Successful leaders see the opportunities in every difficulty rather than the difficulty in every opportunity.
Blog Posts
From time to time I get called by small organizations, law firms and companies in my local area to do some consulting on security issues. Yesterday afternoon <redacted organization> called me and told me they were getting this pop up on one of their computers:
That pop-up is known as CryptoLocker and once your machine is infected with CryptoLocker it will then begin to scan all physical or mapped network drives on your computer for common picture and office files and when it finds these types of files it encrypts them with a basically unbreakable encryption and gives you 72 hours to send them $300 or they will destroy the key to unlock your files.
I had a hard time figuring out what to suggest <redacted organization> do. They only backed up their files on Friday evenings and so they were looking at loosing 3 full days worth of work if they didn’t pay.
After a lot of back and fourth they decided that it was worth a $300 gamble to try to pay off the hackers knowing that it might not work. So they went down to WalMart and bought a Green Dot MoneyPak loaded with $300 and followed the somewhat complicated instructions to transfer the money.
<redacted organization>’s IT guy called me this morning when he got back into the office and said their files had been decrypted successfully and they removed the infected machine from the network.
I think this is a turning point in Security. There were some steps that <redacted organization> could have done to protect themselves better:
- Better Share Managment
- Better E-Mail Filtering
- Better AV
- Better Backup Schedule
- Security Awareness Training
Overall <redacted organization> is just a normal small company though. They try to be security aware but they dont have the time or resources to do everything the way they should and in the end it made sense for them to pay $300 to recover their files.
If I had to guess Cryptolocker is just the start of a wave of malware that holds your files hostage until you pay. I dont like it but I doubt this is the last company I help pay off hackers.
If you want to win, stop underestimating others.
Sometimes the questions are complicated and the answers are simple.
Either you run the day or the day runs you.
I’d rather be a failure in something that I love than a success in something that I hate.
People always need empathy before advice.
You write your own destiny.
One of my close British friends said I had one of the most naturally ebullient personalities of anyone he ever met. After I looked up the word “ebullient” to make sure he wasn’t insulting me I came to understand that it defines my character better than any other single English word.
Cheerful and full of energy is exactly what I am… It is also exactly what my 4 year old hockey playing, gun shooting, dad wrestling, mom kissing, pumpkin growing, four wheeler driving son is.
He started preschool last month and he gets a color code for the day that describes how his day was. Red is an excellent day, Orange is a good day, Yellow is an OK Day and Green means that he tried to form his own terrorist cell in the classroom and overthrow the school.
Mostly he gets Red days but sometimes like yesterday he slips to Orange (or Yellow).
I don’t like it when he isn’t “perfect” and gets a non-red day. I talk to him about it and threaten to take away McDonalds, or his tablet, or just about anything I can to make him behave in class. The truth is though walking slow and playing when they shouldn’t is what four year old boys with naturally ebullient personalities do.
I have (unreasonably) high expectations for my son to excel in academics, sports, relationships, and life. I just have to remind myself that he can have those things but that he is always going to be like me and talk when he shouldn’t, run when he should walk, be the loudest guy in the room and get wrapped up in playing and not know when to stop.
The hardest part about raising a son is when you realize that he is just like you and that there is nothing wrong with it.
I was lucky enough to spend last week in London attending one of the best organized and friendly conferences I have ever had the pleasure of speaking at. 44CON has the DerbyCon “All in The Family” model of a small intimate conference down with a crew that DefCon would die to have.
I arrived in London on Tuesday morning and spent Tuesday and Wednesday riding the tube and checking out the hottest tourist spots in London:
I even found my families British Coat of Arms (or was ripped off by a tourist trap):
By late Wednesday afternoon when I made it back to the hotel I was tired and had caught a nasty cold that gave me the title of patient zero of 44Con-Flu.
Thursday I rolled out of bed just in time to walk over to the conference center and get into the green room before my talk on “Security Lessons from Dictators” was going to start. I was sure I was going to be the first person to ever throw up on stage at 44CON but Dominic Spill saved me by awesomely running to tesco and getting me a vitamin water and a Lucozade (which is an English miracle drug). I made it through my talk which was very well received and back into bed for a 5 hour nap before I showed back up for the InfoSec vs Technical panel that was extremely fun to be part of.
I was doing a little better by Friday and was able to catch most of the hidden track talks which due to the Chatham House Rule I think I can only tell you were extremely awesome.
Steve and Adrian have a really good thing going on in London and if you have a chance to attend, speak at or sneak into 44con in the near future I would suggest that you do it.