Year: 2009
Final Weekend in Bermuda and Security Thoughts
As you’ve noticed, I haven’t been posting much lately. I’ve been trying to wrap up everything here in Bermuda before our big move back to Canada. My last day at the office is on Wednesday – also the day that the movers come – and then we fly out at noon on Friday. We’re both really excited and we’re looking forward to getting back.
Now a word about security. One of the things that we have to do is cancel our services, such as power, cable, Internet, and so on. What completely amazes me is how unsecure their process for doing this is. Take for example my broadband Internet connection. After giving up on calling in, as no one was picking up the phone, I decided to send an email into support asking how to go about canceling my account. Two days later I received an email stating that I could simply email in my name (ok), address (ok, that’s fine), account number (umm…alright), passport and credit card number (sure…wait….WHAT?).
I replied to the email asking why they needed my credit card number to cancel a service. The response, “It’s how we prove that you are who you say you are“. I was beside myself. I replied to the email stating that I would no send my credit card information in over the Internet as this was an Insecure method of doing so. I received a response back, that same day, providing me with an alternative:
“Dear Mr. Hay,
If you are unwilling to send us the required information to cancel your account you can scan the front and back of your credit card and passport and fax it in. Alternately, you can come in and cancel your services at our storefront location.”
“Unwilling?” At this point I decided to stop trying to teach security to this support representative and politely replied back stating that I would do this in person at the storefront location. The storefront location didn’t need my passport, nor did they need my credit card, to cancel my account.
Wow.
Hillarious World War III Propaganda Posters
Brian Carmen brought these to my attention and they’re absolutely brilliant. They also go quite well with my Protesting Using Computers != Cyberwar article from yesterday:
Protesting Using Computers != Cyberwar
Ever since the Iranian election demonstrators turned to social media applications, such as Twitter and Facebook, it appears as though every media outlet is calling anything that happens to touch, or think about touching, the Internet, “cyberwar”.
Being of the Jerry Springer and “One of these three soft drinks are poison, tune in at 11pm and we’ll tell you which one” generation, I understand why using an eye catching headline is used. Obviously you, the dirty media, want to drive people to your program/story/blog/cause but, in doing so, you’re perpetuating false information. If my father, who is retired Navy, heard the term “cyberwar” he’d immediately think of words like: military, attack, etc. and not words like: rally, demonstration, and so on.
Now, don’t get me wrong, I understand that the demonstrators in Iran are being brutalized. What people need to know, however, is that the demonstrations, support, or response cannot, and should not, be classified as “cyberwar”. If anything, the online support that is demonizing the election results should be classified as psychological warfare that, although a component of war, is not an immediate physical response.
The Wikipedia definition of psychological warfare hits the nail right on the head:
The U.S. Department of Defense defines psychological warfare (PSYWAR) as: “The planned use of propaganda and other psychological actions having the primary purpose of influencing the opinions, emotions, attitudes, and behavior of hostile foreign groups in such a way as to support the achievement of national objectives.”
Does this not more closely match what is happening right now? I think it does. Even though Wikipedia defines cyber-warfare as having a propaganda component, which can loosely be tied to psywar, I fear that too much emphasis is being placed on it.
True cyberwar, which has yet to be let slip, is still in its infancy stage. Just like cavalry warfare, trench warfare, and armored warfare, it has to be perfected – but that’s not to say that it isn’t being tested and polished on the worlds electronic battlefields.
For any media types who are thinking of using “cyberwar” as the basis for an article on what is obviously social dissidence and believers in democracy leveraging technology to spread information please, think of the cringing security professionals trying not to vomit or have an aneurysm reading your story.
P.S. If you want to understand what true cyberwar is going to be, check out the information on the new US Cyber Command being formed.