Monday May 29

Archive for the ‘J! True Stories’ Category

Jun
09/08
PCI, PII, a Roofer and a SSN
Last Updated on Monday, 21 July 2008 11:43
Written by JJ
Monday, June 9th, 2008
Share

Yet another J! True Security Story for you…

This weekend I met with a roofer at my rental property to take measurements, see what needed to be done and get an estimate. When we met at noon, it was over 100 degrees there in central North Carolina and we spent just short of 3 hours going over everything.

The roofer, let’s call him Ross, was from one of the larger commercial home improvement stores. This particular store was offering a consumer credit program with 12 months interest-free financing. There was also a full window replacement project to follow right behind the roof. While I was prepared to pay cash for the roof and/or windows, the no-interest option offered an advantage, so I read the terms and conditions and gave the go-ahead.

Before I realized what was going on, my friendly roofer Ross was filling out a consumer credit card application for me. I remembered thinking this was odd, as we leaned against his truck, still outside in the heat. I think I mumbled something to the effect of “oh, it’s strange they make you guys do this part too..”. He had asked for all the usuals- my current and previous addresses, annual income and – of course- my Social Security Number. And, after standing in 100+ degree heat for 3 hours, I gave it all to him without batting an eye. As soon as he had it all, he called into to the mothership and was processing my credit app over the phone as I stood by to answer any new questions.

This day happened to be Ross’s wife’s birthday and they had some afternoon plans once our appointment was over. I was his last appointment of the day before he headed home to the missus for her birthday celebrations. I thanked him for his time, wished him a happy weekend and went on about my day.

What was wrong with this picture? I didn’t quite figure it out until a tall glass of tea cooled me down and returned my brain to normal operating temperature. What in the name of security did I just do? All my information (including my new credit card number) was written down on that credit form and tucked into his little notepad with the other miscellaneous papers, product glossies and forms he was carrying around… in his personal truck… on a weekend… D’OH.

I’m sure it will be fine (that’s what we all tell ourselves, right?). But in the off chance something happens… well, let’s not even go there.

# # #

Tags: , , , ,   |  Posted under J! True Stories  |  Comments  2 Comments
Apr
01/08
Trouble in the Neigborhood
Last Updated on Tuesday, 12 August 2008 04:14
Written by JJ
Tuesday, April 1st, 2008
Share

Another J! True Story   (yes, with a typo in the title ;)

Yesterday, the emails and group posts were flying around like crazy. Our little neighborhood has a private Yahoo Group for residents to communicate and connect- I’ve been overjoyed to have the online venue and it certainly proved useful these past couple of days.

We live at the end of a cul de sac, with a lovely wooded area occupying the space past our fenced-in back yard. Past the woods is a main street they’re in the process of widening. (I know, grrreeat). A couple of weekends ago, two adult men (who were obviously out of place) came up behind our house out of those woods. Our lab/rottie mix (who looks like a full Rottweiler) took notice and wasn’t happy.

So, as any good dog owner would do in that situation… I let her out to have at it. The yard is fenced, so there was no danger of anyone (them or her) getting hurt. But- it was enough to scare the crap out of them and their lackadaisical walk quickly turned into a swift gait the other direction. I couldn’t help but giggle a little.

Mission Accomplished. For now anyway.

I didn’t think much about it until yesterday when my inbox lit up with posts to our online neighborhood group. It seems there have been several similarly suspicious situations (say that 3 times fast) occurring at various times of the day and night in our little corner of Earth. Mostly, what we (the neighborhood) deemed a childish prank has now turned into a full blown ‘security’ issue. (You knew that word was coming!)

It started with harmless prank doorbell-ringing, but the offense list has grown to include instances of beating and kicking doors in the wee hours of the morning. Other neighbors have noted recent instances of someone coming onto their back deck and tapping on the back door, only to have disappeared before the home owners could make it downstairs. Each time the culprit takes off if –or before– the occupant can respond. There have been only a couple of partial-sightings, where another neighbor caught a glimpse of the incident, and it has been confirmed that these are not kids. From the posts yesterday from a handful of folks, I’d say there were at least a dozen or so instances already documented.

So that leads me to wonder… are they merely childish pranks… or are these adults scoping out a neighborhood and testing to see who’s home… ?

Either way, midnight window-tapping and 3:00am kicks at your front door (which evidently left dents) are nothing to dismiss. We’re asking the local Police Department to increase the frequency of their drive-thrus in the area. And, I’m thinking of having the group organize a neighborhood camera system.

For now, our 75-pound, four-legged black and tan security system helps me feel a little better about it all.

# # #

Tags: , , ,   |  Posted under J! True Stories  |  Comments  2 Comments
Mar
21/08
How I Got Here: The JJ Story
Last Updated on Saturday, 28 January 2012 07:07
Written by JJ
Friday, March 21st, 2008
Share

Prelude…

Many of you contacted me over the past weeks to wish me a happy birthday. My 3/6 birth date could evidently be found on Plaxo, Facebook and a variety of my other online Black Holes. I was surprised and elated to receive many e-cards and even some ‘real’ ones via mail. I even received a bottle of California wine from one of my favourite product managers :) (more…)

Mar
18/08
IT’s Adult All-Nighters
Last Updated on Tuesday, 12 August 2008 03:49
Written by JJ
Tuesday, March 18th, 2008
Share

What is it about us, in the IT industry, that makes us keep late hours and routinely burn the midnight oil?

Are we just determined… engrossed in the technology… mesmerized by the project… or under the gun from the boss? I guess we all have our reasons.

I’ve spent the past several weeks now on various little projects here and there- both personal and for customers. Several nights I spent with a firewall… still more on a network access solution… another few reading a book (on wireless). I even stayed up one night just watching Family Guy while I searched through a CLI command reference guide. (I know, it’s a wild life…).  (Sidenote: This is part of the reason I’ve been MIA and been just generally a really bad blogger for a few weeks.)

But a couple of nights were spent on site at a customer- one for a full wired cutover, and another for the wireless cutover.

Yes, at around 4:00am one night… er- morning… I was climbing on ladders and taking down some *i**o access points (consonants eliminated to preserve anonymity). And on one occasion, fatigue definitely got the best of me and I found myself having to re-type commands and fix IP addresses a few times.

But overall, I have to say it was a great experience, mostly because the customer we were dealing with has a great CIO, a wonderful network admin and an amazing team of guys and gals that hung right in there with us. They were an absolute pleasure to work with, and it sure made pulling an all-nighter tolerable. In fact, I’d go so far as to say it was FUN.

Unfortunately, we don’t usually get to dictate the circumstances of our IT all-nighters, and too often they’re the result of someone’s misfortune.

So, here’s to all of us in the security field and our all-to-common night owl habits. I hope your next one (and mine) will be as pleasant as my most recent encounters. And remember- misery loves company… drag a few folks with you and have your own crazy IT All-Nighter Pajama Party.

# # #

Mar
02/08
Security ‘In the Bag’?
Last Updated on Tuesday, 12 August 2008 03:45
Written by JJ
Sunday, March 2nd, 2008
Share

Another J! True Story…

I recently refinanced a house, and had paid a visit to my local bank branch to get a certified check for the closing. It’s a process that takes a few minutes, so as I waited at the counter, I began looking around and checking out all the happenings at the bank. It was pretty quiet, one other customer at the other end of the counter, and a bank rep adjusting some brochures hanging from a display.

As I looked around, a middle-aged Hispanic woman walked in… with a fairly crinkled McDonald’s bag in hand. No purse, no bank pouch, nothing else. It immediately struck me as odd- to walk into a bank, empty-handed except for this drive-through souvenir. This bag had lived out its useful life, so I assumed she brought it from the car to chunk it.

But she didn’t. And when she walked past the trash can and approached the counter, I knew what was coming.

Out of the crinkled fast food sack, emerged a large zip lock bag containing – something – about the size of a deposit booklet or stack of checks. Maybe there was a stash of cash amongst the contents, I’m not really sure. I tried not to stare but I was thoroughly amused at this shenanigan… and extremely curious.

I returned to my previous thought- how was this secret op mission she devised supposed to conceal the contents? Is an overtly re-used McDonald’s bag less obvious than a purse or small bank bag? All the rest of us females entered with purses and envelopes… only 1 entered with a Secret Sack. Had I been a thief planning to pounce on an opportunity, would the Secret Sack not be more interesting than a basic purse? Probably- that’s what I thought anyway.

The Secret Sack definitely made the patron feel safer about carrying around the contents, but from an outside perspective, I found it obvious and counter-productive. Instead of throwing a would-be perp off the trail, I suspect it would have served as bait. In her mind though, security was ‘in the bag’. Maybe now, instead of ‘Black Bag Ops’ we can call them ‘Golden Arch Ops’?

Remind you of any IT Security Policies you’ve seen? I can think of a few… And from now on, we will call them – you  guessed it- Golden Arch Security Policies.

# # #

Tags: , ,   |  Posted under J! True Stories  |  Comments  2 Comments

More Content

Find more of my content at
- Low Tech Hacking book
- Dark Reading
- Network Computing
- IANS
- SearchSecurity
- TechTarget

Get Social

RSSFacebookLinkedinYoutube

Subscribe

Enter your email address:

Delivered by FeedBurner

NetworkedBlogs