In The Weeds: Weekly Info-Sec Round Up 10-25-17

Follow Casz's Fiction Farm on WordPress.com

Ouch. We’ve had 10 inches of rain in the last week here in Twin Peaks. I’m looking forward to sunshine tomorrow.

First off, I spent part of the rainy day today filling out my voter’s ballot. In King County, where my vote counts, our ballots had this little tear off dealio. It gave a QR code and said if you went to a certain website you could get a virtual/digital “I Voted!” sticker. Guess what? It’s broken. Sigh. I was kind of bummed. I wanted to put that sticker on my social media presence to remind everyone to get out and vote (especially where local positions are up for grabs!). No such luck. Dear King County, www.kingcounty.gov/elections doesn’t provide me my digital “I voted!” sticker. I feel like I’ve been robbed.

https://goo.gl/images/VRtDtp

In other weirdness…BadRabbit ransomware uses a website to drop a fake Flash update and then drops its payload. Read more here:  https://blog.malwarebytes.com/cybercrime/2017/10/badrabbit-ransomware-strikes-eastern-europe/?utm_source=twitter&utm_medium=social

Next I have a confession to make. I love “smart” devices. Currently I have an Amazon Echo Dot installed in a limited way in my home. I let it turn on and off lights, tell me the weather, let me play jeopardy, and remind me when I need to be alert for package delivery. It’s not very good in playing a browser. Here’s a recent conversation I had with “her:”

Me: “Computer, who first circumnavigated the globe?

AED: “I’m sorry I don’t know that.”

Now do I wish her capability were more like Star Trek:  NG, hell, yeah. But I’ll be damned if I’m going to up the ante in this direction:  https://www.amazon.com/b?&node=17285120011&ref=tsm_1_tw_s__1126906097&linkId=43934981. That screams, “Come Hack Me.”

You know how I went off on crappy leadership in InfoSec last week? Well, now it’s not just some Girl Noob squawking about it. There’s about 412 other professionals that are like, Yo, We Have a Problem, Houston. That lead paragraph says it all. And maybe my time in the Army has actually helped me as I dive into learning InfoSec. https://www.ixiacom.com/company/blog/lessons-conventional-warfare-can-prepare-cyber-warriors

Last week I was all excited about Google Rolling out this: https://www.esecurityplanet.com/threats/google-rolls-out-advanced-protection-for-personal-user-accounts.html?utm_source=dlvr.it&utm_medium=twitter

But then I read this:  https://www.theregister.co.uk/2017/10/26/google_play_android_malware_bad/?mt=1508979967236

I’m confused. Wait, I’m not. Yep. I am. But…

https://goo.gl/images/nfmVdm

And leave a comment and the reason why you DON’T think the people who did this hack were 12 year olds? https://nakedsecurity.sophos.com/2017/10/25/hackers-steal-compromising-photos-from-plastic-surgery-clinic/

Want your cyber giggle for the week? Because to learn we can’t take ourselves too seriously:  https://twitter.com/Bill_Gross/status/920406104911233024

As in weeks past, feel free to leave a comment here about any of those articles. Let’s learn from one another. Okay, have pity on the noob and let me learn from you.

Have another great week InfoSec geeks. See you next week.

 

 

Harvest Creations: Pork Chops & Balsamic Gorgonzola Roasted Low-Carb Veggies

Follow Casz's Fiction Farm on WordPress.com

Fall is in the air and one-pot cast-iron cooking is right on time. Nothing like being able to make something that smacks of comfort food, but is good for you. This recipe has that going for it, for sure. You may find other versions of this online, but I’ve adjusted it to be low-carb, and even Keto friendly.  The recipe here makes four servings; however, the photos will show six servings (I always cook to have leftovers for the next day’s lunch). If you want to make extra, just add 50 percent more (e.g. two more pork chops, 4.5 tablespoons of vinegar). The pork is tender, the veggies a satisfying compliment and the gorgonzola melts all over all of it to provide this warm bite of creaminess. And this cooks within about an hour from start to finish, so you can even pull this off on a week night. I use my cast-iron dutch oven. I can’t imagine cooking this without cast-iron. In fact, I tried. Let me save you the trouble. Don’t try it. It’s ugly.

Ingredients:

4 thick-cut boneless pork loin chops

kosher salt

fresh ground pepper

1/4 cup extra virgin olive oil, divided

1 small head of cauliflower, cut into “potato” size chunks

2 zucchini’s cut up to match size of cauliflower

3 Tbsp. Balsamic vinegar

1 Tbsp. tomato paste

1 Tbsp. chopped fresh thyme

1 red onion, peeled and sliced into 8 wedges

1 (8 oz.) package Cremini or Baby Bella mushrooms, whole

2 Tbsp. fresh parsley, chopped, for garnish

1/4  cup crumbled Gorgonzola cheese (or extra if you like…)

Directions:

Preheat your oven to 425*F.

In a small bowl, combine 1/2 teaspoon pepper, 2 Tablespoons olive oil, Balsamic vinegar, and tomato paste with a whisk.

Place the mushrooms and the onion wedges in a medium sized bowl. Add the fresh thyme. Drizzle in 2 Tablespoons of the Balsamic mixture, reserving the rest for later, and toss the mushrooms and onions to coat. Set aside.

Heat a large, heavy roasting pan or large ovenproof skillet over high heat. Sprinkle the pork chops with salt and pepper. Add 2 Tablespoons of oil to the pan, and swirl to coat.

Add the pork to the pan and cook for 3 minutes on each side, until nicely browned. Remove the pork from the pan and set aside. If you have thicker chops like I did, you may need to add a minute to each side. Do not cook them all the way through.

Add the cauliflower and zucchini to the pan, cut side down, and allow to cook for 3 to 5 minutes. Do not overcook. Next add the mushroom and onion mixture to the pan and toss with the cauliflower and zucchini. Saute veggies in the pan on the stove top for an additional 3 to 5 minutes. Do not overcook. 

Place the pan in the oven and roast the vegetables for 25 minutes, stirring every ten minutes or so.

Nestle the pork chops into the vegetables and put the pan back into the oven to finish off the pork. Bake for 10 to15 more minutes, or until a meat thermometer registers the pork at 145*F.

Remove the pork from the pan. Sprinkle the vegetables with a little more salt.

Serve the pork chops with the vegetables, drizzled with remaining Balsamic sauce, and sprinkled with crumbled gorgonzola and chopped parsley.

.

 

 

In The Weeds: Weekly InfoSec Round-Up 10-18-17

Follow Casz's Fiction Farm on WordPress.com

Yeah, I get it. I haven’t been consistent. I am trying. But, I got absolutely railroaded by a horrible, horrible illness. You don’t care and that’s okay, just that’s why I’ve been missing. But I’ve been reading, tweeting, and logging hours and hours in InfoSec training. I’ve also been learning how to play the N64, because I never had gaming consoles growing up. Yeah, so my noob status is for real. Whether it’s N64 playing or learning InfoSec, I’ve only been at it about a year…and not full time. It’s a labor of love. And frustration. 

Speaking of labor and frustration, I’ve been really interested in the #unqualifiedfortech conversation that erupted after Equifax’s Security Meltdown. Since scooting myself into the InfoSec world as a writer who wants to learn, it was curious to me about what barriers I might be up against as I immerse myself in this field. It’s well known that techies aren’t very diverse and don’t necessarily treat women that well. I’d really like to have some dialogue with folks about this beyond the hashtag and people who have no educational background in tech to tell me how they got there, especially if they are working in security. Because my gut tells me that if you’re working for a tech company in a non-tech job, like say, public relations, or sales, that’s understandable — even from my neophyte perspective. But, not having a tech background and working in security, or even worse, leading in security, seems like sending a soldier to war without her knowing how to fire her weapon. I’ve had discussions with the circle of hackers who let me tag along and glean information from them like the fifth wheel that I am who are up against some really clueless leaders. They want their own hashtag:  #shutthefuckupaboutyourstupidgoddamnmetrics.

I remember when I was working in corporate communications, a lot of the MBA grads would want to come in and apply black and white principles to things that weren’t black and white. I can tell you how many press releases I sent out but knowing exactly a) how many media outlets picked it up for certain, or b) actions taken by the audience based on that press release are harder. I can see the same sort of situation in information security positions. Because as Equifax showed and numerous less public situations, if you’re a leader, you best have a good team around you and let them do their jobs and not stunt their capabilities to do the job you hired them to do:  protect your company and information. However, if you think you’re going to apply your web design background and MBA to your security team and make them spend time doing anything but security, you’re creating a vulnerability. And that’s a vulnerability your team may be hard pressed to fix if they are going to keep their job. We all can’t be Myke Cole.

So am I off base here? Am I simplifying things too much? My gut tells me, “No.” Let’s talk. I really want to know from those outside my circle. I want to know. As a writer, as a reporter, first, I’m curious and I think there’s more to the story here.

As in weeks past, feel free to leave a comment here about any of those articles. Let’s learn from one another. Okay, have pity on the noob and let me learn from you.

Have another great week InfoSec geeks. See you next week.

In The Weeds: InfoSec Round-Up September 20, 2017

Follow Casz's Fiction Farm on WordPress.com
We are getting closer to living in a Phillip K. Dick story.

Holy Moly, it seems like I’ve done nothing this week but read about new vulnerabilities and hack attempts and general InfoSec mayhem. While many are at #DerbyCon this week, I’m over here in Twin Peaks just trying to keep up with what I need to learn and remembering what I’ve already learned. I can see why when I talk to #InfoSec professionals many of them feel overwhelmed or that they are drowning in the river of keeping up.

This week I’d like to start by publicly sending condolences to the entire world for losing this hero. I have a vague memory of when this happened. I was in High School. Yes, I’m that old. Whatever. But, it’s stories like this that make me think that maybe my hope in mankind to do the right thing even after they’ve fucked up is not misplaced.

If you’re trying hard to stay healthy and using a FitBit — Be Aware of its vulnerabilities. I’ll say it again, whenever you’re on the internet, using the web, using the cloud, all of that, there are going to be vulnerabilities. You can’t absolutely protect yourself, but know your risk, at minimum. Please.

If you’ve downloaded or updated the CCleaner application in the last month, um, you’ll have an incident response regarding malware on your network to get to…so, um, get to it.

Oh to have the time on my hands to find these kinds of open doors:  PyPI Python repository hit by typosquatting sneak attack

For those both fascinated and terrified by Artificial Intelligence:  Humanoid robots ‘breakthrough’ as engineers create synthetic muscle that can lift ONE THOUSAND times its own weight

And if that’s not disturbing enough, we are our own worst enemy:  Infosec weakest links: Negligent employees and poor password policies

As in weeks past, feel free to leave a comment here about any of those articles. Let’s learn from one another. Okay, have pity on the noob and let me learn from you.

Have another great week InfoSec geeks. See you next week.

In The Weeds: InfoSec Round-Up September 15, 2017

Follow Casz's Fiction Farm on WordPress.com

Sorry this is late, but between the volume of InfoSec news this week and the sadness of our pooch dying…well, better late than never.

  1.  I really hate when a story, say like MR. ROBOT, becomes more true to life than fiction, but, yes, folks, “our democracy has been hacked.”Yet another trove of sensitive US voter records has leaked
  2. In that same vein, see screenshot…Equifax Hack: A timeline of events  (P.S. Don’t sign their little ‘help us help you protect yourself contract.’)
  3. I know I’m a noob and all, but I understand that everything has vulnerabilities, especially if it connects to the internet. Protect your devices folks. Know the dealio. For reals. Bluetooth Security Flaws Impacting ‘Billions of Devices’ Come With Some Serious Caveats
  4. Even the almighty Google has bad days: Google suffered a meltdown as Gmail, Maps and YouTube went down
  5. Lastly, I’d like to say that there’s a certain man in Redmond, Wash. that is very lucky that I’m an ethical individual and didn’t take advantage of a errant email. Otherwise I’d be rocking a brand new phone. So, heads up to Tmobile customers. Make sure that the store computer cache’s are cleared after your information is inputted. Otherwise, someone not as ethical could receive an email and change the delivery address and other account information. Like ALL the account information. It’s a one-off situation, but a vulnerability all the same. You’re welcome, sir. Enjoy that new Samsung Galaxy 8.

As in weeks past, feel free to leave a comment here about any of those articles. Let’s learn from one another. Okay, have pity on the noob and let me learn from you.

Have another great week InfoSec geeks. See you next week.