The Office Survivalist – Surviving Natural Disasters when caught at Work

You see it in the news everyday. Natural disasters, terror attacks, even civil unrest. What do you do when something happens and you are at work? What if you could not make it back to your home and had to survive with just the things you have on you, or in your vehicle? What if you did not have access to food or drinkable water for several days? Could you survive?

My friend Richard covers all of these topics and more on his new website “The Office Survivalist”. Richard is a highly intelligent, and driven professional computer trainer for the DoD realm. A fellow cybersecurity fanatic and sharpshooter. And let’s not foget about his great sense of humor to boot!

On his site you will see exceptional articles about what to do when things go south and great videos on products that could keep you alive.  If you want to learn about surviving the unforeseen check out “The Office Survivalist.”

NASA Systems still Vulnerable to Attack even after Warnings

Serious security gaps were found in NASA computers during a recent security audit. According to MSNBC:

“Six computer servers associated with IT [information technology] assets that control spacecraft and contain critical data had vulnerabilities that would allow a remote attacker to take control of or render them unavailable,” the audit report released Monday by Inspector General Paul K. Martin said.

“The attacker could use the compromised computers to exploit other weaknesses we identified, a situation that could severely degrade or cripple NASA’s operations,” the report continued. “We also found network servers that revealed encryption keys, encrypted passwords, and user account information to potential attackers.”

Lets be realistic though, NASA is a very large organization and just by sheer volume would make securing all their systems a very daunting task. But also according to the article, NASA was specifically warned about security lapses and a plan was recommended for remediation:

“In a May 2010 audit report, we recommended that NASA immediately establish an IT security oversight program for this key network,” Monday’s report reads. “However, even though the agency concurred with the recommendation it remained unimplemented as of February 2011.”

I really find this stunning, as NASA has had a very long history with dealing with hackers. They have run the gamut from simple web defacements to more serious penetrations and data theft. A short list of attacks that NASA has faced includes:

  • 2001-2002 – The well known Gary McKinnon penetration. He claimed he was looking for secret information on UFO’s.
  • 2003 – The “Trippin Smurfs” – Jet Propulsion Labs defacement.
  • 2009 – Jeremy Parker Penetration – Accessed a NASA pay service for the science community that provided Oceanic Data recorded from satellites (which is now free).
  • 2009 – The “Code.Breaker” SQL Injection attack – NASA’s “Instrument Systems and Technology Divisions” and “Software Engineering Division” were breached via SQL injection attack. 25 Administrator accounts were compromised.

And let’s not forget about when a couple JPL sites were offering Viagra, and NASA’s twitter site was offering TV’s for sale last year.

Sure, some of these side on the ridiculous, but the fact remains, NASA has faced several serious data attacks over the years.

NASA isn’t just all about space exploration either, they do a lot of scientific research and joint military projects. The fact that a government run entity has been attacked, and then apparently ignored a plan to remedy the situation speaks volumes about our nations ability, or maybe better said desire, to thwart hacking attempts.

FS-ISAC Financial Security Seminar – Beyond 2 Factor Authentication

The Financial Services – Information Sharing and Analysis Center (FS-ISAC) puts on some great financial security webcasts and the one tomorrow, “Avoiding Data Breach Catastrophe – Beyond 2 Factor Authentication Webinar” should be no exception.

Information (From website):

Recent data breaches at public and private corporations have shown that reliance on perimeter level security is not sufficient – once hackers find a way in they are able to collect data unimpeded. A breach at a notable security company has resulted in potential risks to customers using two-factor authentication however data protection that relies on secrecy or obscurity may not be a good approach.  This session will examine potential risks and suggest strategies for pro-actively protecting data in all its forms inside the enterprise.

Ongoing data breaches, so prevalent in everyday media, continually renew concerns about data security in corporations worldwide. Whether the attacks are accidental or malicious and whether they come from inside or outside of your organization you’ll want  to understand and address your company’s data security vulnerabilities.  Minimizing data leaks –  from the volumes of data that flow between your employees, contractors and business partners every day – is paramount. On the other hand, how do you give users the data they need while limiting access to sensitive information to users who truly have a business need?

Join the FS-ISAC and Voltage for a complimentary webcast:

WHEN: Wednesday, March 30, 2011
TIME: 11:00 am EDT / 8:00 am PDT

If your business deals with the financial sector at all, FS-ISAC’s seminars are definitely worth checking out. They are usually top notch and very informative.

And why you are there, check out FS-ISAC’s free on demand webinar:

Evolution of Cyber Crime: Anatomy of Online Banking Fraud
Sponsored By: IronKey

See you there!


More than you Would ever want to Know about Anonymous

For anyone still interested in the Anonymous drama, technical guru and awesome security conference presenter Adrian Crenshaw, (aka Irongeek) has created for your visceral enjoyment the file to end all files on Anonymous.

Irongeek well know for his exceptional technical articles and videos, has created a complete dossier on Anonymous that I think includes just about everything except the member’s shoe size.

Titled “Crude, Inconsistent Threat: Understanding Anonymous

The topics covered include:

  • What and who is Anonymous?
  • Why the Anonymous meme then?
  • History of Operations
  • Categories of people who self-identify as Anonymous?
  • Common criteria for an attack?
  • Will there be infighting?

Check it out!