The Recap

Officers responded to a call regarding a MP3 player that had been stolen from the handle bars of a motorcycle that was parked outside a local retailer.

The Lesson

I know, this one is simple right. Leaving valuables in a car at least has some level physical control, but to leave them sitting out on the handle bars of motorcycle is asking for trouble. If it isn’t obvious then let me clarify, I am talking about physical security. Sure someone could have walked into the store and tried to walk out with an MP3 player that probably had security devices attached, or the could reduce the risk of being caught by going after the item that had nothing to protect it. To me it seems like half the stories you read involving potential identity theft are the loss of storage devices. So it is important we place controls like encryption on the information to make sure despite a failure of physical security, the data has a low chance of being compromised.

Beyond the physical loss of storage devices, a good way around all the fancy security you have built into the network can be circumvented by physical access. We lock the doors, hide floor plans, install cameras, and place guards by the doors all in an effort to protect our data centers. These controls are good, as long as we test them periodically to make sure they are really working as intended. Sometimes when we design controls we miss things, and we fail to consider human error. Just as we would scan the network for vulnerabilities, we need to ensure we know our physical weak points and work to strengthen them.

Like the person in the police report above, don’t get caught off guard by poor planning of physical controls. Agree or disagree, let me know your thoughts.

— ghostnomad


Here is a recap of my follow Friday recommendations on twitter for today:

A #followfriday suggestion: @jack_daniel is a real community agitator, has uncommon sense, and is genuinely genuine

May I also say #followfriday @dualcoremusic, you can’t call yourself a geek/nerd if you don’t listen to really good #nerdcore

Another #followfriday submission: @kriggins if you gather enough of the interesting bits he rambles on about you just may find security.

I strongly urge you to #followfriday @RafalLos because if you don’t think you have a security oops, he will help you see the light

Don’t forget to #followfriday @shrdlu, I would tell why but security clearance issues would cause me to have compliance failure

Have I mentioned the need to #followfriday @jjx, she has a real NAC for unicorns, or was the security. Follow to find out.


The Recap

Officers pulled over a vehicle after it was suspected the driver had outstanding warrants. Upon identifying who the driver really was, the officer discovered it was not the suspected driver, but the actual driver also had outstanding warrants and a suspended license. The passenger of the vehicle also was identified as having outstanding warrants.

The Lesson

I chuckled when my wife read this story to me, just because of what seemed like sheer dumb luck. After thinking about the story for a minute a thought popped into my mind. I had recently been to a seminar where we discussed the idea that attackers try to stay below the thresholds you set in your monitors. It is important you not just rely on your monitoring systems, you also need to analyze for unusual activity below the thresholds.

The other thought which occurred to me was how often an attacker tries to hide their activity by making it look like something legitimate. Even if we identify items, either above or below the threshold, we need to take a closer look and make sure what we see on the surface really is what we have. Had the officer only identified the driver as not being the one he suspected and let him continue on, two people with outstanding warrants would have carried on. Instead, the officer had a reason to pull the suspects over and followed through checking for possible records.

It’s better to run things out than let them go just because it wasn’t what we thought we were looking for. Agree or disagree, let me know your thoughts.

— ghostnomad


The Roadmap

Hello All,

Welcome to the place were I am putting all my thoughts on security and technology.  I have been working on a few projects and am ready to announce them, while others I will wait a little longer to reveal.

Security Blotter

Starting tomorrow I will take a look weekly at an item I have found in the local police blotter that I think relates to information security. I will make the case and let you be the judge.

Psychology vs Security

I have been working on this series since mid December, and starting in march I will share my thoughts on the role psychology plays in information security. I won’t just stop there, I will also show how psychology affects how we educate people about security and hopefully provide some helpful tips and tricks.


Beyond the two series I have mentioned above I will post items from time to time as they pop into my head.

If you are heading to Notacon in Cleveland, April 15-18, I am giving a talk that has been inspired by my IT Haiku project. The slate of speakers looks really good so if you haven’t decided yet, I strongly suggest you consider going.



I haven’t participated in Follow Friday on Twitter for a while, but I decided to jump back into the fray. Here is a recap of my suggested follows:

When you #followfriday @alexhutton you will get a top notch metricologist…no seriously.

You also should #followfriday @securid because he runs a podcast live stream with minimal #fail and is just cool.

You should #followfriday @mathewneeley @chrisclymer and @agent0x0 because you should always know where zombies are lurking.

You should #followfriday @n0b0d4 because he hacks calculators, trust me on this.

You should #followfriday @myrcurial because he is a international security incident waiting to happen, plus he is smarter and you know it

You should #followfriday @lbhuston becuase he knows a lot about honey…pots

You should #followfriday @jackiea – she values the education of a good con[frence] over university classes

RT @shrdlu: #FollowFriday @secureideas — that’s all you need to do in order to follow everybody. <- And get their data 🙂