welcome our new AI-based overlords.

Avast blog: Review of “The Chaos Machine” by Max Fisher on the evolution of social media toxicity

Posted on by
Reply

The Chaos Machine: The Inside Story of How Social Media Rewired Our Minds and Our WorldWith the reinstatement of previously banned Twitter luminaries including Donald Trump and Kathy Griffin, this is a good time to do further research into the role of social media in our public discourse. The recent book by Max Fisher, The Chaos Machine: The Inside Story of How Social Media Rewired Our Minds and Our World, should be on everyone’s reading list. His book documents the rise of social networking for the past decade and shows its highly influential role in society. Fisher is a reporter for the New York Times who has covered its effects for many years.

I review his book for my blog for Avast here. I highly recommend it, even if you think you have been following along the evolution — some would say the devolution — of social media.

One solution is from Google’s Jigsaw unit, who has a couple of experimental tools freely available, such as the Tune browser extension that can be used to filter the most toxic discussions.

Listening to the OG IT managers, part 3: It’s all about the people, not the tech

Posted on by
1

If you are just tuning in to my series highlighting some of my long-time IT manager sources, see part 1 where I introduce them and part 2 where I talk about some of their more memorable purchases. In this edition, I want to talk about the people behind all the gear.

Erica Wilson has had many career transitions “but I’d have to say taking on a CISO role was certainly a good experience. I learned a LOT about myself and why having a people-first mindset – supporting their wellbeing and growth — needs to be critical for all organizations. By doing so, with a small but mighty team we were able to accomplish some amazing things.”

Adam Kuhn told me that looking at all his career transitions, “My biggest failure was staying in positions too long.” Like many of my sources, he considers himself a lifelong learner and likes to learn about new technology. When you stop learning, it is time to find new challenges

Gayle Barton told me, “It’s fun to look back at the great projects and fun tools I’ve used, but it’s the people that I remember more often, and especially the people I had the opportunity to help, hire, mentor, or promote. I get the most pleasure from the opportunities I’ve had to hire people I think someone else might have overlooked, to move people forward on their career path, or to mentor students and help them see new possibilities. For the most part, I made some pretty great hires.” When she was at Springfield College she remembers: “They had never had a person designated to help faculty with using technology in teaching, and you can imagine the state of technology use in the classroom. I was able to create a position for an instructional technologist but the pay was low and the pool of applicants was very small. We ended up with a experienced high school teacher who had taught Microsoft Word to hundreds or thousands of students, and was looking for a career change, and I thought that if she could answer the same Word questions over and over, she could teach our faculty to use a new learning management system. She turned out to be great.”

She mentioned several other people who were special to her:

  • The English professor who was finally able to publish his life’s work with the help of a custom database. 
  • The 18 year-old administrative assistant who is now her university’s Director of Campus Services and Outreach. 
  • The former copier repair technician who is on his way to becoming a great network engineer. 
  • The people who Gayle nudged out of management positions, who were more successful and happier in new roles and actually thanked her later. 
  • The man who wanted to get home from the Middle East and who rebuilt a campus’ dying infrastructure. She said, “He has skills that I don’t, but I could sell the vision, ask hard questions, and remove obstacles. Together we put that university on a solid path forward, and it was a wonderful way to end my professional career.”

Gayle told me that “it was mostly great fun, but I am happy to be retired and to let someone else have a turn!”

David Goodman came to the CIO for the International Rescue Committee to create a functional and more business-oriented IT organization. “It was both the high and low points of my career and I doubled the headquarters department during my tenure. But when it came time to develop and implement a longer-term plan, my CEO just didn’t trust me. He rejected my plan and I had to leave. I realized I wasn’t the right guy to implement this plan. My core strength was as a turnaround guy to fix things.” That job helped him understand that “Work doesn’t define who I am. I found out that I had lots of value outside of work. And I was able to have a lot healthier attitude about work later on.”

David continues: “You were an enormous mentor and helped me early on in my career. You believed in me before I understood what I could do and taught me to take what the tech vendors said with lots of grains of salt. You have touched a lot of people and had a front-row seat to the industry and significant historical moments.”

Thanks David, and thanks to all of my sources for making my job so much fun and so rewarding. It has been a great 30 years, and I am glad to have played such a role for so many people, and hope you have enjoyed reading their stories.