No matter where you are we will come to you

DO I HAVE A CASE?

Currently Viewing Posts Tagged Security

I Want My Pen!

I have been to several courthouses in several different states. They all have a form of security. Some much more strict than others. Sometimes, it feels like you are getting ready to board a plane.

Some courthouses security requires that you place items in bins as they go through a scanner. To date, I haven’t been asked to take off my shoes. For one lawyer in Nebraska, he has a lost luggage feeling. And he apparently believes that The pen is mightier than the sword.

Attorney John Kerwin went through courthouse security at the Douglas County Courthouse in Omaha, Nebraska. He accidentally left his keys and Montblanc ballpoint pen at the security kiosk. (Omaha.com)

IMG_0105

Later he asked a Judge to unlock the kiosk to get his belongings. The Judge handed him his keys but the pen was missing. The lawyer values the pen at $500; but worse, it has sentimental value because it was given to him by his uncle.

The pen is nowhere to be found. Surveillance video shows the officer who last touched the pen before it went missing. Now, Kerwin wants the County to either find the pen or replace it. And, he is serious. So serious that he has filed suit against the County Clerk’s office.

Kerwin says that he “just wants his special pen back”. I suspect that they will pay him $500 to reimburse him.

I wonder, do you think that the effort is worth the reward? Maybe he should just say… it’s Saul Good!

And for pic o’ day, here’s some wisdom:

wisdom

 

The Cyber Theft Fight

Little Caesars is currently airing a commercial (here) that shows a family so frustrated with trying to order a pizza online, that they “go off the grid”. The wife then suggests that they pick up a Hot-N-Ready pizza from Little Caesars… and they go back on the grid! Wouldn’t it be great if life’s problems could be fixed with a pizza.

Going off the grid seems a bit tempting, in light of all these data breaches that have occurred at such places like Target, Staples and even PlayStation networks. Customer information including name, address, social security numbers, credit card information and even tax and income information are seized by hackers.

The title of the blog “The Cyber Theft Fight” sounds more like a movie than a blog title. Unfortunately, it has been brought right to my own doorstep.

A couple of years ago, I received notice from the state of South Carolina that all tax records had been breached. They basically told me not to worry but that they would provide for free, a credit monitoring service. I didn’t feel that confident nor was I excited about my new service.

Now, the second largest health insurer advises that it has been breached. Soon, I expect to receive notification that they also will provide me with a free credit monitoring service. Kind of like, “we burned your television out, but don’t feel bad because we will give you free Netflix for your computer.” So more on my “burned out TV” analogy.

Anthem Insurance notified its customers last week that it had been hacked, but it quickly moved to calm the concerns of its 80 million members to assure them that their medical data had not been taken.

That doesn’t make me feel good knowing that the information taken could now be a treasure trove for thieves.

Unfortunately, going off the grid or ordering a Little Caesars pizza will not fix this. The Hacker News describes what went wrong and also tells about a lawsuit that has been filed by one customer in California. (article here)

Forbes.com also lists six things that you can do to protect yourself after a data breach. Professor Gregory S. McNeal specializes in data protection. I have copied and pasted his six recommendations below:

1.  Get a password manager.  After every data breach, the advice is the same — change your password, make sure it is complex, and don’t use the same password or username across various websites.  That is simply too hard for you to do without a password manager.  Most of us have multiple online accounts, you probably have multiple email addresses, an Amazon account, a few credit card or online banking accounts, student loan accounts, Facebook, Twitter, LinkedIn, DropBox, Evernote, etc.  You simply can’t remember all of those usernames and passwords, so chances are you’re using the same username and password, or you’re changing the passwords slightly by adding an “*” or “#” or changing around the capitalization.  That’s not secure, as experienced criminals will use your base password and sophisticated software to crack your other passwords.  You may think you’re being creative, maximizing convenience and security, but in reality you’re merely maximizing your convenience.

How does a password manager change that equation?  It provides you with strong, unique passwords for all of your accounts, and keeps them in a secure encrypted vault on your device.  There are many password managers on the market 

2.  Stop recycling user IDs and passwords.  Building off of recommendation #1, if you use the same Anthem user id or password across sites, stop doing that, and change all of your other passwords.    Remember, hackers sometimes try stolen IDs and passwords on different sites to gain control of other accounts. That’s why it’s a bad idea to recycle credentials.

3. Don’t confirm or provide personal information in response to an email or text, and don’t click on links in unexpected messages. Legitimate companies won’t ask for bank or credit card information, social security numbers, passwords, or other sensitive information through unsecured channels. The Anthem breach included names, birthdays, medical IDs/social security numbers, street addresses, email addresses and employment information, including income data.  Criminals may use this stolen information to send email or texts that appear to be from people or sites you trust.

4. Review your credit card and bank statements often.  If you see charges you don’t recognize, contact the fraud department at your bank or credit card provider right away.

5. Check your credit reports – for free – every few months. Monitoring your credit report is a good way to find out if someone has opened credit in your name. You’re entitled to a free report every 12 months from each of the three credit bureaus: Equifax, Experian and TransUnion. To get your report, visit AnnualCreditReport.com or call 1-877-322-8228.

6.  Use two factor authentication.  Two factor authentication is an extra layer of protection beyond your password.  First you enter your username and password as usual, then a code is sent to your phone via text, voice call, or mobile app.  Only after you enter that code will you be allowed to access your account.

Something to think about! Cyber-criminals seem to be getting more sophisticated. It sure is frustrating because it seems that more and more information is being put on file, while it appears that businesses are taking less safeguards to protect our information. But don’t worry, maybe they will throw in a free Amazon Prime Membership.

And for pic o’ day, I am going back to one of my favorites. The old-fashioned criminals:

Line up

No-Fly List Lawsuit

A lawsuit has been filed against the U.S. Government with claims that the FBI is using the no-fly list as leverage. (Washington Post) A claim that the list is being used for extortion instead of aviation safety.

Awais Sajjad, who is a lawful U.S. citizen living in New York, learned that he was listed on the no-fly list, after he attempted to board a flight to Pakistan in September 2012. Then, FBI agents questioned him before he was released. In the conversation, they acknowledged knowing that Sajjad was a practicing Muslim. Then, the FBI made him an offer; In exchange for removing him from the no-fly list and provide him some compensation, he would need to work for them.

Sajjad refused to accept that offer. In response, the FBI kept him on the list “in order to coerce him to sacrifice his constitutionally-protected rights”. Hence, the lawsuit.

Human rights activists have been saying that the government has been improperly using the no-fly list and restricting travel without any connection to terrorism. In fact, some U.S. citizens have been stranded abroad and never told why they could not fly home. As to Sajjad, he was told that he should be willing to inform on the Muslim community in his area. The lawsuit raises the question of whether the FBI should have the right to use this threat as a means to providing national security… security determined by the government.

DID YOU KNOW that 15th century Chinese judges used glasses with darkened lenses, to hide their facial expressions in court?

And for pic o’ day, “Cats with heart”.

Heart Cat

Snowden’s Passwords

In the movie Wall Street the classic line to cue an inside sale was “Blue Horseshoe loves Anacott steel” because it meant that Gordon Gekko had some insider trading information and everyone down the line needed to get in on the stock trade.

In that same movie, Gordon Gekko turns to Bud Fox and says, “The most valuable commodity I know of is information, wouldn’t you agree?” It’s based on the same premise that ” loose lips sink ships!”

Those quotes came to mind as I read about all the damage that Eric Snowden has done to our United States’ intelligence. The intelligence community is still trying to assess the amount of damage that has been done.

Up until now, it has been difficult to grasp how Snowden, as a contract employee for the National Security Agency, could possibly have secured all that information. Now, there might be an answer to explain it.

Reuters News  is now reporting that fellow workers unwittingly provided their passwords to Snowden, allowing him to access material that otherwise would have been blocked.  It is estimated that over 25 employees gave their passwords to him after he convinced them that he needed the passwords, because he needed access as a computer systems administrator.

Even employees who had been trained and warned, still let their guard down. They made the mistake in believing that everyone was an insider; and therefore, everyone was trustworthy.

On this Veteran’s Day, we stop to thank the estimated 23 million veterans in this country who have served, with the other 2.3 million who are in active duty. They are the opposite of what Snowden stands for, in that they have protected us and our freedoms.

The story of Snowden is not over. He will be brought to justice. At the same time, it is also a reminder that the enemy does not rest.

DID YOU KNOW that in West Virginia, no one may walk a lion, tiger or leopard; even on a leash. Of course it is also law that anyone who curses or swears in public will be fined one dollar for each offense.  (I just came back from West Virginia and I did not see anyone break the first law, but I may have heard the second law violated)

Vet 1                                                                  Vet 2

A Tattletale Car

I have always been fascinated by the Progressive Insurance advertisement that excitedly proclaims insurance savings. All you have to do is plug their driving device into your car for thirty days and then bring it back to them. According to the ad, “Flo” is all excited about this new device of savings.

What the ad doesn’t say is how the garage-door-sized device truly works. The device plugs into your car; confirms your vehicle identification number; and then monitors the cars driving habits for thirty days. Originally, the device contained GPS that would have specifically shown the exact travel of the car. Progressive claims that they have removed GPS from the device.

The device does tell just about everything else including speed, driving distances and other driving habits specific to that car, that has consumer organizations concerned. After you bring the device back to Progressive for your insurance quote, I am told that they then leave the device in your car another 6 months, if you do purchase insurance.

Of course, someone may choose to allow Progressive to have such knowledge access. Separately, USA Today  recently did an article that also proclaims that current cars are basically “rolling computers”. The transponders in these cars are transmitting  information that can then be sold to third parties.

A car manufacturer may have you sign small print documents that allow them to notify an oil change business to contact you, when the car has traveled a certain distance. The car computer even keeps records of the car’s use of cruise control, cabin temperature settings  and how long it might sit in traffic.

The attached USA Today article is long with several examples of “car knowledge”. It’s just something to think about when you are in your car. Maybe the computer would also say that no one is taking “Sunday afternoon drives” for relaxation, like they sometimes do in the movies. It’s all a question about what is an invasion of privacy.

For pic o’ day, I pulled out an “oldy”. Let’s see what Flo thinks about this driver’s cautious habits:

dog_driving

Google That Fine

     It amounts to less than a parking ticket fine for Google. meangoogle

     NBC News reports that Google has agreed to pay 7 million as a fine in their “WiFi Spy” case. It is a settlement that is being paid to a coalition of state attorneys general over private data that was captured by Google contractors, while they were compiling photographs for their Street Map project.

     Here is the story that should cause Google some sadness::

sadness

     Apparently while sending workers throughout neighborhoods in the United States, personal data was obtained from unencrypted wireless networks that were in some of the homes. This data included passwords, email addresses, medical and financial records.

     Although Google said that the privacy violations were unintentional, the Connecticut Attorney General voiced why he felt that Google should pay a fine, “Consumers have a reasonable expectation of privacy. This agreement recognizes those rights and ensures that Google will not use similar tactics in the future to collect personal information without permission from unsuspecting consumers.”

     This is one of the most significant fines related to Internet privacy but I’m not sure that it really impacts Google to make them change how they collect data in the future. I looked at their stock for the close of Wednesday’s market to find it trading at $827.61 a share. This story is also a reminder that searching on a WiFi connection not password protected can give rise to our personal information getting stolen.

     For pic o’ day…

Horseplay

TSA Mobile Security

An old Saturday Night Live skit used to tout a product called “Toast on a stick”. It was funny because it was so basic. A stick pushed through a piece of toast.

That came to mind when I read the “Mother Jones ” article on what the Transportation Safety Administration (TSA) has requested, as part of its government 2012 budget request.

Currently, TSA advises that it conducts over 8,000 unannounced screenings each year. They report that they have 25 teams that conduct screens in conjunction with Customs and Border Patrol. They don’t just do their “pat downs” at airport security,

On one hand, TSA makes a good point it needs more funding to prevent incidents like the Madrid train bombings. Plus, if you’ve ridden on a train recently, you’ve probably noticed that the security does seem a bit relaxed. Maybe that’s why Hollywood has train bombings in many of their movies.

In short, I basically am postulating (I finally got to use that word!) the concept of safety, versus how far do we allow the government to do mobile searches?

It’s clear that TSA wants the ability and funding to walk up to people at train stations, ferries, subways and other public transportation and perform searches or “pat downs”. Is it worth granting this funding and power for safety, or is this going to far in the encroachement on personal liberties?

One final thought might be to consider what Ben Franklin might have said to my blog. “Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.

You still might be trying to figure out the “toast on a stick analogy” because I did get a little distracted. Well, I just kinda imagined all the TSA uniformed government workers running around, doing their mobile scans with their wands. Seems to me that this is taking a simple idea of safety too far. What else? Are they going to push a mobile bucket in my face, for my shoes and keys?

A Baby Watch List

     Yogi Berra says that “you can observe a lot by watching”.  I guess that’s why I can’t help myself. I keep an eye on the Traffic Safety Administration because it seems that I keep seeing some amazing items pop up in the news. There is now another good reason to make sure that you are in a good mood when you travel.

      USA Today reports that  airline passengers who kick a wall, throw a suitcase or make some feisty remark to a security screener, could be placed on a little known Homeland Security database. Being “on the list” could subject them to more stringent future screening and cause them to be regularly pulled aside during future flying trips.  According to the uncontradicted report, the TSA is keeping record of people where screeners report some interaction that caused feeling of being threatened or  aggression.

     This “Baby Watch List”  can include names, birthdates, social security numbers, home addresses and phone numbers of those that are put on the list. The list was started in 2007, about the same time that screeners were outfitted with new uniforms that included police style badges pinned to the shirt, to convey authority. So far, no word on whether hats that look like a crewcut are in the making.

     The TSA says that the list does exist but that it really is for people that display violence or some form of verbal threat.  In their words, it is just meant “as a focus on prevention”.  Of course, it seems to me that it grants authority to any one screener who now has the power to put any person on this watch list, which can then be disseminated to other government agencies, airports, airlines, rail and bus systems. If they don’t like how you eye ball them, then you probably need to get used to those words, “Step aside”. Those words probably would start to sound like the policeman who says, as he hands the ticket, “Press hard, three copies”. 

     All states have unique laws on their books that date back many years. In many instances, no one really knows that they are still on the books or they simply have not gotten around to change, modify or remove those laws. For instance, in Oklahoma,  It is against the law to make “ugly faces” at dogs. Such action may subject the offender to fines or even being jailed. I guess you would be well advised to smile at all dogs in Oklahoma and continue to wear that smile to the airport.

My Airport Scanner Idea

Airport scanners are becoming the battleground of Constitutional argument. Privacy is now being pitted against public safety.  Plus, scanners in the news is now a great idea for a fiction conspiracy.

If you google airport scanners, even the headlines will give you a quick idea as to why they are so controversial. One article discusses that “we are all porn stars“, thanks to airport security. Another tells us that in Manchester, it has been alleged that these scanners break child pornography laws.

I also just saw that the former head of Homeland Security, from the Bush Administration, is now part of the corporate management of an airport scanner company. Thus, if author Robert Ludlum was still around, I’m guessing that he would write a book about how some group sets up a homeless guy, to go through security and get caught with some item on him. It would get the country all riled up and Airport scanner companies would be begged to outfit all airports with their life saving technology. Wait a second; Is that happening right now?

All of us want to be safe. I want to get on a plane and know that no one is going to bring a flammable fluid, a body bomb or even a match and flammable pajamas. I go back and forth as to what I think about these airport scanners. I think that the public is willing to accept a certain amount of scrutiny at the airport, but there are clearly limits to what should be acceptable versus invasion of privacy. 

If you look at the airport scanner attachment, you will see several pictures of the results of these scanners. According to Homeland Security and all those who stand to profit from the sale of these machines, we have nothing to worry about. There is only one person, in an enclosed booth, who is looking at these from TSA. In addition, we are assured that these images are immediately destroyed. 

In conclusion, here is my security idea of the day. If they want to require these scanners at all airports, then all 435 House of Representatives; all 100 Senators; all cabinet members; the President and Vice President; and all their families should go through the scanner. The images should be stored. Then, if any image from any private citizen is ever released to the public, then all the governmental officials and their families will have their images released as well. That way, no director of Homeland Security will simply get up and say “we made a mistake and we’ll try to do better next time”. Now, if they are ready for that, bring on those scanners!

  • Archives

  • Menu Title