The Sheepdog Coalition

PhotobucketPhotobucketPhotobucketPhotobucketPhotobucketPhotobucketPhotobucket
Advertise with us! For opportunities email our Admin.

Wednesday, October 19, 2011

Sector 2011 Debrief

The CSD crew is composed of all kinds of contributors from different walks of life and professions. Some of us are lucky enough to live and breathe this stuff professionally; as such, we get to attend fancy industry conferences that discuss varying aspects of our differing professions, but which can readily be tied to the Sheepdog mentality.

I had the priviledge to attend one such conference, the annual SecTor security conference in Toronto, Ontario, which ran on Tuesday and Wednesday of this week and wrapped up just a few minutes ago. SecTor, short for "Security Toronto", is an annual event that brings together information security professionals from across Canada, with presentations from experts worldwide. As a result of what I experienced at this year's conference, I thought I'd take a couple of minutes to provide a summary of the lessons learned. If there's more interest in any individual subject area, let me know and I'll be happy to post something more detailed on the subject.

Top Things to Watch:

1) Despite glaring security risks, many companies are still finding new and innovative ways to expose your personal information. One of the latest trends involves "near field communications". NFC is insecure, period, but this hasn't stopped banks and other companies from enabling payment systems using contactless NFC technology. Watch for this to be heavily exploited in the near future.

Technology is neat. Don't get ripped off. Understand the risks and educate those who don't.

2) Espionage is Alive and Well. A well known and respected security research firm blew the whistle on a very interesting compromise that seems to have targetted Iran's nuclear program through a very complex attack that could only have been funded by a certain three-letter-agency in a purposely unnamed country. This attack was one of many, and many others have been exposed that are obviously being conducted by foreign governments. What's really interesting is that the attacks didn't target the usual targets...they targetted (and continue to target) employees in downstream material providers for defense contractors, which ultimately provides access to the final assembled components.

Foreign (and domestic) intelligence services will exploit the same social weaknesses as criminals, with a difference; big budgets. Don't for a moment think that anything on your computer, from your computer, or attached to your computer is safe from interception or exposure. Encrypt everything, and keep sensitive contingency plans off the grid.


3) Smartphones are Computers Too. Why don't we think of them as such? Android and Windows phones can be "weaponized" to create hacking platforms which can bypass many of the restrictions on our corporate networks. They can also be hacked, providing access to all the information on your phone. Passwords are good, but like anything, they won't stop a determined attacker. If it's sensitive, encrypt it, or better yet, keep it off your smartphone.

4) Any idiot can pick a lock. In fact, this idiot is surprisingly good at it. When presented with some simple lockpick tools and about 30 seconds of rudimentary instruction, I was able to pick a myriad of locks ranging from single tumbler training locks right up to 7 tumbler master locks. As a result of this, I no longer have any confidence in anything shy of a Medeco.

Bumping a lock can get through just about anything, but it often destroys the lock in the process. Doing it the old fashioned way leaves almost no traces...the implications should be obvious. The tools are available for purchase relatively cheaply, they're legal to own and use (unless you use them to commit a crime), and yes, at least to me, it's every bit as easy as you see on TV.

Of course, I ordered a set. They'll occupy a covetted spot in my bugout bag.

2 comments:

  1. Regarding the lock picking, yes, easy to learn, kinda complicated to use well, takes time and practice, as well as regular currency practice, and I hard-core consider them as part of a survival kit/skill.

    Better than just buying a set, do what I did, make your own from commonly found materials. I haven't bought a set to this day, even though I learned the skill over two years ago. Best material? The windshield wiper blades that have a wide (~1/8" or so) flat spring in them (some have dual 2mm sppring pieces which are useless), grind a shape similar to existing hooks, twist a tension wrench from another peice, and work with that. If SHTF and you lose your BOB, you lose a piece of valuable gear. Learn to make your own and what shapes work best (the one I'm most skilled with is the simple rounded hook, second but less skilled with, but works well at times is the pick shaped like a Kris knife).

    Much like learning to make knives with basic materials and equipment (much like I learned to make knives early on before I got a little farther into keeping it simple, but more efficient for a better improved result, I can make a knife from most materials and figure out a means to get it to hold somewhat of an edge, at least long enough to serve whatever nasty purpose I may need one for, lock picks can be done the same with VERY basic tools, a pair of pliers, a cinder block, and time...........)

    ReplyDelete
  2. http://www.engadget.com/2007/07/19/the-lockdown-the-medeco-m3-meets-the-perilous-paper-clip/
    http://www.wired.com/threatlevel/2008/08/medeco-locks-cr/

    ReplyDelete