The Big D

Data 

The big D is data. What and why? I shall explain. Let’s be honest here, the reason that IT people exist is for the big D. There really isn’t any other purpose to my career other than data. We are either sharing it, collecting it, or protecting it. Data makes the world go round. And you thought it was just the Internet that makes it all important, hahaha. But seriously, why else does the Internet exist? It’s to share data. But Angel, Facebook? Yup, even Facebook. At its core, has collected and shared (sort of) data.

So what is data. It’s information at it’s simplest form. I am sharing my brain data on this blog with you and you will be collecting it when you read it. Sounds a bit simple and sci-fi at the same time but it still has value nonetheless. Again the point of a cyber security professional’s job is to protect that data. And I read a story today that inspired this blog.

Wired put out an article titled “Diehard Coders Just Rescued NASA’s Earth Science Data”.

Now regardless of political views or opinions, this is brilliant. Why? Because a bunch of coders decided, they weren’t asked to, tag and bag research data from NASA’s Earth Science. This is important because we are protecting data. Whether or not people believe that data, it should be collected and protected. After all that’s what we (IT Professionals) do.

“The data collection is methodical, mostly. About half the group immediately sets web crawlers on easily-copied government pages, sending their text to the Internet Archive, a digital library made up of hundreds of billions of snapshots of webpages. They tag more data-intensive projects—pages with lots of links, databases, and interactive graphics—for the other group. Called “baggers,” these coders write custom scripts to scrape complicated data sets from the sprawling, patched-together federal websites (Molteni, 2017).”

I sort of feel like we are modern day librarians - only because we help collect, share, and protect data. Doesn’t a librarian do that, non digitally, with books? I believe so. Or maybe we are Data Scientists? I like that idea too, haha. Can I have a lab coat? Maybe?

Image retrieved from: https://www.pinterest.com/exasolag/fun-about-data/

Not all was saved

So not everything was collected during this event. Which is unfortunate but understandable. The question of whether the data missing was backed up or not is concerning. Which leads me to say, always backup your data.

Now the article goes on to say that they did get over 8,400 NASA and DOE webpages and downloaded over 10 gigs from private pages into the archive, from just this event. But there is still more to get. These volunteers are planning to get even more from national parks and other areas that have some concerns.

Whatever political position your at, I just ask that you admire your IT professionals, cyber security experts, and ethical hackers to realize they are the data keepers of the modern world. I find it amazing that these busy gals and guys took time out of their lives, without pay, without much recognition, to protect data that may or may not impact our lives. But at least it’s there if we want to read it or research it AND that is why isn’t so important. As a graduate student, research is my bread and butter, so to have that available is huge, as data is one of the most important aspects of our society.

Read the article if you have time.

Until next time, backup your data, and stay safe out there.

References

Molteni, M. (2017, February 13). Diehard Coders Just Rescued NASA’s Earth Science Data | WIRED. Retrieved from https://www.wired.com/2017/02/diehard-coders-just-saved-nasas-earth-science-data/

https://www.pinterest.com/exasolag/fun-about-data/

Week 10 Blog - CYBR 650

My Thoughts on Credit Card Security

To Swipe or Not to Swipe

So I was out with my mom shopping at a big box discount store. My mother is very scared of credit card theft, someone gaining her pin, access to her accounts, etc. Which I think isn’t unreasonable during this day and age.

Now I know they put in chip readers and chips in your credit and debit cards which was rolled out this last year or so. This is supposed to help again fraud. And I am sure that it has alleviated some. However, has did really worked to the level of expectation? Well mom definitely doesn’t think so, she continues to get cash out to pay for things like gas. And really, I don’t blame her. I think her card was compromised a few times. I know mine has been too.

The Good News

Here’s the deal with the new chip, it's great for one reason, it contains what’s called a cryptographic encryption. It authenticates the card as a legitimate bank card and with that issues a one-time code (key) with each transaction. I know what did I just say, right? OK. They key is a type of control for this encryption that is send out and verifies the legitimacy of the card as a real card...not made in someone’s garage. AND this process is why it is meant to help card users avoid fraud or theft.

Image Retrieved from: http://www.politicalcartoons.com/cartoon/e1e56a2c-5198-495b-9d97-c2d7b31e80a6.html

The Bad

Here’s the problem. Do you remember when there were tons of bad people doing bad things? Oh-wait, they still are. Surprise! Workarounds cometh. So now there are types of hardware that these bad guys can place on machines with card readers. Remember they did this with card swipes? Yeah, same idea.

In fact the lady that was checking us out, mentioned they have a team that only monitors store equipment for this type of hardware. She said they the card read should be tight against where the user inserts the card. If it’s loose don’t use it. This is interesting to me, as I would think that outside at a gas station, OK, you could sneak up on a machine and place a device, but inside a store with people around and cameras watching? You betcha! Kinda gutsy huh? She said that they found a device, as someone was trying to come back and collect it from the machine they placed on.

Now this could be what she heard, I can’t verify the legitimacy of this but really, I am not surprised either way. I thought it was only a matter of time anyways for criminals to find their work around. Looks like it was quicker than expected. Actually Wired.com talks about it before the switch over even completed. Plus look how many retailers are still not using the chip. Oh and another article from CNN.

So I am not trying to scare you or raise your blood pressure. I promise. My goal on this one is to inform and share. And some food for thought. When you are going to get gas, I would pay cash or use the card as a credit card, not a debit. It’s easier for the bank is way too. Also, check the hardware if something is loose or doesn’t look right don’t do it. AND go with your gut instincts on this. If it doesn’t feel right, it probably isn’t. Always guard your pin, just like you would with your passwords.

I don’t think we are gonna see any of this go away or get better, so all we can do is adjust.

Until next time, stay safe out there!

Week 9 Blog - CYBR 650

A Time for Reflection

My Brain Said No

This week’s topic was hard to nail down. I think my brain turned off there for a bit. I am about 4 weeks left of school and besides being tired, I am also in a stunned reflection of this program that I went through.

None of this was easy, just in case you are considering grad school. It was one of the harder things that I have done. And I couldn’t be more excited to complete it. My husband can’t wait to have his wife back and video game partner back, hehe. But let's reflect this week, since it is not leaving my brain...so I must share my thoughts.  

When I began this program in 2014, I had already completed a Bachelor of Science in Management Information Systems. I had already worked in IT for many years, but I still had so much to learn. It’s actually funny when I tell people what my degree program is, usually there is a double take involved. Seriously. It’s weird. I remember when I started working in IT many years ago it was a mostly male dominated industry. Still kinda is, but not as much. I still get weird looks. And its OK. The shock value is worth it, haha.

Image taken from: https://larrycuban.wordpress.com/2012/12/

Anyways. I have learned so much, yet I feel like I could learn so much more. I have taken courses in risk management, computer forensics (that is one of my favorites), ethical hacking, information warfare, cloud computing, and of course my capstone...which is what I write this blog for. The capstone is the most demanding course, but yet makes the most sense in a real world setting.

Recent Events in my Head

I have been recently threat modeling. Which sounds scary. And it kind of is. I don’t know if I am doing this right. But I have a sense that this process isn’t as black and white as others in IT. It seems more grey. Lots of areas for interpretation and theory. Which I like, but it does make it challenging when you get to those black and white sections of threat modeling. What I mean by that is that I know there is a risk, we have found the vulnerability to be X, but the grey comes with the organization. Do they accept the vulnerability? Do they mitigate it? Do they rebuild a system? Do they ___? See the grey? It’s interesting from that perspective. You would think it’s cut and dry, but it's not.

Perhaps this is one of challenges to managing IT. Making these hard choices and accepting any blow back should they occur. IT is so dynamic that it isn’t easy to manage or to make choices. Sometimes I think it’s just making the best educated guess we can from the data we are provided.

With our rapid changing environment, I don’t see this type of thinking changing too much. I only see us, IT professionals, rolling with the punches and doing the best we can.

If nothing else, this graduate program has taught information, but has also taught me how to research better, how to objectively review data, analyze better, and think broader.  The experience of the program has really be worth the time, energy, and money in order to better get to where I want to be.

I only hope to teach one day and share my knowledge. That is my ultimate goal.

Until next time, stay safe out there and I promise something with more geek-ery, technical for you.

Imagine taken from: https://larrycuban.wordpress.com/2012/12/

Week 8 Blog Post - CYBR 650