RFIDs Part 2

IBM holds several Patents for various types of RFID readers.  The primary purpose behind them is to be strategically placed within malls, street corners, and in major stores.  These readers will be able to either read the RFID as it passes by and another type of RFID which is a 96 digit RFID which is to be weaved into the fabric.  Although, a person may own several different pieces of the same type of clothing, each will have its own unique 96 digit RFID.  If paid with credit card or some other identifying account, it will all eventually be equated back to you the purchaser.  Your Driver’s License number, Credit Card Account number, Bank Account number, Social Security Number, and the 96 digit barcoded RFID will eventually lead back to you as the purchaser.  Through a hierarchichal matrix all of your information will eventuall become known by the system. (McIntyre, 2003)

Consider this, all of your accounts are tied together by a fine thread teather to your Social Security Number.  Each purchase you will make will be tied to your savings club card, credit card account, your bank account, or perhaps the RFID chip that is implanted in your body (similar to the EZ Pass System Electronic Account.)  The purchase made will equate the RFID identifier code in the merchandise which will be tied to you via the cloud, your method of purchase, and your Social Security Number.  The IBM RFID is tied to the merchandise via the IBM Mainframe computer and via the cloud through which it maintains contact with the RFIDs and those companies that purchased the technology.

There are some who believe, and research has shown, that this new technology will one day be implanted into the brain, implanted during pregnancy as a matter of standard procedure, or perhaps something to be injected similar to nanobotic technology.  (Lynch, n.d.;  Waters, 2008)  Not very unsimilar to the asigning of a Social Security Number prior to leaving the Hospital, or the documentation of a Live Birth.

Based upon the documentation submitted by VeriChip Corporation (Form S-1 Registration Statement, reference page 5 – Appendix A) to the Security and Exchange Commission, the plan is to treat newborn infants, the elderly, and those not of sound mind (who will be implanted) will be treated and managed no differently than inventory in a warehouse. (SEC, n.d.)  Those people not of sound mind will be treated as wards of the State, no one will have to be sought for permission for the implanting of the RFID chip other than the signature of a Judge.  This is being actively accomplished within the United Kingdom.  You will also note, that no differently than an On-Star Commercial the RFID implanting of unsound persons and RFID Tracking of children will be advertised as a safety issue and concern.  What makes this so sad is the fact that there will be so many people who will gladly give up the care of their family for piece of mind.  The meaning of family has come to such a hideous state of affairs.  There was a point in time in this country and throughout Europe (our ancestry) who cared for their family until death, but now you can let someone else do it for you and you can keep tabs on them by use of some Google Application or by watching a remote camera via another Google Application by way of one’s Smart Phone, given enough time.  A company is actively setting up shop in retirement homes to watch over your parents and they will report to you when behavioral changes ocurr and you are able to check in, from time to time, on your parent(s) via video camera feed.  Now you are able to check in on mother without having to actuall visit her.  Beware of what you wish for, you may just get your wish – but what will happen to you if in the same cirsumstances?

In order to eat, or feed our families, will we need to be scanned and in this way have the funds removed from an account in our, what seems to be our destiny, cashless society?

If the purpose of government is to secure and protect the rights of her citizens as stated by Thomas Jefferson in the Declaration of Independence, then why does our government at every junction of troubles enact laws that not only limit our rights but remove them from us, thereby violating the Constitutional mandates?

SEE ALSO: Part 1, Part 3, Part 4

References

Lynch, Z. (n.d.). NEUROTECHNOLOGY AND SOCIETY (2010-2060). Neurotechnology and            Nanotechnology. Chicago: Lifeboat Foundation.

McIntyre, K. A. (2003). SPYCHIPS – How RFID will compromise privacy, security, freedom.            Retrieved 10 26, 2010, from www.spychips.com:          http://www.spychips.com/verichip/verichip-photos-instructions.html

Securities and Exchange Commission. (n.d.). U.S. Securities and Exchange Commission.      Retrieved 10 26, 2010, from www.sec.gov: http://www.sec.gov/Archives/edgar/data/1347022/000119312507024937/ds1a.htm

Walter J. Burien, J. (2007, June 30). d36_1183309449. Retrieved Sept 14, 2010, from         liveleak.com/: http://www.liveleak.com/

Waters, B. (2008). Extending Human Life: To What End? In Philosophy and Medicine. The             Bioethics of Regenerative Medicine/Philosophy and Medicine , 102 (Extending Human    Life:     To What End? In Philosophy and Medicine), 135.

Techie Tips

Did you know that more data breaches occur due to the improper or illegal use of USB drives within  a network?  How do you think that “bradass” obtained and uploaded the data he disseminated to wikileaks?  It is neither good nor bad, it just is what it is!  But most people do not pay much attention to the simplest of security techniques.  There are ways to shut down the accessibility of the usb ports either by changes in the registry , disabling devices via control panel, locking devices for your usb ports, or perhaps third party software.

People either don’t pay attention or just don’t care that their usb drives  can either carry and inject viruses into your system, or they can store and runoff with the keys to the kingdom (so-to-say) by stealing the information on your computer or network.  Although, it is easier to inject a virus to send all that data off to the cloud while you are unsuspecting the endeavor.

Being aware of what is available and what you can do is half of the battle…the other half is getting up off your backside and actually doing something about it.  In the business world you will/would be expected to do something about it -without fail and without question.  The internet is your stage and your resource, use it to your glory!

http://www.marketwatch.com/story/milton-security-group-the-usb-and-removable-media-security-crisis-2012-01-13

Malware Part 3

Of all the assets that you possess, awareness is your greatest!  Being aware of what is out there and being aware that there are things you can do are most helpful to you.  Your ability to research the subject matter and read through the techie blogs are just a couple of your available resources.

There are a few other tests that can be done, some as simple as an email to yourself.  There is the EICAR Test String, which has been useful in the past and perhaps it has been updated over the years to aid with the changes in the prevailing Operating Systems…who knows?  (www.eicar.org/anti_virus_test_file.htm)  What you do is send the string in the body of an email or as an attachment via email.  If your anti-virus is working properly you will raise a flag on your system.

Another test of interest, very similar, is the malware security test (http://www.gfi.com/emailsecuritytest/) which is a series of tests sending emails with malicious-like scripts in several common programming languages.

There are some behavioral-analysis tools for the computer and network as a whole in order to test for malware attacks, which do not match to a specific signature but performs basic functions such as writing to your disk.

Malware countermeasures, there are a plethora…your safest bet is to never connect to the internet if you desire to maintain an absolutely clean system.  But we all know that is not likely to ever happen.  Some things you can do are as follows:

  • Keep your system & network updated at  all times
  • Test, Test, Test – ensure it is a fortress
  • Use anti-malware & anti-virus software
  • Back-up critical data regularly
  • Ensure the use of your firewall protection
  • As email goes, if I don’t know the sender I do not open

I hope this short series was helpful to you.  Perhaps, like me, while reading one of these gloom and doom articles or blogs you may open your eyes and say, “maybe I should do something about my security today.”  If you are a professional IT person, I hope you decided this when you got hired…now is kind of late.  But the average home network user, on a general not, assumes that everything is set up and ready for them, but it is not until you make certain of it.

Techie Tips

I read through this article by Dark Reading and thought it was a rather up in your face and common sense.  I also felt it was worth sharing with anyone who was interested.  It references company data, but is just as valid for personal data.  In this day and age where we are part if so many groups and clubs with our data being shared by us…we become our own worst enemy.  Best way to see what is out there about us is to Google ourselves, personally I prefer Startpage (https://www.startpage.com/) as it is third party confirmed security for privacy and they yield the Google results without recording your IP address.

Just some food for thought.

http://www.darkreading.com/insider-threat/167801100/security/security-management/232301074/protect-insider-data-by-googling-first-often.html?nomobile=1

Malware Part 2

As mentioned in part 1, there are a great number of people out there who want your information…its not personal, its just business.  The only way to protect yourself is to keep your anti-virus software, anti-spyware, and anti-malware up-to-date.  And unfortunately that is not always enough!

We each must take greater control of the reins, so-to-say.  There are a plethora of sites out there with information on all of the latest viruses, spyware, and malware out there.

At the command prompt you can run a “netstat -an”: the a option displays all connections and listening ports; the n option displays IP addresses and port numbers in numerical order for easier readability.

You will see something similar to Figure 1 [refer to Malware Figures:Figure1] which will yield the status of your network with relation to your computer.  NetBIOS networking ports (135, 137, 138, 139, & 445) and an HTTP connection (port 80), telnet port (23), and FTP session port (20 and 21).  Hackers and malware can use common ports to infiltrate your network and computer(s).  I found an interesting ports list which is quite extensive.  It gives you a good amount of information and what specific malware or virus may use that port.  Use of the “netstat -at” allows you to view active network connections. [refer to Malware Figures:Figure2]

And there is the “net use” command at the command prompt which shows you what drives are mapped to an external system. [refer to Malware Figures:Figure3]

You can also find a variety of free tools via McAfee to aid in detection, removal, or personal training and knowledge.  One that is tauted as being very useful is Vision which is a port mapping utility.  Just perform a search on the internet, but I would be careful as to which you download to use.  The best thing to do is to check on various sites such as PC World, C|Net, and other reputable informative sites.

Your Task Manager is a wealth of information (CNTL + ALT + DEL) which shows you what processes are taking place and their memory consumption. [refer to Malware Figures:Figure4]

And the performance tab will show how it is performing with all of the extras running in the background. [refer to Malware Figures:Figure5]

There is quite a bit at your disposal to determine what is going on.  The internet, blogs, and many of the how to sites contain a wealth of information and everything you ever wanted to know about either your computer problem or how to understand what is happening and how to fix it.  YouTube.com is also another great tool for how to’s and Wikipedia is a good source of info – PROVIDED THAT YOU RESEARCH THE FOOTNOTES AND SOURCES! Take nothing for granted on that site, as it can change with the wind.

Malware Figures

Malware Part 1

Malware (or Malicious Software), in all of its forms, seems to be the greatest threat to everyone’s computer and every network.  Malware shows up in a variety of forms: Trojan Horses, Viruses, Worms, Rootkits, Logic Bombs, and Spyware.  Generally speaking, malware attacks exploit vulnerabilities that could be prevented if we would just automatically our computers and anti-virus software.  It is also a great idea to use both anti-virus software and anti-malware software.

Trojan Horses is a malware that is a reference to the Greek horse perceived to be a gift to the city of Troy, but was used to infiltrate the city defenses.  Same idea applies, this malware is generally sent via email and is executed when you open the email, or execute the program.

Viruses are usually self-replicating programs which are attached to executable files and essentially chew up all your useable memory.

Worms are self-propagating programs which load up into memory, exploit known specific software vulnerability and often are a main cause of computer crashes.

Rootkits are applications that are used to control a computer, where the grand prize is the crashing of your machine or the theft of personal information.  Rootkits can do a number of things all of which are destructive to the machine and the information which it possesses.

Logic Bombs more often than not are programs left behind by disgruntled employees to go off at a future time, event, or a specific person logs in to their account.

Spyware generally spy on your computer and retrieve data by sending it via email in the form of a screen shot, or as a keylogger – sending all keystrokes to an email or saving it to a device.  Adware is quite similar but not as intrusive as it places an advertisement on your computer.  Programming interfaces that can be maliciously manipulated are:  Java applets, Microsoft .NET applications, ActiveX controls, and VBScripts, Windows Script Host, and JavaScript programs.

There are a number of things to be done in order to protect yourself and your computer, as well as your network.  Keep an eye on what is happening in the IT World through internet based subscriptions (most are free), such as Information Technology, Emerging Threats, Dark Reading, Slahdot, and the list goes on and on.  Just complete a search on lists for Trojan Horses, Viruses, Worms, Rootkits, Logic Bombs, or Spyware and you will find a plethora of information as to what exactly is out there.  Regardless if it was created for a good reason, there is always someone who will use it for ill purposes.  Unfortunately it is inherent in man to do so!  Consider hacking, for instance…there are ethical hackers (White Hat Hackers – the proverbial good guys) and there are those with unethical intentions (the Black Hat Hackers – the bad guys always wore black hats in the old westerns.)

The internet is a great tool, just like a computer, a Smartphone, a tablet, or even a virus for that matter.  They are tools in an arsenal to allow you to accomplish specific tasks.  This shows the beauty of the Smartphone as a tool, you can set up all of your subscriptions on the device and many of which have applications available.  A virus can be a tool to see if your anti-virus software is working properly; your security software is either working properly and you are safe, or IT ISN’T!

Perhaps some countermeasures will be next, we shall see.  Until the next time…

Resources:  http://www.ethicalhacker.net/, https://www.eff.org/, http://slashdot.org/, http://www.bitpipe.com/, http://it.toolbox.com/topics/, http://www.cnet.com/, http://www.infotoday.com/, http://www.darkreading.com/, http://www.secureidnews.com/, http://www.cybersecurityhome.com/

Bibliography

Beaver, K. (2004). Hacking For Dummies. Hoboken, NJ: Wiley Publishing, Inc.

Ciampa, M. (2009). Security+ Guide to Network Security Fundamentals. Boston, MA: Course Technology.

Techie Tips

Facebook accessing tip.  You can determine if your account is being logged on to by someone who does not belong by receiving an email or text message making you aware of those computers accessing your account.  You set up log in approval which Facebook would require you to enter a security code.  You can view the activity and stop unwanted access.

It can be cumbersome and quite the hassle for accessing your account, but the ending note is this:  WHAT IS YOUR ACCOUNT SECURITY, PERSONAL INFORMATION, AND CONNECTIONS WORTH TO YOU??

http://howto.cnet.com/8301-11310_39-57339833-285/find-out-if-someones-logging-in-to-your-facebook-account/

Techie Tips

The Staysafeonline.org site has a plethora of interesting tips and strategies for the kids, high school and university students, and especially for the parents – just so they can be in the know.  It is all so basic that it could not be so bothersome for the IT professional to review them; perhaps, save a copy of these pdf files for themselves.  They are great information to be passed out to all.  The old adage stands true, “repetition is the mother of skill!”

Whether in the home, at a business, in the classroom, whatever and where ever – the information is intended to protect you, your devices, networks, and most of all YOUR DATA!  It is through Social Engineering where hackers gain most of their information to gain access to your network, computer, or data.

Many people that I went to classes with spoke of some of their roommates and their antics when they left their computer unattended and wide open, they would change his password and log out.  He of course would not have access to his homework which was due the next day.  In this aspect, this is what you must concern yourself with on a daily basis.  Hackers are always pinging and searching for an open network.

Check the site out for basics in the protection of your network and data.  You keep ever vigilant in the protection of your property, your most prized possession is your personal information and the data entrusted to you!  Considering the fact that there are an estimated 175 million users on Twitter and an estimated 800 million user on Facebook worldwide (these are estimated Registered Users, which indicates active accounts not necessarily active users.)  Keep that in mind while you consider the fact that there are an estimated 6.9 Billion people in this world.  Someone has got to be up to something fishy, don’t you think?

http://www.staysafeonline.org/sites/default/files/resource_documents/

Techie Tips

Passwords are an all important facet within the computer and networking field, but is always taken for granted!! I’ve been there and did that just like everyone else, despite what I knew and was educated on. We know we aren’t suppose to use the same password for everything, let alone two important accesses on your computer and on the network, but everyone is doing it and guess what? They are getting hacked and having their Facebook, twitter, and email accounts highjacked…never to be heard from again.

Those of you with smart phones have a great asset at their fingertips and the plethora of password manager apps that you can choose from. The great thing about them is that most, if not all, of them have a function which will automatically create a password for you at a determined length and save it for you; hence, you have it and do not have to worry about remembering it. Each one can be different and will be in your little piece of safe memory of your phone! Safe and sound with a secure encryption.

Most people, and I am guilty of this in the past, tend to use easily remember passwords. With the Black Hat Hackers out there, you MUST be aware of what you are doing! Do not just use lower-case or upper-case letters. You really need to look at using upper, lower, numerical and special characters. It is estimated that to use all characters combined in an 8 digit password yields a potential 3 Trillion combinations. So, it can take an experienced hacker a little time to figure it out. Another wise move, which most assuredly NO ONE is doing, is to change your password on a regular basis. I would lean toward at least once a year, but a wiser choice would be either twice a year or four times a year for security purposes. What is your personal information worth? Remember that all who are hacked never thought it could happen to them!

I hope this was a helpful tidbit for you. Last night I was reading through “Hacking for Dummies” and this was the chapter I happened to be reading.