My fridge is listening to me


hal9KIt seems oddly fitting that this week — a week scarred by the bizarre and violent mass murder in San Bernardino — that I received a LinkedIn invitation to connect with someone who listed this as their job description:

Install, maintain, and repair GPS, WiFi, and security camera systems on tour buses. In 2010, working with grant money from Homeland Security, I installed security systems on a fleet of tour buses and I have been maintaining those systems since then. In 2011, I helped install multi-language listening systems on tour buses and have been the lead maintenance technician. Currently, I am project manager for upgrading a fleet of 50 tour buses with […]

Chinese talking cybersecurity means security is already lost

A longtime reader and good friend of mine sent me a link this week to a CNBC story about the loss of fingerprint records in the Office of Personnel Management hack I have written about before. It’s just one more nail in the coffin of a doltish bureaucracy that — you know I’m speaking the truth here — will probably result in those doltish bureaucrats getting even more power, even more data, and ultimately losing those data, too.

So the story says they lost the fingerprint records of 56 million people! Game over.

Remember how this story unfolded? There had been a hack and some records were compromised. Then there had been a hack and […]

Who is your IT outsourcing firm working for?

outsourcing-for-dummiesWhile the U.S. Government has been remarkably opaque about the recently discovered security breach at the Office of Personnel Management (OPM), we know that personal information on at least 21.5 million present, former, and prospective federal employees was lost. The Feds claim Chinese hackers are at the bottom of it, which is disputed by the Chinese government. This, to me, raises a number of questions, especially about the possible role of IT outsourcing firms and implications for organizations beyond OPM. Does IT outsourcing make your data more vulnerable? Yes, I believe it does.

It’s easy to blame the Office of Personnel Management for its own troubles. Oversight was lax. The agency failed a security audit and […]

IBM is so screwed

I’ve been working on a big column or two about the Office of Personnel Management hack while at the same time helping my boys with their Kickstarter campaign to be announced in another 10 days, but then IBM had to go yesterday and announce earnings and I just couldn’t help myself. I had to put that announcement in the context you’ll see in the headline above. IBM is so screwed.

Below you’ll see the news spelled-out in red annotations right on IBM’s own slides. The details are mainly there but before you read them I want to make three points. First, IBM’s sexy new businesses (cloud, analytics, mobile, social and security or CAMSS) aren’t growing — and probably won’t be growing — […]

Your PBX has been hacked!

phreakThis past week a very large corporation on the east coast was hacked in what seems to naive old me to be a new way — through their corporate phone system. Then one night during the same week I got a call from my bank saying my account had been compromised and to press #4 to talk to their security department. My account was fine: it was a telephone-based phishing expedition. Our phone network has been compromised, folks, and nobody with a phone is safe.

Edward Snowden was right we’re not secure, though this time I don’t think the National Security Agency is involved.

Here’s how this PBX hack came down. Step one begins with looking for […]