JerryGamblin.com

Aug 22

Applying Kindergarten Rules To Security Professionals

My son came home from his  first full week of Kindergarten this week and had a list “learning targets" that lined up amazingly well with what we should be doing as security professionals.

I can use pictures to predict story content.
Being able to understand what is going on if we only have half the information is an invaluable skill for security professionals.

I can listen and follow directions.
Do you folllow your companies own security policies or have you exempted yourself from them because you are special?

I can use an appropriate voice level.
Have you mastered when a security incident a real emergency and is worth yelling about and when it is OK to wait to talk about it?

I can say the name of my classmates.
Can you name 90% of the people who work in your building (or for your company)?

I can have fun while learning.
Is your job still fun? 

image

Aug 11

An Honest Message from Your Security Guy.

This morning I readAn Honest Message from Your IT Guy” and was kind of amused and disappointed and thought I should pen “An Honest Message from Your Security Guy” as a rebuttal.

I am here to help.
Seriously.  I know the average IT guy can come across as a jerk but I work really hard to be a nice guy.  If it wasn’t for you I would be selling insurance to over the road exotic animal movers.   

Please don’t lie to me. 
To paraphrase Jay-Z “”Men lie, women lie, logs don’t.”

While you swear you never visit “OfficeSupplies.XXX” we log all the traffic that leaves the network and I know for a fact you have a thing for swing line heavy duty staplers.   It is cool… I am not here to judge but when your PC gets a virus and I have to come fix it and you have deleted your browsing history and tell me you were reading up on ancient roman birthday cakes it makes my job a little harder.

No. I don’t trust you.
I have done this job for over 10 years and I don’t think anyone has actually ever told me the truth when I asked what they were doing when their PC was infected.

No. I don’t trust you.
You cannot be a local admin on your PC.  Doing so puts us both at a risk we don’t need.   I don’t even have admin rights on my PC.

No. I don’t trust the IT guys.
Don’t feel bad.  I really don’t trust the IT guys. 50% of my job is to “Watch the Watchers” and they try to get away with more stuff than you do.

Yes, I think those password requirements are ridiculous, too.
Our password policy should be much stronger because when (not if) our passwords get hacked I prefer it to take more processing power than your average 7th grader has available to crack them.

I am here to help.
Above all my job is to help you do your job securely. If you have a question or a problem I am here to help you.

Aug 08

Facebook Messenger is not spying on you.

Over the last couple of days I have seen a bunch of people post a link to this blog post about how the new Facebook Messenger “crosses the line” when it comes to the permissions it asks for.  

Yes, the Facebook Messenger app requests these permissions:

There are plenty of legitimate reasons for requesting these permissions. Messenger needs access to your camera so that you can take and send pictures. It needs to access your microphone so that you can use the app to make free phone calls. Etc.

These kinds of sweeping permissions are also extremely common in Android because of the “open” nature of the OS. Even the most vanilla apps collect extraordinary amounts of personal data.  Most weather apps keep a detailed GPS log of everywhere you have been in order to display the local weather (law enforcement agents really like this feature).

My advice to you is dont freak out and delete Facebook messenger and to  audit the rights on your Android using a tool similar to Permission Explorer removing rights that you think  “crosses the line”.

If you are still worried about it you should buy an iPhone. The iPhone security is much more locked down than Android.

Aug 05

Walmart Savings Catcher

If you do your grocery shopping at WalMart like I do you will want to start using the Walmart Savings Catcher program.

It is extremely easy to use:

On my first time using it I saved $2.35. I am guessing I will save close to about $150 a year using this program that I normally wouldn’t have.

Aug 04

Soooo Tired….

For the last year my doctors have been worried about my moderately high blood pressure.  A few weeks ago after a bad migraine attack and a huge spike in my blood pressure my doctor decided to put me on blood pressure medicine to lower it.

I have made these handy charts of my average energy level before and after I started taking the blood pressure medicine.


The good news is my blood pressure is in a normal range and I am not going to have a stroke.  The bad news is I feel like 70 year old man and am ready for bed about 8.

I wonder if this is what normal people feel like all the time?

Jul 24

Please Turn On Two Factor Authentication.

About once a month I will get a call from someone who is upset because their account was hacked and wants to know what they can do to stop it from happening in the future.  The truth is enabling two factor authentication (2FA) is one of the best things you can do to make sure your accounts don’t get hacked.  

Here is a list of popular services where you should enable 2FA:

You should also check out twofactorauth.org to see if other accounts you use have the ability.

Jul 16

[video]

Jul 12

Is the data on your phone worth $400?

I have a Samsung S3 that decided it wouldn’t boot on Wednesday.  After talking to the very helpful people at Samsung they decided that they can replace my phone for me but I need to send them my broken phone.

Awesome!

But…

All my data is on my phone. All my email. All my passwords. All my texts. All my pictures. I have backups and I have a password on my phone but I still have to send my phone back to a company who could access it if they wanted to. 

So what is a security professional to do?  Normally I would just wipe my phone and send it in but since that isn’t an option I am stuck with either keeping a $400 brick or possibly exposing my data to Samsung.

I guess I have a $400 brick.

Jul 07

The Missouri Capitol on the 4th.

The Missouri Capitol on the 4th.

Jul 03

Activate “GodMode” in Windows

GodMode is a control panel In (Windows 7 and Windows 8) that brings together all of the customization settings to one place.

To activate “GodMode” do the following:

Step 1: Right click on the desktop

Step 2: Click create folder.

Step 3: Name the new folder: GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}  and press enter.

Step 4: The folder changes form a folder icon to a control panel icon.



Step 5: Open the folder and you have your god mode control panel.

Jun 23

How to protect your social media accounts.

Earlier today I was asked to come up with the best way to keep your social media accounts secure.  Here are 5 easy ways to protect your social media accounts:

Update accounts with unique, complex passwords.
Complex passwords will contain a combination of upper and lower case letters, symbols and numbers, and have at least ten characters.

Change your password often.
No matter how complex your password is it is necessary to change it regularly.  Normally I suggest changing your social media passwords two times a year.

Enable Two Factor Authentication.
Google, Facebook and Twitter all offer two factor authentication.  Enabling it allows these services to know that it is you logging into your account and not someone else.

Review apps and add-ons regularly.
Review all apps and add-ons associated with your social media accounts at regular intervals. Remove apps and add-ons you no longer use or post to your social media accounts without your permission.

Log out.
Remember to log out when you are finished using it. It is an easy and highly effective step to protect your account.

Jun 07

The Alton Brown Skirt Steak

I made the Alton Brown Skirt Steak on coals tonight. It was really good but next time I make it I will leave it on another minute to get it medium-rare instead of rare. 

Here are a couple of pictures:

image

image

image

image

image

May 28

The No No Rule

In two weeks I am on a career panel for a group of high school kids interested in technology careers. They sent a list of discussion questions they were going to use to get the conversation started and one of them was:

What does it take to be successful in information technology?

The answer to this question I always give is:

If you want to be successful in information technology and life in general you need to implement the no no rule.

The no no rule is extremely simple:  When asked a question your first response should never be no. 

The two none yes responses I use are:

1) Ask for more information or clarification.
2) Ask for time to research a solution.
 
In a lot of cases (especially in security) after you ask for clarification or time to research the answer may still be no but you will have given the question some real thought and understanding and the person making the request wont feel like you are ignoring them.  A lot of information technology professionals get a bad reputation because they say no to often.

May 26

In Flanders Fields…

My son asked me on Saturday as we were going into the store why an old guy was selling flowers.  It gave me an opportunity to tell him about the “true meaning” of Memorial Day and explain to him that some of our bravest hero’s don’t get to come home.

So today I will be spending sometime thinking about the people who gave everything.

In Flanders fields the poppies blow
      Between the crosses, row on row,
   That mark our place; and in the sky
   The larks, still bravely singing, fly
Scarce heard amid the guns below.

We are the Dead. Short days ago
We lived, felt dawn, saw sunset glow,
   Loved and were loved, and now we lie
         In Flanders fields.

Take up our quarrel with the foe:
To you from failing hands we throw
   The torch; be yours to hold it high.
   If ye break faith with us who die
We shall not sleep, though poppies grow
         In Flanders fields.

                        - John McCrae, May 1915

May 21

[video]