Hackers Hit Our Defenders

This is a little troublesome; hackers have hit the publishers of the defense newspapers. You know, those publications like The Army Times where I use to go look up the cut-off scores every month to see if I had been promoted.

With information like that, these publications get a lot of readers.

The hackers hit on June 7th. They took their subscriber information; things like user name and password, first and last name, email address, and service information (like rank, branch, duty status, etc.)

What may happen next is our defenders are going to start receiving emails that look like they are coming from the publisher. Of course these will be fake and if the soldier, sailor, air man or marine click on a link in that email their computer will become infected with some kind of Trojan or other malicious software.

This is a case where our government needs to get involved. Find whoever stole this information and send them to boot camp for retraining.

I don’t care if hackers hit the CIA’s site with such force that it takes their public website off line for a few hours. I don’t really care that account holders had money taken from their Chase accounts. I do take offense when they target the men and women standing the wall.

http://ohmygov.com/blogs/general_news/archive/2011/06/30/recent-hacker-attack-on-gannett-websites-targeted-military-personnel.aspx

Do We Really Need a U.S. Fire Administration?

So I’m on the internet studying information about current Internet security tid-bits, looking for something of value to pass along and I run across this website for the United States Fire Administration.

I was not aware that we had a national office of fire prevention.

And I wonder if we really need one.

So I poked around, found where we have a National Fire Chief. They must have a great budget because they have a fantastic website (link below) and they appear to be fully staffed.

There must be a bunch of money available because right from the home screen you can read all about Federal Grants that are available and if you follow that link you can even attend free classes on how to complete the grant process.

Now I ask you… do we need a division of Homeland Security in order to show us that when there is a fire we should put it out?

Do we need FEDERAL officials to teach us that fire is dangerous and we should put one out if it is burning something we don’t want burnt-up?

I believe this is one area of our federal bureaucracy that can simply be shut down. We don’t need it – it’s overkill to have this kind of division of the federal government.

U.S. Fire Administration Home Page

Document Collaboration

In January of this year Legal Technology Today published that Enterprise Collaboration (a.k.a. Document Sharing) was at the top of the organizational priorities for 2011.

And no wonder, just last Friday (June 17^th, 2011) a court imposed monetary sanctions against a corporate plaintiff (yes … plaintiff) for “delay and inadequate production and failure to search for documents in a timely manner.”

The corporation in question is moot (Google “No. C09-1769 MJP” if you really need to know). The bottom line is that the company did have a corporate document management system in place and even hired a consultant (outside counsel) to assist in the discovery process.

What happened was the individual in the CFO position neglected to instruct the consulting group to run a search to find the necessary documentation.

Even though the plaintiff dropped the case, the company still has to pay the fine that the court mandated.

Getting back to Legal Technologies published priorities for 2011. Collaboration about documentation and electronic discovery practices of the Legal Department transcend the relationship between the IT department and the legal staff.

Everyone who is in a position of responsibility needs to be aware of certain (not all) activities currently being managed by the legal department and should have the ability to participate in providing documentation and other information that pertain to the legal matter.

The CEO down to the plant management or store managers need to be able to participate in the efforts of the legal department. The most valued and prized asset of the corporation, the individuals themselves, need to be made aware of how important document and information management is at the enterprise level of any given company.

This fall LT Online will introduce an enhanced module for facilitating this collaboration. If you would like to get a sneak-peek make sure you are at out user conference.

Until then below are some informative links, other blog entries that highlight the capabilities of LAWTRAC’s document management system.

1.	How Hidden Email Data Increases Corporate Risk
2.	You've Already Gone Green
3.	LAWTRAC Docsave 2.0 Released
4.	Documents You Have Checked Out
5.	Top Ten Signs You Need LAWTRAC's Document Management
6.	Document Size Guidelines
7.	Need OCR Services? Flag The Document First
8.	Reports Created via SQL Statements
9.	List Documents by Author
10.	Question from Customer: File Not Found
11.	Question from Customer: Document Drag-n-Drop
12.	Pointing Matters to Document on the Network
13.	Type Of Document Restrictions
14.	Documents by Business Categories
15.	Interfacing with Document Retention Policies
16.	Drag-N-Drop: Advanced Function Made Easy
17.	Organizing Documents
18.	Outside Counsel Document Types
19.	Documents Provided by Outside Counsel
20.	Routing Slips Management Screen
21.	Email Document - Make A Note
22.	Save As Dialog Box
23.	Document Overview Information
24.	Document Calendars
25.	Sending a Document via Email
26.	Evaluating your Document Management System
27.	Boolean Search Operators and the Document Bank
28.	Searching: Document Meta Data
29.	Routing Slips

LT Online Corp Web Log

Internet is a “pact with the Devil”

I really don’t care for the great media hype that is reflective of the security problems popping up.

Here is a guy that associates the Internet to the Devil, but at the end of his 120 word essay he provides a link to his website. Compounded his two-faced irony is a request that you click on one of the ads so he can make a little money from the tool he proclaims belongs to the Devil.

Yes, there are hackers out there exploiting the soft underbellies of big corporations; but look towards the end of the tunnel – five years from now the lessons we are learning today will only serve to make the internet stronger. A better tool for education, commerce, and communication.

Take the time to review your own practices. Is your password the same thing you’ve been using for years and years? Is the wireless network you’ve set-up in your home secured?

Consider this as a simple practice. Obtain a pre-paid debit card; there are tons of services out there you can use. Transfer only the monies you intend to spend online to that card and use it to order your pizza from PapaJohns.com or bit on that broken laser pointer on eBay. This way if anyone does hack into Papa Johns or eBay all they are going to get is a few dollars and not access to your next car payment.

Contrary to what this hype-artists says via the Huffington Post the Internet is not of the Devil. The Internet is “of man” and therefor will always have flaws, but will always have room for improvement.

Andrew Reinbach: Computer "Security"

For Veterans and the General Public - National Center for PTSD

Those of you who know me personally understand why I’m recommending this for a reason.

Know someone who was in the military for twenty days or twenty years, or a friend who suffered an assault of any kind give this site a look over.

You may be the person who helps another just by passing on this blog entry and link.

For Veterans and the General Public - National Center for PTSD

Hackers: When the money is gone; it’s gone

Bank Not Responsible for Letting Hackers Steal $300K From Customer

I for one don’t have $300,000 lying around in a bank account for hackers to steal; no, the point of this story is that the financial intuition is not responsible for this theft.

In this particular case I agree. (see link below)

Had this been a case where the hackers attacked the bank’s infrastructure without having any user’s credentials then the bank should be held liable.

This particular case the company’s own employees fell for one of those emails designed to steal user names and passwords.

Everyone should be aware that companies are not going to send you an email asking you to log-in and check something for no real reason. FedEx and UPS don’t have your email address and are going to email you when they can’t deliver a package.

This is an example of when those emails work – and when the money is gone, it’s gone.

Bank Not Responsible for Letting Hackers Steal $300K From Customer | Threat Level | Wired.com

Brits Love Gossip, Regardless of the Subject

Is it just me? Why would a newspaper (orwebsitee) in the UK want to report on what is nothing more than gossip when it comes to the presidential elections here in the US?

Especially when it involves the war where we kicked their ass.

The image may be a little fuzzy - so see what I mean click HERE.

How Hidden Email Data Increases Corporate Risk

Source: Sys-Con via MarketWire

An interesting observation by corporate risk managers, the size of your employee's mailboxes lead to leaks in information security in your corporation.

After reading the article it became very clear, employees move emails with attachments to shared folders on the network in order to make room in their mailbox.

The concept is almost too simple I'm not sure why it has not been discussed no a large scale before.

I would encourage all of our LAWTRAC customers to tell their outside counsel NOT to send documents as attachments to emails, but to upload them into their respective matter record in LAWTRAC.

Why? Two Reasons:

1. Email should never be considered secure. Even if your company has employed a method of encrypting them, they can still be captured in transit and the attachments stripped.
2. Once you copy emails (and their attachments) to a folder the security becomes even less than if you had left it in your in box. You never know who has access to whatever folder you recorded it on.

Just another reason to use LAWTRAC for managing your legal documents.

Want to know who is hacking your network? Look to the left–then the right.

One single thread you’ll see when you read about all the major data breaches during the recent past is the lax of internal security at these large companies.

Seriously… Sony is getting beat-up because of nothing more than compliancy of their own IT staff. Not only did they not keep their infrastructure up-to-date, but apparently they never tested it.

Google’s Gmail is a target because of a temporary employee was allowed to either put code on their networks he/she could use later or they didn’t remove the individual’s credentials when the person moved on.

RSA’s technologies of a number key changing every thirty-seconds was hacked with a twenty-year old hack. This hack has allowed access to networks belonging to major defense contractors and even your government representatives.

Of course, the hackers shouldn’t be doing this; but at a certain level aren’t the IT professionals at these companies bear some level of responsibility?

If your doctor is complacent and does not sterilize his / her needles before they give you your annual flu shot and you come down with Hepatitis don’t the other medical professionals also responsible?

Don’t blame the hackers… blame the six-figure employees who are there to make sure everything is as it should be.

Data Breach Digest

Beeni Baby Hat: Asphyxiation Hazard

OK… who in their right mind thought this was a good idea?

Never mind the 'idea' guy… no one in the development, production, sales and distribution of this 'object' spoke up to express concern? Yes, it is made in the U.S.A.

Gee Whiz

The link to the recall information is below the photo.

Kahn Enterprises Recalls Beeni Baby Hats Due to Asphyxiation Hazard

HP Expands Recall of Notebook Computer Batteries Due to Fire Hazard

No, you are not reading a headline from a couple of years ago.

Last time it was Dell computers. Now I guess it’s HP’s turn.

The question I have; where was this in the mainstream new headlines?

This recall is for 162,000 batteries. That is on top of the 124,000 batteries they recalled in 2009 and 2010.

The Models involved with this recall are listed below. At the bottom of this post is a link to an official notice.

Notebook Model Number
HP Pavilion	dv2000, dv2500, dv2700, dv6000, dv6500, dv6700,dx6000, dx6500, dx6700
	dv9000, dv9500, dv9700
Compaq Presario	A900 C700 F500, F700 V3000, V3500, V3700, V6000, V6500, V6700
HP	G6000, G7000
HP Compaq	6510b, 6515b, 6710b, 6710s, 6715b, 6715s
	6520s
	6720s

HP Expands Recall of Notebook Computer Batteries Due to Fire Hazard

Web Color Pallet

Today I would like to share with my fellow web programming enthusiasts a page I put together that I use a lot, but published it so everyone can tap into is and use it as a resource when needed.

This single page lists all the HEX color values, but also their Java names. It has a complete list along with examples of how they will appear.

It is complete and comprehensive. There is even a portion that shows how the changing values work to create the differences in the shades.

Please feel free to not only use the resource, but take a moment and share it with others. Feel free to suggest any improvements.

Web Color Pallet

Today’s Caption

Take a moment and enter a caption for the picture in the comments area.

Group Claims It Was 'Paid to Hack PBS,' Then Leaks a Million Sony User IDs - FoxNews.com

This is a fantastic story; but I bet most would miss why this group (whoever it was) was able to post individual’s passwords for all the world to see.

Apparently the bigger the company, the more relaxed they are about cyber security and following the very basic of rules.

Had these companies followed “Security 101” procedures they would have known to (at the very least) store passwords in either a HASH or some other encryption so that even if their database of user names and passwords is stolen they can’t be used; or at the very least be posted online somewhere for the whole world to see.

I know in my little corner of the world where I help write software applications for these big companies I have to undergo security questionnaires (sometimes over 100 pages of questions) and audits where they actually try to hack my code. The sad thing is that they are companies the size of the ones in the Fox News story (link below).

If you are about to purchase software for business or pleasure ask “Do you encrypt stored passwords?”

If you are a developer don’t think for a second that the guys doing the networking and managing the firewall and intrusion detection are doing their jobs. Follow the basics, and step one is only store passwords in their encrypted format.

Group Claims It Was 'Paid to Hack PBS,' Then Leaks a Million Sony User IDs - FoxNews.com

LAWTRAC 2011 User Conference

The Corporate Legal Department maintains the most sensitive information a corporation can have.

Just to give you an idea on some of the things they may work on:

• Employment agreements
• Civil matters of senior officers
• R&D Work (patent and trademarks)
• Litigation

If a person can get to the data and documents maintained by the legal department they can ascertain trade secrets and more.

For example:

A national retail chain store will experience mishaps by shoppers who will in-turn file a lawsuit. Nine times out of ten the parties will settle out of court. The store wants to insure the person recovers from any injuries while preserving their reputation as a safe place to shop.

If a person were to obtain a copy of the last 50 or so settlements, they can then make a determination as to what the company will automatically settle for. A person goes into the store, fakes a mishap and asks for just less than what the store will fight over.

If your company has a legal department, you need to attend this conference.

LAWTRAC 2011 User Conference | Agenda | powered by RegOnline

Today's Caption

Put your caption in the comments.

ColdFusion Functions Reference

ColdFusion programmers: New information about CFZIP and CFFile have been posted in my CF-ToolBox.

Take a peak.

And don’t forget if you  would like to see some information about some of the new stuff in CF 9 just drop me a note: Jim@CF-ToolBox.com

Jim's ColdFusion Functions Reference

Google Gmail Accounts Hacked From China

The Great Wall isn’t going to protect your gmail account; this time the hackers are hiding behind it.

According to the San Jose Mercury News Google verified that individual email accounts were the target of these attacks. Accounts belonging to US Officials, Journalists, Businessmen and women, just about anyone who uses their Gmail account to talk about work.

The attack they used is called “Spear Phishing”.

In this kind of attack the gmail user ( YOU ) receives an email from someone they may know with an attachment. When you click it it takes you to a screen where you believe you must authenticate your gmail user name and password…. BUT IT ISN’T GOOGLE – IT IS THE HACKERS.

You fill out the user name and password and then it redirects you back to your regular gmail email interface.

You think your computer just forgot it was already on Google for a second… opps.

Advice / How To Avoid This

Look at the address of the website asking you to fill-out the authentication form. If you think you are on Google, but the address does not have “Google.com” anywhere in the address STOP.

Close your browser (to delete any non-persist ant cookies) and the next time you are on your google mail account delete the message. No need to forward it to Google – they and the FBI are already aware of the problem.

Google Gmail accounts hacked from China - San Jose Mercury News

PLEASE post this to your Facebook account and forward to any of your friends who have a Gmail account.

Two security firms hacked.

Hackers are getting bold. After groups saw that they could get a lot of publicity taking on Sony they are now going after security companies themselves.

I used RSA secure ID’s for years to gain access to servers. I’m aware of at least two businesses that use these ever-changing numeric code methods to do their business banking.

The hackers are trying to gain access to certain pieces of code that would allow them to replicate the numeric code.

If they are successful, this breach will effect more than double the number of accounts that were effected by the Sony breach of security.

So let’s take that to the next level.

It’s not just RSA and your business banking accounts they are after. The other major firm being attacked is L-3 Communications; the company that provides Secure ID authentications for the White House, The Pentagon and others.

And these attacks will be successful one day.

What Can You Do?

Those accounts you have that use a changing number key; you’ll need to change your passwords on a more regular basis. If they ever are able to steal the code that replicates the number key and download the customer’s users accounts then they will have access to your accounts.

• By changing your password on these kinds of accounts more often then you normally would you can add an extra level of protection for yourself.
• Make sure you are in communication with your bank. If you notice odd activity in your account let them know right away.

Cyber threat debate: Two security firms hacked - International Business Times

Today's Caption

Add your caption in the comments.