Author: jgamblin

I have been doing a lot of traveling and speaking over the last year and my old (but trusty) Latitude D630 was starting to show its age (as in wont cold boot unless I remove the battery) and I was running out of room on the lid for conference stickers so I jumped at the chance when Dell offered to give me a new XPS13 Ultrabook.

This is my first ultrabook but just the difference in size is going to make me love the thing. It is a little less than 3 pounds compared to the 6+ pounds of my D630.

The laptop its self is really well put together. I love the Chiclet style keyboard, built in webcam and screen is just amazingly bright and clear.  I was watching an episode of the Simpsons on it the other day and it looked a lot better than my TV.

There are two things I am not in love with on this laptop. The track pad seems to lock up when I am using it and it takes a few seconds for it to respond. Update: This is fixed by disabling the Palm Rejection. The other thing I am not crazy about it the displayport, I understand they did it to save room but I will be that guy asking to borrow your displayport to vga converter at every conference. I lose those things faster than a second grader loses his baby teeth.

Overall the XPS13 seems to be pretty awesome. It will be very interesting to see how the battery and the case holds up once conference season starts for me in May.

I gave a talk at William Woods University on Friday about protecting yourself on social media sites and after I got done with my talk and was chatting with a group of students who came up to ask some follow up questions they didn’t want to ask in front of the group when one of the kids (I am getting old if I can call a college aged man a kid)  came up said:

Great talk but isn’t this mostly common sense stuff? Do people really not know this? 

OUCH.

I am pretty sure he just asked me why he wasted an hour listening to me tell people to not post images of their junk on twitter when he could have been out playing Frisbee on the quad.

I told him most people should but a lot of smart people don’t so a refresher isn’t always a bad idea and I then wanted to yell something about staying off my lawn at him.

Then tonight my buddy @jack_daniel goes on a twitter rampage about how security people can barely hide their contempt for the “stupid people” they work with.

It got me thinking about the self-image that I and many security people have.

We want to see ourselves as the Navy Seals of our IT Shop.  We do what no one else can do! We do it better, faster and sexier.

When in reality we are Paul Blart trying to tell our users nicely to not click links, have good passwords and not give the companies bank account information to a Nigerian Prince. Often with little real recourse we can take ourselves without calling someone else.

So maybe if we actually started acting like Paul Blart and not the Navy Seals our end users would respect us and we could do what we are actually paid to do,  Keep things in order and when something bad goes down call in the people with the real power.

I had the opportunity to talk to a large group of network administrators and computer professionals for colleges, libraries and K-12 schools in Missouri at the Morenet Connections and HELIX conference this past week about the importance of a security awareness program to their overall networks security.

Far too often we get caught up trying to solve network security problems that could be easily addressed with a “lunch and learn” with a complicated and expensive hardware solution. 

When was the last time you sit down with a pizza and explained to your end users:

• Why good passwords matter?
• Why they should use different passwords on all sites?
• How to protect their bank account?
• Why they should use 2FA on their accounts?

It will cost you $20 and likely do more than a $30,000 firewall could do.

I was devastated yesterday when Mizzou lost to Norfolk State in the first round of the NCAA tournament. I had hopes that this would be the first time that Mizzou would make it to the Final Four.

At least we got this hilarious quote for our loss:

I’d like to personally thank President Obama for allowing us to bust his bracket.

– Norfolk State’s Jamel Fuentes

The burden of poverty isn’t just that you don’t always have the things you need, it’s the feeling of being embarrassed every day of your life, and you’d do anything to lift that burden.

A report out over the weekend says that the Facebook app for Android reads the text messages off of your phone.

Facebook has responded by saying the Times piece as “completely wrong”, but acknowledges that the Android application permissions require SMS read and write permissions for “testing purposes”.

A lot of Android apps ask for a lot of ridiculous permissions. ZDNET put together this awesome table of Android apps permission.

By now you are asking: So, What do I do?

If you own an Android phone all you can do is not install apps that ask for ridiculously over reaching apps. Is accessing your Facebook on your phone really worth them having access to your text messages (even if they arent reading them)?

Over the last couple of months Pinterest has become a super popular website among people who love arts and crafts and has steadily been filling up my facebook timeline with stuff they want to do or think is “really cute”.  I really hadn’t given much thought to the website until someone asked me how to secure their account (then of course I was hooked).

The first thing I noticed was the pinterest is in a “closed beta” right now and you have to be on a waiting list or have a member invite you. Luckily just by asking on Twitter and Facebook I was able to snag 8 invites!

When you get an invite it looks like this:

From there you are asked to connect it with your Facebook (or Twitter) account:

On this screen is where you get to decide who gets to see your pinterest “pins”.

I configured mine to Only Me. At a maximum yours should be set to Friends. I couldnt see a time when having it open to the Public would be smart. 

From here your Facebook and Pinterest account are connected and you are given an opprounity to go back to the Pinterest website.

Once there you need to take a look at your setting on pinterest:

On the settings page the one thing I noticed you should do is to “Hide your Pinterest profile from search engines”. This will stop your pintrest board from coming up when people google your name.

As with all social media services you need to perodically look at the setting pages and see what they have added. As of now Pinterest doesnt have a monetization plan (that I can find) so your information seems to be safe. At some point they will likely either add ads to the site or start selling your information. At that point I will revisit this blog post.

My son raps ice ice baby! Yes, he did get his dances moves from me. Why do you ask?

Success is never owned, it is only rented; and the rent is due everyday.

I just read this press release from the FBI.

 ST. LOUIS—The United States Attorney’s Office announced today that a former employee of a local shipping company has pleaded guilty to damaging their computer systems.

According to court documents, Jason Schrum was employed by Axis Worldwide Supply Chain & Logistics, Inc., a company that provides services related to international and interstate shipping and logistics, including shipping large materials used in construction projects. Schrum was a transportation manager for Axis and an administrator for their computer system until his termination over a dispute in April 2011. He then went to work for a competitor of Axis and had no reason to access their systems or any Axis computer after mid-May 2011. On June 12, 2011, in the late evening, without authorization, the Schrum accessed the Axis computer system and carried out numerous actions, including deleting customer shipment records, customer shipment history, and manipulated shipping rate tables. The company has estimated that the damage/cost was more than $25,000 to repair and correct. JASON SCHRUM, Desoto, Missouri, pled guilty to one felony count of computer fraud before United States District Judge Henry Autrey. Sentencing has been set for May 8, 2012.

This charge carries a maximum penalty of 10 years in prison and/or fines up to $250,000. In determining the actual sentences, a Judge is required to consider the U.S. Sentencing Guidelines, which provide recommended sentencing ranges.

This case was investigated by the Federal Bureau of Investigation. Assistant United States Attorney John Bodenhausen is handling the case for the U.S. Attorney’s Office.

When I see stories like this my questions are always:

What responsibilities do companies have when they let an employee go to make sure they no longer have access to their network?

Obviously what this guy did was bad but is there a legal liability for companies who have turn over in their IT shops to make sure their ex-employees cant access the network?