Google’s Driverless Car

Kawaii!!

Here are some questions to ask though.

What will become of the insurance industry if driverless cars become the norm?
Will it still be mandatory in the US to have car insurance?
What if someone hacks a car and drives it into a pole or worse, into a crowd? Who’s at fault?
Can someone get a ticket for not keeping their car patched?
Will police drive around with car vulnerability scanners?

Posted in Security Blog | Tagged , , , , | Comments Off on Google’s Driverless Car

Memorial Day 2014

We all went out to Lake Pleasant today and had a nice time out. For the time of year, the water sure was cold! After all these pictures, we met up with some old friends and some new. It was good to see part of the lake gang. We brought Darla with us and though she didn’t enjoy the water that much, she enjoyed being on the boat.

It was the first time we used the jeep to tow the boat and it did very well.

[AFG_gallery id=’28’]

Posted in Boating, life | Tagged | Comments Off on Memorial Day 2014

It’s Compliance Week: COSO

Technically, compliance week 2014 started yesterday.
What is compliance week? Well, It’s a gathering from Compliance Week Magazine that puts together a 3-day networking event. You can be reached out to by event sponsors, you can chat with senior-level compliance peers, and discuss compliance, ethics, audit, risk, privacy, etc…

Though I’m not going to this event, I have a feeling there will be talks about COSO 2013 changes. COSO stands for the Committee of Sponsoring Organizations of the Treadway Commission. COSO’s framework, is a voluntary private sector initiative dedicated to improving the organizational performance and governance through effective internal control, enterprise risk management, and fraud deterrence.

If you are audited by PwC, they will try to get you to adopt the COSO framework… They authored it.

Posted in Security Blog | Tagged , , , | Comments Off on It’s Compliance Week: COSO

The Ponemon Institute’s Data Breach Study

In my opinion, the Ponemon Institute’s Cost of Data Breach Study is eye-opening.
If you use a GRC tool that associates dollar amount loss per record, you should probably read this report and make the necessary changes. Increasing the cost per record can change the risk ranking of a security plan from a moderate risk to a high risk, based on your dollar amounts if you apply quantitative values.

Posted in Security Blog | Tagged , , , , , , , | Comments Off on The Ponemon Institute’s Data Breach Study

Pat & Courtney’s Baby Shower/Mother’s Day

We hosted Pat and Courtney’s baby shower and had a lot of fun. A lot of people came over and had a good time.

[AFG_gallery id=’27’]

The last 20 or so photos are of mom getting her Mother’s Day gift

Posted in life | Comments Off on Pat & Courtney’s Baby Shower/Mother’s Day

Intel: 4238 Years to Crack My Password

According to this website that Intel has created: https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html, it would take about 4238 years to crack my password.
-I-got-that-going-for-me

Which does make me wonder, it being Intel, that they are taking into account Moore’s law, which is the number of transistors on integrated circuits doubles approximately every two years.

Speaking of passwords, they:

  • Should be at least twelve characters long.
  • Do not contain your user name, real name, or company name.
  • Do not contain a complete word.
  • Should be significantly different from previous passwords.
  • Should contain characters from each of the following four categories:
    • Uppercase letters
      • A, B, C
    • Lowercase letters
      • a, b, c
    • Numbers
      • 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
    • Symbols found on the keyboard (all keyboard characters not defined as letters or numerals) and spaces
      • ` ~ ! @ # $ % ^ & * ( ) _ – + = { } [ ] \ | : ; ” ‘ < > , . ? /

I’ve actually had a lot of talks in regards to passwords recently, and not just because May 7th was World Password Day. Talks about using a password generator, a password safe, and even an disk encryption software.

Password programs, like Password Safe, which protects passwords with the Twofish encryption algorithm, was designed by the world reknown Bruce Schneier. Using this program, you can generate some complex passwords and quickly, and easily, use them.

Disk encryption programs like TrueCrypt, adding yet another layer of security to keeping your passwords safe… and portable if you wished. We discussed having our USB drives containing a hidden encrypted volume, then storing our password safes on there. Alternatively using a cloud storage, such as Google Drive, Box, or Dropbox.

Until we retire the password with an alternate, better solution, you have to keep in mind that passwords are the primary safeguard to all your finances, your insurance, your online social life, your voicemail, your identity… You keep your password safe, complex, hard to guess, and you make it just a little harder for the bad guys to get your stuff.

UPDATE: TRUECRYPT IS NOT SECURE

Posted in Security Blog | Tagged , , , , , , | Comments Off on Intel: 4238 Years to Crack My Password

Hackers Can Mess With Traffic Lights to Jam Roads and Reroute Cars

I tweeted this earlier today but didn’t have the chance to post the video. It immediately made me think of the 1995 movie, Hackers, with Jonny Lee Miller (aka Crash Override or Zero Cool) and Angelina Jolie. Ah, those were the good old days of science fiction. Now its a reality.

Here is the post in regards to the video above.
http://www.wired.com/2014/04/traffic-lights-hacking/

Posted in Security Blog | Tagged , , | Comments Off on Hackers Can Mess With Traffic Lights to Jam Roads and Reroute Cars

Managing Your Company’s Cyber-Crime Risk

This video is what should be shared with company board of directors. It’s broken down so that a business leader can better grasp it. On another note, this is the type of video that should be understood so that it is easier to communicate and add pressure to business leaders with investing in Cyber Security.

Compliance does not equate to security and assume that you can be a target. Devote adequate resources to defend your assets. This is a must for all businesses.

Know your vulnerabilities, accept that cyber security should be one of the highest priorities. Don’t wait until disaster has struck.

Posted in Security Blog | Tagged , , , , , , , , | Comments Off on Managing Your Company’s Cyber-Crime Risk

Quadcopter with Machine Guns

A big goal of security is to safeguard human lives. What if wars of the future are thousands of these? What if they are autonomous? Worse, what if they are susceptible to skyjacking, as Samy Kamkar demonstrates here?

The future of cyber wars will be an interesting one, no doubt. We’ve already started using Nano drones in military applications.

Posted in Security Blog | Tagged , , , , , , , | Comments Off on Quadcopter with Machine Guns

What Can InfoSec Learn from Video Games?

Dwayne Melancon the Chief Technology Officer at Tripwire

Adventure games make it easy for us to understand how our skills, weapons and countermeasures match up to the threats we expect to face. In this session, we’ll discuss models and lessons learned from video games that can be applied to infosec to help you better prepare for adversaries and learn from lost battles. After all, why shouldn’t your day job be fun and make you feel more like a hero?

From the RSA Conference on Youtube

Posted in Security Blog | Tagged , , , | Comments Off on What Can InfoSec Learn from Video Games?