Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

WikiLeaks: Lessons – for Everyone

I think we have all by now heard about the rather embarrassing publication of thousands of “secret” government correspondences on WikiLeaks.

Many are/were shocked and surprised, and wondered, “how could this happen?”

Ha. The better question is – how could it not? In fact, you don’t have to know much about network communications, nor data storage, nor databases to know “secure” does not mean secure – not the way you and I think of it. (Secure in computing seems to mean “difficult”, as in in, it’s difficult to access, so it’s secure.)

“WikiLeaks Teaches Us that No Data is Safe.”

Though I harbor no intention of ever becoming a CISSP, I have studied the material (yes, I am that “geeky”) and occasionally take practice tests. For fun, yes, and because we live in the “digital age”. And I am in the front lines of one of the “cyber wars” we have been waging (for over a decade) — the war against “hackers” (they’re really just criminals using computers) and the viruses and spyware they infect us with (“malware” is a much better word).

And I watched tech rise up, and start toddling around.. and I watched all the bright boys say “wouldn’t it be neat if we could get these machine talking to each other?!” And so I understand how cobbled together and makeshift all these “protocols” and “new technologies” are. Because at first, the machines were either non-talkative, or only spoke to similar machines.

And the whole while, I lived right here in the Silicon Valley, and watched people become overnight millionaires just because they rushed something out and got to market first (with a prototype, in “beta” development). (Or worse, just marketed an idea for an alpha prototype.) And a word got invented and it was filled with magical powers — “startup”. It attracted money out of thin air.

But, I digress – back to the CISSP (that’s the ‘competency test” for Information Security types). You know what it teaches, essentially? “Risk Management” (choose what risks are acceptable, and which you should dump money into “shoring up”) and “What To Do After You Have Been Violated”. Nowhere in the curriculum can I find the chapter that says “Do This And Be Safe, Secure, & Bullet-Proof”.

“Cuz there is no such thing. Any security pro could tell you (I believe) that even if there were some way to harden down communications and the machines that use them (and on the current Internet, with our current machines and devices, there is not) all the way to “bullet-proof”, there’s still the humans using the machines.

Do you think it took a super spy like James Bond to obtain those documents? You know.. using some laser in his wristwatch to cut his way into some heavily guarded “commo room”? So he could pocket some super CD? Like in the movies? (the first Mission Impossible, maybe?)

Ha.. I made myself chuckle at that. No, all James would have to do is get a job as a night janitor, and walk from PC to PC typing in “password” until he had full access to any database. ‘Cuz some regular employee surely is using that as their logon, (and some IT type isn’t enforcing the password policy..)

No I wasn’t, and I doubt anyone who really thinks about things would be, surprised by the “leak”. We knew it was coming, because we know the government uses the Internet for communications. And uses PC’s like ours.  (And they want to put more information about us into their databases. Everyday. Great, eh?) Though they should not be. We know of other “breaches” and “thefts” and “leaks”. (Some of us have become kind of numb from seeing so many, month after month.. ) And, know this, our government (typically) tries harder at security than our businesses and corporations (typically) do. (Remember TJMax?)

But this isn’t about me, nor the government, it’s about you. I remind you of the quote higher up, “WikiLeaks Teaches Us that No Data is Safe.” That is the title of a recent article by long time tech writer Lance Ulanoff, who happens to be the current Editor in Chief of PC Magazine. Here’s an excerpt..

“As the press and pundits pore over the thousands of documents (cable communications) released today by WikiLeaks .. I find myself pondering the other lessons this new breach teaches us. The biggest and most obvious is that the digital world is a porous place. What’s put in can and will get out. Our secrets are only safe for as long as we share them with no one, in no fashion.”

and here is the link to the article, WikiLeaks Teaches Us that No Data is Safe. I think it a very good, and very important read. I hope you’ll read it. And I hope you’ll think about it too..


Related links: 7 Practices for Computer Security

Sorta related: (And just one example of why I think “cloud computing” is a fundamentally bad idea.) Operation Payback cripples MasterCard site in revenge for WikiLeaks ban

The websites of the international credit card MasterCard and the Swedish prosecution authority are among the latest to be taken offline (by hackers) in the escalating technological battle over WikiLeaks, web censorship and perceived political pressure.

Co-ordinated attacks by online activists who support the site and its founder Julian Assange – who is in UK custody accused of raping two Swedish women – have seen the websites of the alleged victims’ Swedish lawyer disabled, while commercial and political targets have also been subject to attack by a loose coalition of global hackers.

Cheer up. Some good news: Accused Mega-D botnet operator arrested

Copyright 2007-2010 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.


>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<


Share this post :

December 8, 2010 - Posted by | computers, Internet, security | , , , , , ,

13 Comments »

  1. Yes, Paul many of us have heard of Wikileaks, with much confusion, opinions and controversy…
    Much of what u write here is clear and precise,covering a lot of pertinent areas of this “digital world” …there’s probably worse to come.

    Keep us posted!

    Thanks

    Gaia

    Like

    Comment by Gaia | December 9, 2010 | Reply

    • Gaia,
      All the IT security experts I have had the good fortune to talk to are agreed that it is going to get worse before it gets any better. That’s one side of the coin. The other side of the coin is that things have already gotten so bad that the entire industry has woken up, are taking security seriously, and are changing how they do things.

      Unfortunately.. our system is built on software and hardware that is old, and was created when security was not even thought about.

      Like

      Comment by techpaul | December 9, 2010 | Reply

  2. There is another side to this coin… It is possible, however remote, that a flipped coin could land on it’s edge.

    I seemed to have partially ignored the security issues that this article is about. I am a firm believer in freedom of the press, but when that freedom may cause American and coalition soldiers to be put in harms way there is something fundamentally wrong. We may have thousands of soldiers (and civilians) killed due to this leak of information. I’m upset and mad; No, downright furious about this part of wikileaks information release.

    Now that I have read this article for the 4th time I finally looked past the political issues and actually saw what Paul is saying. No data is safe. No place, anywhere. Hackers are out to get our information anyway they can.

    I’ve said this before as has Paul and every other Information Security professional. You must do everything possible to lock down your computers and make them as hack proof as possible. That means you have to pay for some security software and get all the free software that you can as well.

    Like

    Comment by KsTinMan | December 10, 2010 | Reply

    • KsTinMan,
      We are living in what has come to be called the “Information Age”… meaning information has become coin of the realm, has value in and of itself. Is an asset. A list of names is worth money. Someone’s vitals – worth money. That’s why Google (and others) collects minutia on us, it has value.

      This “information” is stored (usually in what is believed to be a secure way) on unsecure devices, and communicated (usually in what is believed to be a secure way) over an unsecure network.
      It is one thing if we’re talking about YouTube videos, and my search for the perfect fruitcake recipe, quite another when we’re talking about Government agencies (such as taxation, and Law Enforcement), the banks, and national security.

      I am not worried (too much) about a hacker stealing my identity from me (my machine), but I know that my “identity” is stored by other people in other places on other machines, and I have to trust they know their security, implement rigid controls, and purchase Top Tier professional defenses.
      Which I don’t trust for a second. I’ve seen the people who work at the DMV..
      And I know which department is the first to be cut when it’s time for ‘belt tightening”… IT.

      Like

      Comment by techpaul | December 10, 2010 | Reply

      • I couldn’t agree more. I have ONE credit card, which offers a service called SafePay. It creates a “phony” credit card number and security code with a spending limit that you set. I feel a bit safer knowing that my “real” card number isn’t being stored by Amazon or wherever else I may shop online.

        However, that doesn’t keep the same hackers from getting into the bank server and stealing the real number.

        I saw the belt tightening begin in 2004 where I worked, and yes, IT was the first department to be hit. I knew more about InfoSec than the goofballs they hired in place of our true professionals. Sad but true.

        Like

        Comment by KsTinMan | December 10, 2010 | Reply

        • Another “sad but true” fact of life.. when you have a brother in law, who really needs a job, and you run a successful business, you kinda have to “find a spot” for him..
          Guess where that usually is?

          Yup. That dark room in back. The one with all the ‘puters in it. Go sit there and watch the blinking lights.. but don’t touch anything!

          PS– your tip on cc’s is a good one. I hope folks will consider trying it on for size themselves.

          Like

          Comment by techpaul | December 10, 2010 | Reply

          • On a lighter note in reference to “blinking lights”… There was a hand typed sign on the server rack in the IT department where I worked. For any German readers out there, please don’t take offense to the nonsensical mangling of the German language included on it:

            “Achtung! Das machine ist nicht fur gerfingerpokken und mittengrabben. Ist easy schnappen der springenwerk, blowenfusen, und corkenpoppen mit spitzensparken. Das dumkopfen keepen das hands in das pockets. Relaxen und watchen das blinkenlights.”

            I’ve seen various versions of it ever since I got into the field of electronics and computers (1974), placed somewhere near a piece of delicate equipment. I had to chuckle about that sign when they replaced our IT pros with unqualified individuals!

            Like

            Comment by KsTinMan | December 10, 2010 | Reply

            • We had a sign on the blueprint machine where I worked in 1979 that was quite a bit longer, and I wish I could find the whole thing again. After “mittengrabben”, it said, “Ist nicht geverken by dumkopfs,” and then it ran on and on. I’m sure of the first two sentences at least. I thought I had a copy of the thing, but hey, that’s been a LONG time ago. Thanks for posting at least a little of what I remembered!

              Like

              Comment by KimC | January 2, 2011 | Reply

              • KimC,
                Is this it?

                Alles touristen und non-technischen looken peepers! Das machinkontrol is nicht for gefengerpoken und mittengrabben. Oderwise is easy schnappen der springenverk, blowenfus, undpoppencorken mit spitzensparken. Der machine is diggen by experten only. Is nicht fur geverken by das dumpkopfen. Das rubber necken sightseenen keepen das cotton-picken hands in das pockets. So relaxen, und vatchen das blinkenlights.

                Like

                Comment by techpaul | January 2, 2011 | Reply

  3. TechPaul,

    As a result of WikiLeaks and all of the controversy, the supporters of WikiLeaks started taking down (denial of service attacks) major credit card sites. Again, goes to show nothing is sacred or safe on the internet.

    Rick

    Like

    Comment by Ramblinrick | December 10, 2010 | Reply

    • Rick,
      Good point.

      The Internet has been described as the “wild, wild, West”.
      In reference to its lawless, wide open, and ‘uncharted territory’ characteristics.

      Yet people think it is like one big public library, where everyone will speak softly, follow the rules, and behave as if others are watching (and keep in mind the kids).
      Ha.

      …And those people needed to be punished, so the ‘global hackers’ took it upon themselves to punish.
      (Folks, there’s a link in the article to this story.)

      Like

      Comment by techpaul | December 10, 2010 | Reply

      • I’m glad you brought that issue up Rick. I have been following it on the news along with the rest of the information on this fiasco.

        Hackers can’t resist the opportunity to show their prowess, especially when they know full well that the news will cover that part of the story too. “See… we can even shut down the banks”. From what I’ve read in the past about Denial of Service attacks, it seems like it’s mostly a bunch of kiddie hackers pounding their chests like gorillas, but I would be willing to bet that this group are much more mature (physically anyway).

        Like

        Comment by KsTinMan | December 10, 2010 | Reply

        • KsTinMan (and Rick),
          That, in a nutshell, is why I will resist and shun “cloud computing”, and they will have to pry my OS install disc from my cold dead fingers.

          Even if the service is from someone as wealthy, experienced, and equipped as a Google or a Microsoft, it is built on a vulnerable foundation, and is a fundamentally flawed methodology.
          When it works as advertised, great. But…

          Like

          Comment by techpaul | December 10, 2010 | Reply


Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: