The 18 September 2019 edition of the Wall Street Journal published a Journal Report entitled “Cybersecurity”.   They provide an incredible overview of cyber security with a test relative to how much we know about passwords.  I’m going to give you the test and to save time and “ink” the answers.  I have to say I was somewhat blown away with several of the answers. Here we go.

  1. How often do hacking-related data breaches leverage stolen or weak passwords?
    1. 10% of the time
    1. 27% of the time
    1. 63% of the time
    1. 81% of the time
      1. Answer “d”
  2. Common words and phrases are safe for passwords as long as they
    1. Are easy for you to remember
    1. At least 12 characters long and include a number and a punctuation mark
    1. Are in a language other than English
    1. None of the above:  they are not ever safe
      1. Answer “d”
  3. If you are struggling to come up with a secure password you should:
    1. Use a password generator
    1. Use your favorite song
    1. Use a pattern of keys such as ASDFG on your keyboard
    1. Ask a stranger for his wife’s date of birth
      1. Answer “a”
  4. Should you use a password manager?
    1. Yes, they are secure
    1. No, one password can be used to access all of your other passwords
    1. No, often they represent a backdoor scam to collect your passwords.
    1. No, they are for lazy people who can’t manage their own passwords
      1. Answer “a”
  5. It’s a bad idea to write passwords down because
    1. You could lose your scrap of paper
    1. Someone could find your passwords
    1. Alexa can read your writing
    1. Go ahead and write them down, it’s OK.
      1. Answer “d”
  6. Which of the following is a password once used by the magician, Teller of the duo Penn & Teller, and is it strong enough?
    1. PennStateOfMind
    1. Telleraboutit
    1. Tellereverythingyoufeel
    1. MofoKnows666
      1. Answer “d”
  7. You can use the password for more than account.  True or false?
    1. True
    1. False
    1. True, but only if you have strong passwords
    1. True, but only if you use it for passwords that are not important
      1. Answer “d”
  8. Who is considered a father of computer passwords?
    1. Fernando Corbato
    1. Alan Turing
    1. Bill Gates
    1. Ada Lovelace
      1. Answer “a”
  9. Which of the following passwords is the very best?
    1. Ilovecats
    1. EyeLuvKatzs3MeatPlatter
    1. iloveKatz123
    1. EyeLoveKatzs3MeatPlatter!WithAllPastrami
      1. Answer “b”
  10. How much longer does it take to crack a 12-character password drawn from uppercase and lowercase letters, the 10 digits and 10 symbols verses one with just 6 lowercase letters?
    1. 62 times longer
    1. 62,000 times longer
    1. 62 million times longer
    1. 62 trillion times longer
      1. Answer “d”
  11. On average, how many on-line accounts do people have that require passwords?
    1. 3
    1. 9
    1. 23
    1. 400
      1. Answer “c”
  12. What is the most common way Americans keep track of their passwords?
    1. Writing them down on paper
    1. Memorizing them
    1. Saving them on their Internet browser
    1. Using a password manager
  13. How many hours each year do employees spend resetting their passwords?
    1. About 2 hours
    1. Roughly 3 hours
    1. Around 18 hours
    1. More than 24 hours
      1. Answer “c”
Advertisements

My posts are not necessarily aimed to provide public service announcements but I just could not pass this one up.  Take a look.

On November first of 2018, Honeywell released a study founding that forty-four percent (44%) of the USB drives scanned by their software at fifty (50) customer locations contained at least one unsecured file.  In twenty-six percent (26%) of those cases, the detected fire was capable of causing what company officials called “a serious disruption by causing individuals to lose visibility or control of their operations”.  Honeywell began talking up its SMX (Secure Media Exchange) technology at its North American user group meeting in 2016, when removable media like flash drives were already a top pathway for attackers to gain access to a network. SMX, launched officially in 2018  is designed to manage USB security by giving users a place to plug in and check devices for approved use. The SMX Intelligence Gateway is used to analyze files in conjunction with the Advanced Threat Intelligence Exchange ( Exchange (ATIX), Honeywell’s threat intelligence cloud. Not only has SMX made USB use safer, but Honeywell has gained access to a significant amount of information about the methodology of attacks being attempted through these devices.

“The data showed much more serious threats than we expected,” said Eric Knapp, director of strategic innovation for Honeywell Industrial Cyber Security. “And taken together, the results indicate that a number of these threats were targeted and intentional.” Though Honeywell has long suspected the very real USB threats for industrial operators, the data confirmed a surprising scope and severity of threats, Knapp said, adding. “Many of which can lead to serious and dangerous situations at sites that handle industrial processes.”

The threats targeted a range of industrial sites, including refineries, chemical plants and pulp and paper facilities around the world. About one in six of the threats specifically targeted industrial control systems (ICSs) or Internet of Things (IoT) devices. (DEFINITION OF IoT: The Internet of Things (IoT) refers to the use of intelligently connected devices and systems to leverage data gathered by embedded sensors and actuators in machines and other physical objects. In other words, the IoT (Internet of Things) can be called to any of the physical objects connected with network.)

Among the threats detected, fifteen percent (15%) were high-profile, well-known issues such as Triton, Mirai and WannaCry, as well as variants of Stuxnet. Though these threats have been known to be in the wild, what the Honeywell Industry Cyber Security team considered worrisome was the fact that these threats were trying to get into industrial control facilities through removable storage devices in a relatively high density.

“That high-potency threats were at all prevalent on USB drives bound for industrial control facility use is the first concern. As ICS security experts are well aware, it only takes one instance of malware bypassing security defenses to rapidly execute a successful, widespread attack,” Honeywell’s report noted. “Second, the findings also confirm that such threats do exist in the wild, as the high-potency malware was detected among day-to-day routine traffic, not pure research labs or test environments. Finally, as historical trends have shown, newly emerging threat techniques such as Triton, which target safety instrumented systems, can provoke copycat attackers. Although more difficult and sophisticated to accomplish, such newer threat approaches can indicate the beginnings of a new wave of derivative or copycat attacks.”

In comparative tests, up to eleven percent (11%) of the threats discovered were not reliably detected by more traditional anti-malware technology. Although the type and behavior of the malware detected varied considerably, trojans—which can be spread very effectively through USB devices—accounted for fifty-five percent (55%) of the malicious files. Other malware types discovered included bots (eleven percent), hack-tools (six percent) and potentially unwanted applications (five percent).

“Customers already know these threats exist, but many believe they aren’t the targets of these high-profile attacks,” Knapp said. “This data shows otherwise and underscores the need for advanced systems to detect these threats.”

CONCLUSION:  Some companies and organizations have outlawed USB drives entirely for obvious reasons.  Also, there is some indication that companies, generally off-shore, have purposely embedded malware within USB drives to access information on a random level.  It becomes imperative that we take great care in choosing vendors providing USB drives and other external means of capturing data.  You can never be too safe.

MOST HATED COMPANIES

February 3, 2018


The list of the “most hated American companies” was provided by KATE GIBSON in the MONEYWATCH web site, February 1, 2018, 2:20 PM.  The text and narrative is this author’s.

Corporate America is sometimes, but not always, blamed for a number of misdeeds, swindles, “let’s bash the little guy”, etc. behavior.  Many times, those charges are warranted.   You get the picture.   Given below, is a very quick list of the twenty (20) most hated U.S. companies.  This list is according to 24/7 Wall St., which took customer surveys, employee reviews and news events into account in devising its list: ( I might mention the list is in descending order so the most-egregious offender is at the bottom.

  • The Weinstein Company. I think we can all understand this one but I strongly believe most of the employees of The Weinstein Company are honest hard-working individuals who do their job on a daily basis.  One big problem—you CANNOT tell me the word did not get around relative to Weinstein’s activities.  Those who knew are definitely complicit and should be ashamed of themselves.  This includes those holier-than-thou- actresses and actors pretending not-to-know.
  • United Airlines. The Chicago-based carrier is still in the dog housewith customers after a video of a passenger being forcibly removed from his seat on an overbooked flight went viral last year. You simply do NOT treat individuals, much less customers, in the manner in which this guy was treated.  I wonder how much money United has lost due to the video?
  • Fake news, deceptive ads, invasion of privacy.  You get the picture and YET millions subscribe.  This post will be hyperlinked to Facebook to improve readership.  That’s about the only reason I use the website.
  • I don’t really know these birds but apparently the telecom, one of the nation’s biggest internet and telephone service providers, reportedly gets poor reviews from customers and employees alike. I think that just might be said for many of the telecoms.
  • This one baffles me to a great extent but the chemical company has drawn public ire at a lengthy list of harmful products, including DDT, PCBs and Agent Orange. Most recently, it’s accused of causing cancer in hundreds exposed to its weed killer, Roundup.
  • I’m a Comcast subscriber and let me tell you their customer service is the WORST. They are terrible.  Enough said.
  • I have taken Uber multiple times with great success but there are individuals who have been harassed.  Hit by complaints of sexual harassment at the company and a video of its then-CEO Travis Kalanick arguing with an Uber driver, the company last year faced a slew of lawsuit and saw 13 executives resign, including Kalanick.
  • Sears Holdings. Sears plans to close more than one hundred (100) additional stores through the spring of 2018, with the count of Sears and Kmart stores already down to under 1,300 from 3,467 in 2007. Apparently, customer satisfaction is a huge problem also.  The retail giant needs a facelift and considerable management help to stay viable in this digital on-line-ordering world.
  • Trump Organization.  At this point in time, Donald Trumpis the least popular president in U.S. history, with a thirty-five (35) percent approval rating at the end of December. That disapproval extends to the Trump brand, which includes golf courses, a hotel chain and real estate holdings around the globe. One again, I suspect that most of the employees working for “the Donald” are honest hard-working individuals.
  • Wells Fargo. At one time, I had a Wells Fargo business account. NEVER AGAIN. I won’t go into detail.
  • The insurance industry is not exactly beloved, and allegations of fraud have not helped Cigna’s case. Multiple lawsuits allege the company inflated medical costs and overcharged customers.
  • Spirit Airlines. I’ve flown Spirit Airlines and you get what you pay for. I do not know why customers do not know that but it is always the case.  You want to be treated fairly, fly with other carriers.
  • Vice Media The media organization has lately been roiled by allegations of systemic sexual harassment, dating back to 2003. One of these day some bright individual in the corporate offices will understand you must value your employees.
  • The telecom gets knocked for poor customer experiences that could in part be due to service, with Sprint getting low grades for speed and data, as well as calling, texting and overall reliability.
  • Foxconn Technology Group. Once again, I’m not that familiar with Foxconn Technology Group. The company makes and assembles consumer electronics for entities including Apple and Nintendo. It’s also caught attention for poor working and living conditions after a series of employee suicides at a compound in China. It recently drew negative press for a planned complex in Wisconsin.
  • Electronic Arts. The video-game maker known for its successful franchises is also viewed poorly by gamers for buying smaller studios or operations for a specific game and then taking away its originality.
  • University of Phoenix. I would expect every potential student wishing to go on-line for training courses do their homework relative to the most-desirable provider. The University of Phoenix does a commendable job in advertising but apparently there are multiple complaints concerning the quality of services.
  • I’m a little burned out with the NFL right now. My Falcons and Titans have had a rough year and I’m ready to move on to baseball. Each club sets their own spring training reporting dates each year, though all camps open the same week. Pitchers and catchers always arrive first. The position players don’t have to show up until a few days later. Here are this year’s reporting dates for the 15 Cactus League teams, the teams that hold spring training in Arizona.
  • Fox Entertainment Group. If you do not like the channel—do something else.  I bounce back and forth across the various schedules to find something I really obtain value-added from.  The Food Network, the History Channel, SEC Network.  You choose.  There are hundreds of channels to take a look at.
  • The consumer credit reporting was hit by a massive hack last year, exposing the personal data of more than 145 million Americans and putting them at risk of identity theft. Arguably worse, the company sat on the information for a month before letting the public know.

CONCLUSIONS:  In looking at this survey, there are companies that deserve their most-hated-status and, in my opinion, some that do not.  Beauty is in the eye of the beholder.  As always, I welcome your comments.

%d bloggers like this: