The Dark Tangent Says we are all DOOMED!!!

The Dark Tangent (Jeff Moss) president of the DEF CON hacker conventions is interviewed on CyberSpeak podcast and talks about the change in venue from Alexis Park to the Riviera Hotel and Casino. In response to the question, “who will protect our privacy from big business?”, he responds, “we are all doomed!”. Great interview!

read more | digg story

6 Tips to Protect your Internet to Real world Persona

“Craigslist posters robbed at gunpoint in Walnut Creek

An advertisement on the Craiglist.org Web site led to an armed robbery in a Walnut Creek Target store parking lot Sunday night, Lt. Mark Covington of the Walnut Creek Police Department reported.” – found via digg.com

This kind of thing is sure to become worse as more and more of the criminal element get online and see how easy it is to exploit people doing business on the Net. I suspect that eventually bloggers who are too open with their names’ and address’ will eventually be big targets for all manor of deception. There are many services online that you may be completely exposing yourself on: ebay, flickr, craigslist, myspace, your blog, a website, google (via a website), yahoo! just to name a few. I’m not saying you should not use them. I’m just suggesting you give yourself a buffer for the more insane and evil parts of humanity who seek to harm you.

Here are 3 steps to protecting your Internet Persona:

1) Google yourself. Corporations and business’ are starting to do this prior to hiring new employees. So why not google yourself and make sure you don’t have pictures on myspace of that wild St. Patrick party you were at last year? Don’t wait. Do it NOW. Check Yahoo!, MySpace, Altavista, dogpile and visimo.com. Even if you don’t do much of anything on the Internet, remember many of your friends do. They might have post pictures of you with your full name and DOB!

2) Use a Pseudo name. With only your real name and a past or present address, anyone can get all kinds of very personal information for about $7 on sites such as:
– PublicRecordNow – http://www.privateeye.com
– People Finder – http://www.peoplefinders.com
– AnyWho – http://www.anywho.com/
For more money they can also get extremely personal data (divorce papers, marriage, mortgage documents ect.). The laws in the U.S. which offer almost ZERO protection for personal privacy make all this totally legal. A psuedo name will give you a little bit of what is called “Security through obscurity”.

3) Use a private domain. If you have registered domain, you will notice that most domain sellers (such as godaddy) offer a way to make your new domain private for a small additional fee. Get that privacy! If you don’t your address, will be put in a database as a primary point of contact for that domain. It is made publicly available all over the world via Arin.net.

*One of the first steps any security hacker uses is Arin.net to get more information on there target. Tools like SamSpade make it even easier to get information from registered domains and IP addresses.

4) Use a P.O. box. Instead of your actual home address go to your local post office and get a P.O. box. It only costs about $25 bucks a year (depending on what kind of box it is). If your really parnoid get it in another county.

*If you set up a corporation or non-profit this is also important as a corporation is treated just like an individual and is almost immediately advertised all over your local area to other corporations and eventually finds its way on the Net with your full home address and possibly your full name.

5) Use an 1-800 number. If you absolutely have to give a phone number out on the Internet, use an 1800 number. They are great because it can be thrown away or changed easily if it gets hit with telemarketers and political lobbyists.

*If you use your real number and it gets in the hands of Bangalore, India call centers, be prepared to get tons of caller trying to sell you Viagra. Trust me, it is NOT fun. Your real number is also easier to trace directly to your real name and real home address.

5) Don’t publish your primary e-mail address. A great way to get lots and lots of spam is to put your real email address on a webpage or blog. Spammers have tools that allow them to automatically scoure the internet and gather email address (this is also easy to do with a search engine). The best thing to use is a throw away email account such as the following:

What many people do is “elamb [DOT] security [ AT] gmail.com” to fool the automated systems, but I suspect this won’t be enough in the near future.

6) Don’t meet anyone you just met online. This should be common sense but as you read in the example above some people still don’t see how dangerous the Internet can be. Do NOT do meet up with people you just met on the Internet. Just be aware that there are a lot of predators on the Internet.

Are you on the Internet?
Here are some good places to look:
Search engines: google, yahoo!, dogpile, altavista, msn, metacrawl, visimo (search top 5 pages)
http://dexonline.com (go to residential tab | enter your name, city and state)

You’ll have to send these people mail to get out of their database.  You may want to check your local Yellow pages (online) as well.

Publicly listed information sold to the highest bidder:

Dex Media, through its Dex Direct marketing division, sells two types of lists:
Publicly available name, address and telephone (NAT) listings that Dex Corporation’s customers agree to have published in White and Yellow Pages, and
Additional marketing lists – beyond name, address and telephone numbers – that are provided to Dex Media by other companies not associated with Qwest, and then resold to Dex Media customers.

Here is a good reason to use a pseudo name, untraceble phone number, private domain and a P.O. box on the Internet.

While it is important to establish a good connection with your customers and readers by being open and honest about who you are it is more important to protect yourself and your family from the likes of crazies, criminals and shameless solicitous spammers who have no respect for themselves let alone any for you.

read more | digg story

DIACAP is READY

What is scary, is that my blogs are on google above some of the most informative pages about DIACAP.  For this reason, the government should have secured blogs and or forum (.mil/.gov only) to allow faster access to this kind of extremily important information.  C & A, security engineering and IA officers get information much faster than the Gov’t can publish.  A security forum or secure blogs would allow some email that we get on the latest news on IA issues to be posted immediately without fear of giving out unauthorized data over the Internet.  Just one mans oppinion.

DoD 8510.bb is signed and will supercedes DoDI 5200.40 and DoDI 8510.1-M.   

The DIACAP Knowledge Service site is up and ready to go:

https://diacap.iaportal.navy.mil. (.gov, .mil only)

More information on the DIACAP – http://www.sdissa.org/downloads/Revised_DIACAP_KS_eMASS_Brief ISSA_10-28-05.ppt

What I don’t get is how to get to eMASS. 

Unless I have read wrong, the “Enterprise Mission Assurance
Support System” (eMass)  
is supposed to be the main feature for automating and streamlining the Certification and Accreditation process.  It seems that you have to get some sort of software to get access to eMass.  Not sure, I’m researching this while reading up on the new DIACAP documents.  

Here is some contact information on how to get on eMass – https://diacap.iaportal.navy.mil/ks/links2/emass.aspx

 

1 63 64 65