Thursday Jul 20

Archive for the ‘J! True Stories’ Category

Jan
05/15
My Divine Comedy and InfoSec Purgatory: Personal notes from JJ
Last Updated on Monday, 5 January 2015 09:02
Written by jj
Monday, January 5th, 2015
Share

I’m writing this blog post tonight to share some thoughts, and perhaps solicit some entertaining (if not useful) feedback, which is sure to be the outcome. It’s a new day, a new week and a new year, and I’m ready to expose a few of my more inner thoughts and realizations in hopes of earning your support and, if not your support, perhaps your empathy as a matter of entertainment. (more…)

Posted under Industry Insider, J! True Stories  |  Comments  2 Comments
Nov
08/13
At RSA, we’re talking mindfulness and I’m scared sh**less
Last Updated on Friday, 21 February 2014 10:45
Written by jj
Friday, November 8th, 2013
Share

Honestly, I’m scared shitless. Three months ago two people took an idea that had been brewing independently for years, and they made a commitment to it. Mike Rothman and I submitted a presentation topic we were certain would never make it to the ranks of the world’s largest security conferences.

But it did. And so today, I’m overjoyed, a little relieved, excited at the opportunity, and yet at the same time a big piece of me is completely mortified. This talk, although founded in science, is a big lift of ol’ virtual skirt. It’s a talk about being happy, getting a grip on life, and using mindfulness to succeed and excel at everything you do. (more…)

May
23/09
Who’s In The Hotel: Security FAIL
Last Updated on Saturday, 23 May 2009 11:58
Written by jj
Saturday, May 23rd, 2009
Share

I think I’ve waited an appropriate amount of time to post this. I don’t want to implicate the exact hotel, but here’s another security fail to share with you all on this lovely holiday weekend…

Several weeks ago I walked in to a major chain hotel around 9:00 or 10:00pm. When I approached the front desks (there was a grouping of them) I wasn’t met with a hotel receptionist. I was greeted instead with what seemed to be the entire hotel guest list printed (in alphabetical order by surname) and left on the top of the counter.

It took several mintes (specfically, just over four minutes) for a hotel representative to realize I was there and come from an office they were tucked into somewhere behind the desks. I didn’t mind the extra wait, it gave me time to look over the list, giggle and even take some photos. One of which is provided in a blurred format below. (And no, there was no two-way mirror giving them a view to the front check in.)

This post and the “What’s Your Preferred Internet Password?”  post are a tribute to Johnny Long and the Security FAIL image project.

Tags: , ,   |  Posted under J! True Stories, Travel  |  Comments  1 Comment
May
22/09
What’s Your Preferred Internet Password?
Last Updated on Saturday, 23 May 2009 12:05
Written by jj
Friday, May 22nd, 2009
Share

Oh, so what; you’re not going to tell me?

It should be fine for me to ask, Priceline does…

I’ve seen references to a ‘popular travel site’ using this question from years ago, but I certainly never expected to see this in 2009. When you log in to the Priceline.com site, it asks for your email address and your security question (or as they call it, your sign in question). I was shocked when I used Priceline to book recent travel to the West Coast and had to set my login preferences.

One of the options under personal information is to set your security question to “What is your preferred internet password?”. I’d have to say that’s irresponsible AT BEST.

Well, at least it’s a secure https page, right? ;)

 

# # #

Jul
03/08
Grande Theft Auto… What Was He Thinking?
Last Updated on Monday, 21 July 2008 11:37
Written by JJ
Thursday, July 3rd, 2008
Share

Well, it didn’t happen to me- but here’s another J! True Security Story for you…

I went to the salon today to ‘get my nails did’ and was greeted with quite a ruckus. The entire staff is Vietnamese- no big surprise there- but the owners and most employees speak English extremely well and so everyone is always chit-chatting throughout the salon.

The wife side of the husband-wife team was especially giddy as she shared a little gem of a story with me today… and I didn’t feel I’d be doing you justice to keep it to myself. 

They (the salon staff) all live in one of the larger cities here in NC. One of their friends (a middle-aged guy) was out shopping Monday and was sitting in his car in a parking lot during a coming- or going- to a store. A young girl (mid-20’s) came up to his car and motioned to ask for use of his cell phone.

Now, at this point in the story, I could have told you the rest…

photo_girlcell.jpgHe opened the window a bit and the young lady asked to borrow his phone for a moment to call a family member. Turns out she had some car troubles and needed a ride. Being the nice gentleman that he is, he lent her the phone and she took a couple of steps away to make the call. Only… she didn’t stop. Evidently she got about 4 cars down the row before our chivalrous guy got out of the car and gave chase.

When he got in reach, she pushed him down to the ground and – yep – ran back to his car, phone still in hand… and drove away.

He now has no car and no phone. So, ironically enough, he then had to approach a stranger and politely ask for the use of their cell to phone home and let the group know he was bamboozled. A few tears were shed, but his wife assured him it would be fine and he shouldn’t be scared. (No, I’m not making that up).

I was giggling right along with her (and the guy’s wife, who happened to be there).

Moments later I thought to myself, “I hope that doesn’t happen to me!” Almost in the same instant I realized… it probably wouldn’t. I’ve been a bit of a paranoid freak since I was little, thanks probably in most part to having two ex-military intelligence parents. For all my life I’ve been raised with ‘the security mindset’ as Schneier refers to it.

Always suspicious… always calculating… always aware… and certainly never underestimating a situation.

And so then I had to muse… WHAT WAS HE THINKING leaving the car running and unlocked to go after the siren with the cell? For the sake of politeness, I kept my question to my ‘inside voice’, but I do have to wonder why you’d sacrifice the security of a vehicle for a $50 cell phone.

The moral of the story…  There are two. 1) Involve someone with a ‘security mindset’ and 2) Your security is only as strong as your people. A sweet damsel in distress… social engineering at it’s finest…

# # #

Tags: , ,   |  Posted under J! True Stories  |  Comments  No Comments

More Content

Find more of my content at
- Low Tech Hacking book
- Dark Reading
- Network Computing
- IANS
- SearchSecurity
- TechTarget

Get Social

RSSFacebookLinkedinYoutube

Subscribe

Enter your email address:

Delivered by FeedBurner

NetworkedBlogs