Disclaimer: I work in the field, but do not have nearly enough information on your particular situation, jurisdiction, etc to provide detailed recommendations. What follows is basic best practice stuff based on my jurisdiction and market sector.
* First, any sensitive information you are collecting, ask if you really REALLY REALLY need it. This stuff is toxic waste. Your first and best defense is not to store it if you don't need it.
* A hash of something like a SSN, Telephone number, etc is worthless in terms of protecting you. Hashes are only useful if the search space is large enough to make the full space search computationally unfeasible. 1 billion SHAs is not computationally unfeasible. Also typically hashes are only useful if what you want to do is compare two values, e.g. passwords. If you're trying to anonymize, hashing a PII (personally identifiable information) element doesn't anonymize the data as it doesn't break the PII link.
* DON'T WRITE YOUR OWN ENCRYPTION. EVER. Unless you have a deep deep background in crypto and submit your alg for peer review for years before using it, just don't.
* Consult a good lawyer. There can be pits in here that you might not think of, particularly if you don't have a security dept with someone who spends their time dealing with privacy issues. A good lawyer won't say "You can't do that" a good lawyer will outline the risks that you will be running and let you accept them - just like a good risk mgmnt dept will
* Use the security controls in your database. If your client doesn't need to access the hashes because they're being computed by a stored procedure then the user your client accesses the database shouldn't have access to the hashes. Same goes for salts only more so. I've seen too many apps written using one user for everything. Don't do this.
And if we're to the wrench hitting level, breaking into your house and installing a mic bug in your keyboard works a treat for tapping your VOIP conversations.
Just pointing out, what he in fact says is As McDonand's does not publish any direct contact email information,. The page you link to contains no email information. He also says I tried on many occasions to contact McDonald's but have not received any response and details attempting to call their US 800 line.
Yep. At the moment at least. While I'm not in the 1% I'm probably comfortably in the 10%. I pay more taxes then I would if I crossed the border and worked for the US parent company I work for. They've offered to relocate me. And I turned it down. I also (as mentioned) have a wife who is a US citizen, so I could immigrate and live there fairly trivially (at least as easily as we had to go through to get my wife into Canada).
Let's accept for the moment that I'm not one to cut off my nose to spite my face, for the sake of argument. Why would someone choose to make less money and pay more of it in taxes, when they could fairly easily cross the border and not. Obviously I feel I am receiving something of value in exchange.
My wife was born with a hole in her heart. Her parents were vets, full US military benefits, as well as private medical insurance. Keep in mind no one did anything wrong, it was congenital. She was born with it.
Her parents went BANKRUPT paying to keep their daughter alive.
I choose not to live in a society that allows that to happen. I choose to live in a society where even if I had been out of work, out of money, etc, my daughter who did have medical issues during the pregency, would have gotten the same standard of care as she did with my being in the 10%.
So yes, I pay my taxes and support other people who aren't as lucky as I am (and yes, I'm lucky. I made some career choices which as it turned out were good ones. Could have just as easily gone the other way. I do what I enjoy and I'm lucky that society happens to value it. If I enjoyed art I could just as easily be a starving artist.) I'm fine with that.
The government paying has some other interesting second order effects. The Government's interests are now aligned to ensuring the health of their citizens is as good as it can be.
This provides a useful counterbalance against corporate money, because at the end of the day any decision that causes the injury, sickness, etc of a Canadian resident costs the government directly.
So ya, I'm paying. Now. There was a part of my life where I as unemployed for 2 yrs. Someone else paid for my health care then. I give them a helping hand and they give me a helping hand. That is after all what societies are supposed to do, right?
(from a global perspective, the Tweedledum and Tweedledee parties are both right-wing).
This. When my US born wife moved to Canada and I was explaining the political system up here to her, I explained, we have 4 main parties at the moment. The Conservatives are generally a bit to the left of the Dems. The Liberals are a notch to the left of the Conservatives, and the NDP are so socialist/left that it'd give any US politician a heart attack. The Block are a special interest party but are typically somewhere in the middle.
We have a constitutional document (The Charter of Rights and Freedoms) which bans discrimination, and a court system which interprets the word fairly broadly (to include for instance, HIV status, pregnancy status, sexual orientation, etc).
And I presume I don't need to discuss Canada's health care system. ObamaCare doesn't come anywhere near to socialized health care in comparison. Mores the pity - I feel for my wife's family. It is comforting to know if the company I work for goes under and I get sick, nothing will change, I can still walk into the same doctors office and get the same care, and still walk out without paying. (My wife said the weirdest feeling was leaving the ER without paying... the doctor said they were done with us, and my wife asked me where we went next. I answered "er... home...". She felt like she was dining and dashing.
Oh and BTW, there have been no reports of spontaneous combustion during same sex marriage ceremonies, even those performed in churches.
So yes, I'd say even your neighbors to the north see the US political system as being on the whole very right wing, even your supposedly liberal left party.
Agreed that changing the control parameters would trigger tripwire, but assuming you have appropriate separation of duties in place the person monitoring tripwire would look at the maint schedule, confirm the change in (in this case rotational velocity) parameters and approve the change. Or note that the parameters are not as per the approved change and scream bloody murder.
Agreed, but that's physical controls, which are required for almost any computing hardware. If you have unfettered physical access to the system the ONLY thing any technical controls are going to do at that point is slow you down (hopefully long enough for the physical controls to catch up). Something like tripwire is the solution for detection of code tampering.
In a perfect world, yes you would be able to keep your SCADA systems up to date with all patches and run the latest OS, The reality is however that even if MS continued to support security patches for XP until the end of time there would be SCADA systems which are unpatched because of __________ (there's ALWAYS some reason). So the compensating controls around code tampering are still required. As are the compensating controls around network access.
This is why most security folks highly recommend SCADA and industrial control systems be put on an isolated network with an air gap. Typically these systems have a limited need to read/. And absent Bruce Schneier deciding to hack your plant, you're pretty safe if you got nothing connecting the SCADA/industrial control system to an external network. Remote maint can be a pain, but these things can be worked around. My suggestion is a firewalled PC running a supported OS and all the latest shots and such that you can set up a g2m on and is only plugged into the SCADA/industrial control system network during maint (which as you rightly point out is infrequent) and has cross card routing disabled.
Again, not proof against Bruce in a bad mood, but mere mortals will find it hard to crack:)
You are welcome to, but if the story I quoted before doesn't convince you feel free to search google news. I would suggest "Gambling site" "Random" and "DoS" as search criteria.
In the case I was involved with it was wired via Western Union to a place in Moscow where (according to the PI we hired) it was picked up by call girls and taken back to the culprits. They did eventually get nailed but it took years due to the complexities of law enforcement in an international environment.
We eventually signed with Prolexic to stop them coming back.
Typically, yes (assuming your OS platform of choice doesn't have some other resource that can be remotely exhausted more cheaply then bandwidth). The problem is one of the standard defender delimas: The attacker needs bandwidth for a short period of time (typically), as their goal is to make you say "Uncle" weather that means paying their ransom, capitulating to some demand or whatever. You as a defender have to incur a cost for your defensive strategy that is either (relatively) low, non-scalable, and continuing (trying to out provision the attacker) or a high cost outsourcing solution. The attacker on the other hand rents 10,000 nodes for 200$/day. Figure that's about 5gigs conservatively (we'll say.5mbit upload as an average per node). Now assuming your data center will handle a sudden 5gig burst without cutting you off (good ones will, cheap ones will just cut you off) your hosting bill just went up by 54TB (5*3600*24/8) per day. That's not going to be sustainable for long.
That's why the outsourcing solution tends to be the way to go if you're being targeted by anyone willing to spend halfway decent money on attacking you. The ROI from the attacker POV looks pretty good. Say they ransom you for 50K (an average number for such things). If they have to keep you under DDOS for even a week till you cave, (378 TB worth of data) that nets them 48600. That's a pretty good business case from their point of view.
It's one of those moments when it sucks to be the good guys.
I used to run infosec for one of the mid-tier online gaming operations run out of the Caribbean. We got extorted by one of these gangs, and ended up paying Prolexic (they were Digidefense at the time) to solve this for us.
As for weather you can risk doing without it depends strongly on what your user tolerance for downtime is and how bursty your revenue stream is. The lower the tolerance and/or the more bursty the revenue stream the more vulnerable you are to these sort of attack methodology, as the opposition pays for the time they are actually attacking you, so if you can weather the attack they'll eventually give it up. If on the other hand they can cost you significant sums of cash by taking you out for 6 hrs (say sports betting, target the opening day games), that increases your susceptibility to these attacks.
Feel free to drop me a line if you have any more questions (my/. listed email will get to me).
I've lived through this (although in my case the twits doing it were holding us for ransom) Prolexic was the solution we went with and I endorse it. The economics of the situation strongly favor outsourcing to a third party. It's a service you'll likely need for a short period of time, provisioning it yourself would entail obtaining equipment and specialized expertise that you would have to commit to over a long period of time. A Prolexic can afford to obtain better equipment, and have specialized staff who can configure it to block the latest attack because they're dealing with it for clients constantly.
There is something between a warrent and hacking. It's called "asking". If facebook recieves a request for information from a fedreal agency, they can choose to comply (I doubt there's anything in the contract you have with them that prohibits it) of their own free will. No warrent required.
This one was (fortunately) in an unpopulated area of Russia or it'd have been bad casualty wise. As it stands it's believed to be the largest non-nuclear explosion. Caused by cyber-war/cyber-espionage:
Even if they lost all 14 of these narrowly contested ridings
if (and keeping in mind that we're discussing a matter still under investigation and far from someone being found guilty in a court of law) it turns out that the government was complicit in this sort of vote fraud, it would be my deepest hope that at least some portion of the Conservative MPs would find enough ethical sense to step away from their party and cross the floor or act as independents. That would be the thing an hounorable MP would do. It would be nice to see my faith in people upheld.
Slashdot Mirror
> open mailbox
OK.
> mail absentee ballot
OK.
> wait
Nothing changes.
The future is dark.
You are eaten by a guru.
Waitaminute... immoral?
We're talking about someone choosing to give up their PII as a consensual act.
That's my right to choose to trade information about myself.
Ill advised? Arguable. Immoral? No.
Min
Disclaimer: I work in the field, but do not have nearly enough information on your particular situation, jurisdiction, etc to provide detailed recommendations. What follows is basic best practice stuff based on my jurisdiction and market sector.
* First, any sensitive information you are collecting, ask if you really REALLY REALLY need it. This stuff is toxic waste. Your first and best defense is not to store it if you don't need it.
* A hash of something like a SSN, Telephone number, etc is worthless in terms of protecting you. Hashes are only useful if the search space is large enough to make the full space search computationally unfeasible. 1 billion SHAs is not computationally unfeasible. Also typically hashes are only useful if what you want to do is compare two values, e.g. passwords. If you're trying to anonymize, hashing a PII (personally identifiable information) element doesn't anonymize the data as it doesn't break the PII link.
* DON'T WRITE YOUR OWN ENCRYPTION. EVER. Unless you have a deep deep background in crypto and submit your alg for peer review for years before using it, just don't.
* Consult a good lawyer. There can be pits in here that you might not think of, particularly if you don't have a security dept with someone who spends their time dealing with privacy issues. A good lawyer won't say "You can't do that" a good lawyer will outline the risks that you will be running and let you accept them - just like a good risk mgmnt dept will
* Use the security controls in your database. If your client doesn't need to access the hashes because they're being computed by a stored procedure then the user your client accesses the database shouldn't have access to the hashes. Same goes for salts only more so. I've seen too many apps written using one user for everything. Don't do this.
Hope some of that helps you.
Min
You might also check out http://www.canadawebhosting.com/. I've been involved in several projects using them and been happy with the results.
Min
Wow - Mod this one +1 Honest :)
Min
Typically people don't TYPE their VoiP conversations... and usually you don't use a mic to bug a keyboard and get keystrokes...
I'm packing as I type this... Defcon XX here I come.
Min
And if we're to the wrench hitting level, breaking into your house and installing a mic bug in your keyboard works a treat for tapping your VOIP conversations.
Min
Just pointing out, what he in fact says is As McDonand's does not publish any direct contact email information,. The page you link to contains no email information. He also says I tried on many occasions to contact McDonald's but have not received any response and details attempting to call their US 800 line.
Someone is paying. That someone is you.
Yep. At the moment at least. While I'm not in the 1% I'm probably comfortably in the 10%. I pay more taxes then I would if I crossed the border and worked for the US parent company I work for. They've offered to relocate me. And I turned it down. I also (as mentioned) have a wife who is a US citizen, so I could immigrate and live there fairly trivially (at least as easily as we had to go through to get my wife into Canada).
Let's accept for the moment that I'm not one to cut off my nose to spite my face, for the sake of argument. Why would someone choose to make less money and pay more of it in taxes, when they could fairly easily cross the border and not. Obviously I feel I am receiving something of value in exchange.
My wife was born with a hole in her heart. Her parents were vets, full US military benefits, as well as private medical insurance. Keep in mind no one did anything wrong, it was congenital. She was born with it.
Her parents went BANKRUPT paying to keep their daughter alive.
I choose not to live in a society that allows that to happen. I choose to live in a society where even if I had been out of work, out of money, etc, my daughter who did have medical issues during the pregency, would have gotten the same standard of care as she did with my being in the 10%.
So yes, I pay my taxes and support other people who aren't as lucky as I am (and yes, I'm lucky. I made some career choices which as it turned out were good ones. Could have just as easily gone the other way. I do what I enjoy and I'm lucky that society happens to value it. If I enjoyed art I could just as easily be a starving artist.) I'm fine with that.
The government paying has some other interesting second order effects. The Government's interests are now aligned to ensuring the health of their citizens is as good as it can be.
This provides a useful counterbalance against corporate money, because at the end of the day any decision that causes the injury, sickness, etc of a Canadian resident costs the government directly.
So ya, I'm paying. Now. There was a part of my life where I as unemployed for 2 yrs. Someone else paid for my health care then. I give them a helping hand and they give me a helping hand. That is after all what societies are supposed to do, right?
Min
(from a global perspective, the Tweedledum and Tweedledee parties are both right-wing).
This. When my US born wife moved to Canada and I was explaining the political system up here to her, I explained, we have 4 main parties at the moment. The Conservatives are generally a bit to the left of the Dems. The Liberals are a notch to the left of the Conservatives, and the NDP are so socialist/left that it'd give any US politician a heart attack. The Block are a special interest party but are typically somewhere in the middle.
We have a constitutional document (The Charter of Rights and Freedoms) which bans discrimination, and a court system which interprets the word fairly broadly (to include for instance, HIV status, pregnancy status, sexual orientation, etc).
And I presume I don't need to discuss Canada's health care system. ObamaCare doesn't come anywhere near to socialized health care in comparison. Mores the pity - I feel for my wife's family. It is comforting to know if the company I work for goes under and I get sick, nothing will change, I can still walk into the same doctors office and get the same care, and still walk out without paying. (My wife said the weirdest feeling was leaving the ER without paying... the doctor said they were done with us, and my wife asked me where we went next. I answered "er... home...". She felt like she was dining and dashing.
Oh and BTW, there have been no reports of spontaneous combustion during same sex marriage ceremonies, even those performed in churches.
So yes, I'd say even your neighbors to the north see the US political system as being on the whole very right wing, even your supposedly liberal left party.
Min
It is now - just a VERY low orbit!
Agreed that changing the control parameters would trigger tripwire, but assuming you have appropriate separation of duties in place the person monitoring tripwire would look at the maint schedule, confirm the change in (in this case rotational velocity) parameters and approve the change. Or note that the parameters are not as per the approved change and scream bloody murder.
Min
Agreed, but that's physical controls, which are required for almost any computing hardware. If you have unfettered physical access to the system the ONLY thing any technical controls are going to do at that point is slow you down (hopefully long enough for the physical controls to catch up). Something like tripwire is the solution for detection of code tampering.
In a perfect world, yes you would be able to keep your SCADA systems up to date with all patches and run the latest OS, The reality is however that even if MS continued to support security patches for XP until the end of time there would be SCADA systems which are unpatched because of __________ (there's ALWAYS some reason). So the compensating controls around code tampering are still required. As are the compensating controls around network access.
Min
This is why most security folks highly recommend SCADA and industrial control systems be put on an isolated network with an air gap. Typically these systems have a limited need to read /. And absent Bruce Schneier deciding to hack your plant, you're pretty safe if you got nothing connecting the SCADA/industrial control system to an external network. Remote maint can be a pain, but these things can be worked around. My suggestion is a firewalled PC running a supported OS and all the latest shots and such that you can set up a g2m on and is only plugged into the SCADA/industrial control system network during maint (which as you rightly point out is infrequent) and has cross card routing disabled.
Again, not proof against Bruce in a bad mood, but mere mortals will find it hard to crack :)
Min
You are welcome to, but if the story I quoted before doesn't convince you feel free to search google news. I would suggest "Gambling site" "Random" and "DoS" as search criteria.
Min
[citation]http://www.cbc.ca/news/technology/story/2006/10/28/online-gambling.html[/citation]
In the case I was involved with it was wired via Western Union to a place in Moscow where (according to the PI we hired) it was picked up by call girls and taken back to the culprits. They did eventually get nailed but it took years due to the complexities of law enforcement in an international environment.
We eventually signed with Prolexic to stop them coming back.
Min
Typically, yes (assuming your OS platform of choice doesn't have some other resource that can be remotely exhausted more cheaply then bandwidth). The problem is one of the standard defender delimas: The attacker needs bandwidth for a short period of time (typically), as their goal is to make you say "Uncle" weather that means paying their ransom, capitulating to some demand or whatever. You as a defender have to incur a cost for your defensive strategy that is either (relatively) low, non-scalable, and continuing (trying to out provision the attacker) or a high cost outsourcing solution. The attacker on the other hand rents 10,000 nodes for 200$/day. Figure that's about 5gigs conservatively (we'll say .5mbit upload as an average per node). Now assuming your data center will handle a sudden 5gig burst without cutting you off (good ones will, cheap ones will just cut you off) your hosting bill just went up by 54TB (5*3600*24/8) per day. That's not going to be sustainable for long.
That's why the outsourcing solution tends to be the way to go if you're being targeted by anyone willing to spend halfway decent money on attacking you. The ROI from the attacker POV looks pretty good. Say they ransom you for 50K (an average number for such things). If they have to keep you under DDOS for even a week till you cave, (378 TB worth of data) that nets them 48600. That's a pretty good business case from their point of view.
It's one of those moments when it sucks to be the good guys.
Min
I used to run infosec for one of the mid-tier online gaming operations run out of the Caribbean. We got extorted by one of these gangs, and ended up paying Prolexic (they were Digidefense at the time) to solve this for us.
As for weather you can risk doing without it depends strongly on what your user tolerance for downtime is and how bursty your revenue stream is. The lower the tolerance and/or the more bursty the revenue stream the more vulnerable you are to these sort of attack methodology, as the opposition pays for the time they are actually attacking you, so if you can weather the attack they'll eventually give it up. If on the other hand they can cost you significant sums of cash by taking you out for 6 hrs (say sports betting, target the opening day games), that increases your susceptibility to these attacks.
Feel free to drop me a line if you have any more questions (my /. listed email will get to me).
Min
I've lived through this (although in my case the twits doing it were holding us for ransom) Prolexic was the solution we went with and I endorse it. The economics of the situation strongly favor outsourcing to a third party. It's a service you'll likely need for a short period of time, provisioning it yourself would entail obtaining equipment and specialized expertise that you would have to commit to over a long period of time. A Prolexic can afford to obtain better equipment, and have specialized staff who can configure it to block the latest attack because they're dealing with it for clients constantly.
Min
Ah yes, I remember reading an EchoMail message from a fellow who watched the Berlin Wall come down.
1:351/1 was my node if memory serves :)
It's amazing what we can take for granted when we cease stopping to think about it. Thanks for reminding me.
Min
There is something between a warrent and hacking. It's called "asking". If facebook recieves a request for information from a fedreal agency, they can choose to comply (I doubt there's anything in the contract you have with them that prohibits it) of their own free will. No warrent required.
The feds might even say "Please".
Min
This one was (fortunately) in an unpopulated area of Russia or it'd have been bad casualty wise. As it stands it's believed to be the largest non-nuclear explosion. Caused by cyber-war/cyber-espionage:
http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage
Even if they lost all 14 of these narrowly contested ridings
if (and keeping in mind that we're discussing a matter still under investigation and far from someone being found guilty in a court of law) it turns out that the government was complicit in this sort of vote fraud, it would be my deepest hope that at least some portion of the Conservative MPs would find enough ethical sense to step away from their party and cross the floor or act as independents. That would be the thing an hounorable MP would do. It would be nice to see my faith in people upheld.
Min