Intuition & Elbow Grease™

Tell me if you’ve heard this one before…

Looks like my ATT statement is ready, and isn’t nice of them to send me an email notification?  But uh-oh!  Look how much that bill is for!  Surely someone’s made an error!  I’d better click on that link and get this straightened out, pronto!

Ok, let’s stop here for a moment and assess some clues here:

1. I think someone once said “Never click links in emails from people I don’t know”
2. But I know who AT&T is, so this is ok right?

A closer look at the source code for the email shows the following:

<br>

Log in to online account management to view

your bill and bill notices, maintain your

email account or make a payment. If you are

not registered for online account

management, you must do so to view and print

your full bill and bill notices at <a

href=”hxxp://not.an.att.domain.name/wp-content/plugins/mm-forms-community/upload/temp/info.html” style=” color:

rgb(6, 122, 180); text-decoration: none;”>www.att.com/managemyaccount</a>.<br>

Log in to online account management to view

your bill, maintain your email account or

make a payment.<br>

Yeah, that’s not an ATT address in the link.  (fyi – I changed the url from the actual, malicious link)   Yet another phishing attempt.  Crafty bastards are getting pretty good at making these emails look real, but they did a lousy job obfuscating the links in the email. (in fact there’s no obfuscation at all except for the fact that the email is in html)

The lesson here:  No matter how legit the email looks, never ever click links in an email.   If I were an actual AT&T customer the right thing to do would be to open a browser, navigate to the AT&T home page using the correct address instead of relying on one supplied via email and login to view my account.

I just received a fraudulent email claiming that my LinkedIn account was locked out.  At first glance the sender appeared legit as did the body of the email and the link that I was supposed to click on to reset my password.

Reviewing the raw source of the email showed that it was bogus.  (that and the obvious fact that I could still log in to my LinkedIn account)

The link went to some web site (NOT LinkedIn)  that’s most likely designed to get me to enter my user credentials and if I had done that, then someone else would now have control of my Linkedin account.

Just because it looks legit, doesn’t mean that it is.   Don’t get all clicky just because someone sent you an email.

Here’s to the crazy ones. The misfits. The rebels. The troublemakers. The round pegs in the square holes.

The ones who see things differently. They’re not fond of rules. And they have no respect for the status quo. You can quote them, disagree with them, glorify or vilify them.

About the only thing you can’t do is ignore them. Because they change things. They invent. They imagine. They heal. They explore. They create. They inspire. They push the human race forward.

Maybe they have to be crazy.

How else can you stare at an empty canvas and see a work of art? Or sit in silence and hear a song that’s never been written? Or gaze at a red planet and see a laboratory on wheels?
We make tools for these kinds of people.
While some see them as the crazy ones, we see genius. Because the people who are crazy enough to think they can change the world, are the ones who do.

…and he did.

Rest in Peace, Steve Jobs 1955 – 2011

Lion (OSX 10.7) is now available, although I don’t feel compelled to upgrade. The Mac Minis have lost their optical drives. No more white Macbook (your choices are either an Air or a Pro for laptops now)

Not sure how I feel about the loss of the optical drives… On the one hand I think its a good thing in the long run, not many people use the drive for loading software and everyone (read: Netflix) seems to be pushing for streaming content to machines as opposed to physical media. On the other hand, I have a Mac Mini serving as my media center in our living room and we use the heck out the optical drive to watch DVD movies, both from our own library of DVD’s and places like Redbox (along with online media such as Hulu and Netflix)

Of course now that the optical drive has been removed, we now have the opportunity to put whatever type of external drive on the Mini that we want. Now if we could just get an inexpensive Blueray player and Blueray playback on the Mini, we’d be good to go!

From McAfee AvertLabs:

“McAfee is aware that a number of corporate customers have incurred a false positive error due to incorrect malware alerts. Our initial investigation indicates that the error can result in moderate to significant performance issues on systems running Windows XP Service Pack 3.

The 5958 DAT has been removed from McAfee download servers, preventing any further impact to corporate customers. McAfee teams are working with the highest priority to support impacted customers and plan to provide an update virus definition file shortly. You can view information at https://kc.mcafee.com/corporate/index?elq_mid=2362&elq_cid=757526&page=content&id=KB68780 (NOTE: system is currently slow) or the McAfee Community at http://community.mcafee.com/docs/DOC-1374/”

http://isc.sans.org/diary.html?storyid=8656

The current generation of cellular telephony products presents a wide range of potential risk to the corporate environment. From the simplest cell phones that could expose a corporate phone list, to more advanced cellular devices that are capable of storing and manipulating documents, to the latest smart phones that enable direct access to the network via 802.11 wireless connectivity (“WiFi”); the landscape for protecting corporate assets is wider and more varied than ever before.

Modern cell phone devices can be loosely categorized into three tiers based on the functionality of each device: basic, advanced, smart

1) Basic

a. Cell phones that only provide voice and messaging capabilities

2) Advanced

a. Cell phones that provide additional features such as GPS or multimedia capabilities

3) Smart

a. Cell phones that provide PDA functionality including document management and manipulation.

b. Provide alternative network access including 802.11 wireless networking capabilities.

The key difference in the way we view these various devices is that the most advanced of them are truly full featured computing devices and should be subjected to the same scrutiny and governance as any other mobile IT corporate asset such as a laptop. These new devices are capable of nearly every function of their larger counterparts including document storage and manipulation, web browsing, messaging and direct network access via WiFi. Additional and unforeseen functionality may be added with the addition of third-party applications. While these devices are similar in many ways to regular corporate assets, they differ in one fundamental way: size. Due to their small size the risk of loss or theft is significantly higher than their larger counterparts.

According to the document from NIST entitled “SP800-124: Guidelines on Cell Phone and PDA Security” an estimated 85,619 mobile phones and 21,460 PDAs were left behind in one Chicago taxi firm’s vehicles during the six-month period of the study, compared with only 4,425 laptops. One estimate given for the year 2007 was that approximately eight million phones would be lost. These numbers suggest that it is prudent to employ a more stringent security regiment for those cellular devices capable of carrying sensitive data to include data/disk encryption and remote wipe capabilities.

Just as the risks are varied depending on the type of device, so too, are the efforts employed to secure the devices. A basic cell phone may be best secured by merely enabling a screen-lock that requires that the user enters a pin number before accessing the device. More robust and feature-filled devices that are equipped with document management tools, WiFi and internet access require appropriately robust solutions, comparable to larger portable devices such as a laptop. These more advanced cellular devices should use the same types of security as would be recommended for a corporate laptop, including firewall, anti-virus, anti-malware, remote wipe capabilities, strong passwords and encryption at the file and disk levels.

Issues with Connectivity

With the addition of 802.11 and Bluetooth wireless connectivity to this new class of portable device, care should be exercised to limit potential exposure when utilizing these connections to connect to corporate assets or when transmitting business related information. Whether web-browsing or using email, an unsecured WiFi connection can lead to confidential data leakage. When sending information over WiFi make sure that the connection is encrypted whenever possible (such as with an SSL connection.) If data is being sent via insecure means such as email, care should be exercised to protect the data by utilizing encryption (even using a password-protected zip format will provide at least some protection)

An improperly secured Bluetooth link will allow an attacker to surreptitiously connect to the device and potentially download any and all information stored on it. Bluetooth pairing pin numbers should always be changed from their default values, or should be disabled when not in use.

Consideration should also be given to the possibility of the device being used as a proxy, allowing unauthorized connectivity to/from the internet by proxying the WiFi connection to the cellular data connection.

Methods of Protection

Due to the similarity in features that smart phones have with laptops it is reasonable to consider securing the device as if it were a laptop or any other corporate asset. That means employing a local firewall, anti-virus/anti-malware measures, encryption of corporate data, enabling VPN connectivity to access corporate assets, etc. Any non-essential services should be disabled when not in use (such as Bluetooth or WiFi)

These devices should also be subject to the same scrutiny and rigorous standards as other corporate devices and subject to the same policies and procedures regarding acceptable use, authorized software, password requirements, Internet policies, etc. Specific policies and procedures should be created to assist in the governance of these devices (including laptops) that would delineate the methods and tools used to enforce these recommendations.

Threats:

Security concerns for the different types of cell phones are cumulative starting with the ‘basic’ cell phone.

Basic Cell Phone Security Concerns

a. Loss, Theft, Disposal

b. Unauthorized Access/Usage

c. Eavesdropping

2) Advanced Cell Phone Security Concerns

a. Electronic Tracking

b. Server resident data

3) Smart Cell Phone Security Concerns

a. Malware

b. Data Interception or Access

c. Network Access

d. Should be regarded as a small form factor laptop for the purposes of security requiring the same methods of protection including anti-virus, anti-malware, etc.

Recap/Recommendations:

The amount of effort employed to secure each type of device should be commensurate with the potential risk associated with each class of device.

1) Basic and Advanced Cellular Phones

a. Employ the use of a screen lock password

b. Where possible enable backups of phone data to the network (via activesync or other methods)

2) Smart phones

a. Should be regarded as comparable to a laptop in regards to data exposure and potential risk and therefore should employ the same methods of protection.

b. Anti-virus measures should be installed and utilized.

c. Anti-malware measures should be installed and utilized.

d. Firewall software should be installed and active to prevent unauthorized connections to or from the device.

e. VPN connections should be used when connecting into the corporate network

f. Non-essential services (such as Bluetooth or WiFi) should be disabled when not in use.

g. Strong passwords or two-factor authentication should be used to secure access to the device’s networking connections.

Resources:

The security concerns delineated here are taken from various sources, primarily from NIST SP800-24 “Guidelines on Cell Phone and PDA Security” http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf

If you didn’t know it about me, I’m a very big fan of using text as my default method of storing information.  Whether it’s a note about the specific hex colors for a website, my daily tasks, projects or  todo lists, I keep them all in plaintext files.  I made the transition to text-only years ago when I ran into issues trying to move my palm-pilot memos to a new platform.  It took quite a bit of manipulation before finally being able to migrate my information from a proprietary format into one that is ubiquitous.  Plaintext is ultimately portable and can be taken everywhere.  I will always be able to read my plaintext files.  No, they’re not formatted all nice and pretty, but I can use html or some other markup language if I want to make them look nice.  No, my primary concern is that I can read them.  Twenty years from now, I am confident that whatever office suite word processor is in vogue, it will be able to read my meager text files.   Those old Wambulator 5 files?  I’m probably gonna be out of luck with those.

Emacs

Text editors are varied and many-flavored.  In the unix world, there are two primary editors: Vim and Emacs.  Both have their strengths and weaknesses.  (please, no need to get all huffy about it, I use both.  It’s true and I admit it: I am ambi-textrous)   For the quick editing of small scripts, notes, or log files I tend to favor the use of Vim.   I have a handful of basic Vim commands that I use constantly to edit and save files; a few commands such as search and replace functions that get used occasionally; and then there is a whole world of commands that I am completely unfamiliar with.  Vim Viewports is one such category of commands.

Did you know that the text editor Vim (which stands for Visual editor IMproved) is capable of providing a windowed editing page?   In Vim-land, these windows are called ‘viewports’   When you first invoke Vim from the unix command line you start out with a single viewport.

Vim - Single viewport

This is the default view that most users of Vim are used to seeing.   I’ve been using Vim (or it’s predecessor Vi) for well over a decade now and this single-viewport view is the only one I’ve used until very recently.   There are times when I want to be able to edit one file, while referencing another.  Before utilizing viewports, that meant opening another terminal, setting up another connection, and displaying the reference file using cat, less or more (depending on the system)

That all changed when I re-discovered the fact that Vim supports multiple viewports!  From the command mode of Vim (there are two modes; command mode and edit mode.  If you are unfamiliar with these concepts then this article is most likely not for you. Go learn some Vim basics over at the Vim homepage: http://www.vim.org/ then please come back!)

::ahem:: Where were we?

Vim - Three Viewports

Ah yes, from the command mode of Vim enter :split to split the current viewport horizontally.  Entering :vsp will split the window vertically.  Different text can then be loaded into each viewport using :e <filename>  Moving from one viewport to the next is accomplished using Ctrl-w Ctrl-w.  (that’s Ctrl-w twice, not a typo)   Or the standard Vim cursor movement keys modified with a Ctrl-w will also move you between viewports.  So Ctrl-w j will move you one viewport down, Ctrl-w k will move you one viewport up, and so on.  (for h j k l )

The content of each viewport can be swapped back and forth or rotated by using Ctrl-w r to move the current viewport contents to the right or Ctrl-w R to move the contents to the left.

It’s easy to open a bunch of viewports and have them all different sizes, making the contents difficult to read.  Issuing Ctrl-w = will resize all of the viewports, making them equal sizes (or as close as possible)

Some Vim commands for manipulating viewports

:sp|:split will split the Vim window horizontally.

:vsp|:vsplit will split the Vim window vertically.

Ctrl-w Ctrl-w moves between Vim viewports.

Ctrl-w j moves one viewport down.

Ctrl-w k moves one viewport up.

Ctrl-w h moves one viewport to the left.

Ctrl-w l moves one viewport to the right.

Ctrl-w = tells Vim to resize viewports to be of equal size.

Ctrl-w – reduce active viewport by one line.

Ctrl-w + increase active viewport by one line.

Ctrl-w q will close the active window.

Ctrl-w r will rotate windows to the right.

Ctrl-w R will rotate windows to the left.

Do you have a great Vim tip?  Or an <editor of your choice> tip?  Then be sure to comment below, I’d love to learn something new!