Category: Articles

Learning From Spam?

spam“Do you know that Canada is the World’s Third Largest producer of Diamonds?”

Hmm that’s interesting. I wasn’t aware of that. Please, do go on…

“In fact, Major discoveries in Recent years have made this one of the most Lucrative mining areas in the world.”

Wow makes me feel good to be a Canadian. I wonder what else this informative stranger has to say…

“Utilizing leading-edge geological theories, Kimber Resources (KRXR) has assembled a portfolio of diamond claims in this Highly Prolific region.

Good for them. It’s good to hear about a company doing well this ever changing economic climate.

“Rumors of a major discovery are just hitting the street and giving the issue really nice volume.”

Volume’s good. They always talk about shampoo that adds volume being a good thing.

“This, however, is just the beginning.”

Really? I wonder what’s next? The suspense is killing me!

“Trrading at just over $2, when official news is out we are going to see this gem well up into the $4 range!”

OK I’m sure he meant to type “Trading” but that’s besides the point. This insider information sounds like a goldmine!

— —

Well I’m sure you can sense my sarcasm in this post (I should hope so because I’m laying it on pretty thick). These pump and dump stock spams are really starting to get to me. I don’t understand where these desperate people are that keep these scams alive. Every couple of months I take a look at the Spam Stock Tracker site to see how much the site owner would have lost had he invested in the stock tips he received via email spam.

If you would like to learn more about pump and dump schemes, also known as microcap fraud, please take a look at this excellent page which details the process.

Hacker Breaks Into Website of Canadian Nuclear Agency

nukeAs reported by the Ottawa Citizen, and numerous other sources, a hacker attacked the Canadian Nuclear Safety Commission website, littering it with dozens of photographs of a nuclear explosion and raising concerns about the security of information held by the nuclear watchdog agency.

There is no excuse for any government funded agency in Canada to be susceptible to an attack of this nature. The Communications Security Establishment (CSE) offers training to all levels of government, certifies products, and also conducts research and development on behalf of the Government of Canada in fields related to communications security.

I’ve assisted the CSE during their evaluation of a product and they were very thorough in their evaluation process. Not only do they follow their defined test plan to ensure proper validation, they also create “free form” scenarios in an attempt make the device do something unexpected, like removing key values from configuration files to see what happens.

This attack leads me to believe that the defacement of this website was due to a breakdown in process. The developers of the website, either internal developers or consultants, did not perform adequate validation of their code to ensure security. The project officer who signed off on the completion of the project should ultimately be held responsible for this breach. Part of their project goals should have been a complete inspection of the final product with respect to security using publicly available Government of Canada Publications published by the CSE.

I can’t help but think what a huge problem this breach would have been had this been anything more than a simple website defacement.

Why Doesn’t the Security Industry Have Champions in Hollywood?

tomhanksAs I picked up my latest copy of Information Security Magazine I found myself wondering what Tom Hanks was doing on the cover. On second glance I noticed that this wasn’t Tom Hanks but rather Eric Bangerter from the University of Wisconsin Credit Union.

This mistake made me think of two things:

  1. How could my eyes possibly be that bad?
  2. Why doesn’t the security industry have champions on Hollywood?

The first item really isn’t the basis for a good article so I’ll stick with the second item.

Animals have Paul McCartney, Buddhism has Richard Gere, Scientology has Tom Cruise (or maybe it’s the other way around), the UNHCR has Angelina Jolie, and PETA has Pamela Anderson. Who do we have? The security industry does not have a famous face to market the importance of implementing security measures in the home nor in the enterprise. Granted, we have such pioneers as Martin Roesch of Snort and Sourcefire fame, Bruce Schneier the author of such greats as Applied Cryptography, Secrets and Lies, and Beyond Fear, Kevin Mitnick the well known social engineer, author of The Art of Deception and The Art of Intrusion, and Radia Perlman one of the most respected names in security and networking, to name a few.

Even though these people are incredibly well known in the security industry I suspect that none of them would be met at the airport by 10000 screaming fans who are there just to hear the person say something life changing. I’ve been thinking about who should be approached for several days now and I’ve short listed a few people:

  • Harrison Ford – who wouldn’t listen to this great actor from such timeless films as Indiana Jones, Star Wars, Blade Runner, and most recently Firewall (not ‘timeless’ but helped put him on the short list due to its content).
  • John Travolta – his attention grabbing cool demeanor in such films as Pulp Fiction, Get Shorty, Face/Off, A Civil Action, Swordfish, and Be Cool ensured that he would make this list.
  • Speaking of cool what about Jack Nicholson? This man has done it all from The Shining to Batman to As Good as It Gets to A Few Good Men to One Flew Over the Cuckoo’s Nest. When Jack speaks people listen.
  • What about Catherine Zeta-Jones? This Welsh beauty commands the screen with her sly wit and sultry delivery. I’d be hard pressed not to listen to EVERYTHING she told me.

I’m sure I could go on listing people forever but I wanted to put some names out there. Who would you like to see represent the security community from Hollywood? Before answering ask yourself this question…“Who would make security cool enough that you’d be embarrassed not to care about it?”

Scroll to top