Good day to you,

As a Technology and IT Security professional services organization that has been an advocate for the enhancement of Technology and IT Security education, training, awareness and development for our people, we have taken the next step in creating a Community Security Network Operations Center “CSNOC” to further enhance this goal. Our CSNOC will help to provide more safety and security through technological advancement resources to secure the systems in our communities through a managed service infrastructure. This will allow the effective configuration, value and use of today’s latest and greatest technologies for the residents, consumer and business users. Leveraging the cloud technologies of today’s leading providers, we have been testing and building test pilots across our communities with great successes and are now ready for full deployment.

Our CSNOC will provide 24hrs technical support for all members systems which covers laptops, workstations, servers, tablets, mobile devices and other networked technologies with on and offline viral, malicious, intrusion detection and prevention and web content security. Our coverage of these technologies and solutions will remove the managing of yearly renewal submissions, product updates, learning, configuration and deployment from the users as our secure relations teams are always monitoring and working with our security development partners to ensure that we are staying on top of the latest updates, optimizations, configurations and settings so that we are always standing by our promise of creating a utopia of computer security for all no matter where you are using them.

We are very excited about this new service model offering as it speaks to our constant vigilance in creating a bigger, better and more converged security model for communities. Now our communities can be more securely connected and safe with the watchful eyes of our security experts team at the helm of this new era of technological advancements.

You can follow our CSNOC’s updates and development on Twitter here http://twitter.com/SISFIs_CSNOC

Thank you very much and have a great day. We apprecilove your patronage and look forward to serving you more.

~Brett A. Scudder~
President/Chairman ~ SISFI ~ The Scudder’s InfoTech SecuriCity Foundation | http://sisfi.org
President/CEO/Chairman/Founder/Security Architect – ~TITSSN ~The IT Security Suite Network~ | http://titssn.net
The IT Security Attaché | http://theitsecurityattache.com
SISFI/TITSSN’s Technology / IT Security Social Network | http://titssn.org

Good day to you,

Today at 12 noon, SISFI officially launched its website http://sisfi.org and resources to the general public. We look forward to your patronage and providing the valuable resources needed for technology and IT Security education, awareness, training and development for all. As we embark on this mission, we ask that you take the time to learn more about our foundation and its objectives as we are all affected by the on and offline technology and security, privacy and risks of our every growing and changing global infrastructure.

Strength in numbers, strength in determination, strength in leadership, strength in values, strength in effectiveness, strength in qualities, success in strength.

Please join us as we take on the tasks ahead with an open mind, willing hearts and full schedules. We ask for your support by signing our guestbook and sharing your endorsement.

Thank you very much and have a great day. We apprecilove your patronage and look forward to serving you more.

~Brett A. Scudder~
President/Chairman | SISFI – The Scudder’s InfoTech SecuriCity Foundation | http://sisfi.org

Good day to you,

We are getting ready to launch a major Cyberbullying offensive in May are asking for your support in numbers. We want to have a strong unified voice that will echo far and wide, loud and clear, deep and strong with hearts and hands in unity to every heart and mind. This is a people problem that can only be solved by the people if we unite and face the reality of its dark secrets and inner workings of simplicity. It is so easy to put into effect but yet so hard to get rid of or forget and unless/until we open up the lines of communications and call it what it is, we are in for more serious fatalities.

We are all affected by this threat and the only way we can win against it is to unify in a campaign of higher education, awareness and open discussions about the impacts, effects and solutions for it. Even if you don’t know of or about it, even if you have not been affected by it, even if you’re not privy to its darkness, help to bring them to light so we all can help each other overcome it.

We are aiming for at least 500 fans to kick off this initiative on our Facebook fan page http://www.facebook.com/pages/The-Scudders-InfoTech-SecuriCity-Foundation-Inc/106901499345679?ref=mf  so let us spread the word, build on the intensity and start motivating towards this blocking and mitigating this silent killer.

Strength in numbers, strength in the vision, strength through unification, strength in hearts, mind, love, care and concern on this converged global network.

Please join the fight towards this goal with us on Facebook.

Will you join us in vanquishing this inhumane evil?

Thank you very much and have a great day. We apprecilove your support and look forward to serving you more.

~Brett A. Scudder~

Event Title: TITSSN in association with the SQPA (Southern Queens Park Association) invites you to a FREE Technology and IT Security Forum

Description:  An invitation to: Parents, Students, Administrators, Teachers, Business Professionals, Business Owners

You’re invited to an evening of awareness, training, networking and collaboration which will feature a look at some of today’s top technologies and the varied features and functionalities they present. We will focus on educating and making you aware of these technologies and how to use them safely and stay secure. You are at risk and resistance is futile. If there are any particular technology (hardware/software) that you’re interested in learning about, please feel free to ask, we may be able to facilitate getting more information/resources or help on it for you.

Food and refreshments will be provided.

Free 1 year subscription for anti-virus/anti-malware for every attendee

Guest speaker/presenter – Mr. Brett A. Scudder – President/Chairman of SISFI and TITSSN

Featured Topics:

- Understanding the impacts of the internet and technology in the business place and home

- PC/Internet Security guidance and best practices for adults and children

- Identity Theft Prevention and Protection

- Understanding your Privacy and the laws

- Instant Messaging threats and prevention

- Social Networking privacy, safety, security and its impacts and effects

- Why am I at risk in this new era. Can I avoid/resist it?

- How to protect against viruses and malicious codes (Spyware/Malware/Trojans/Worms/Ransomeware)

- Mobile devices (cell phones, PDA’s, iPhones, Smartphones) security/risks and best practices

Please RSVP to Brett.Scudder@titssn.net or (718) 928-9731

We look forward to seeing and having you with us for a great session.

Event Date/Time: Wednesday, April 7, 2010 from 6:30 pm to 9:00 pm

Host(s): TITSSN, SQPA and SISFI

Location: Roy Wilkins Park, 177-01 Baisley Blvd., Jamaica, NY, 11434

Event Type: Community Empowerment

Location: Queens, NYC, USA

Sponsor(s): The Scudder’s InfoTech SecuriCity Foundation and TITSSN

Good day to you,

~Brett A. Scudder~

Good day to you,

Over the years the network has been an avenue of resources and support and a channel in the right directions and connectivity to/with the needed people, processes and technology for all. During this time we have helped people across all industries, verticals, markets, segments and people all in the name of elevating the levels of education, awareness and visibility of and about Technology and IT Security through sales, services and support.

Whether it is by providing employment opportunities, job placement, funding opportunities, technical support/resources, networking, event hosting and collaboration, we have been there as best as we can, in all that we can. Now the network embarks on its final stages of convergence and integrating all these services, values, resources and opportunities into a new operational model, a social network, the support wanes heavily. The same people that we have been there for, connected with, shared resources or positioned in employment opportunities with were reached out to with a call for support of the new network initiative and it has received a very weak and somewhat daunting and disregard feedback and response.

Some people who have not yet answered to the call are still seeking support and assistance in various ways. They still look to the network for guidance, collaboration and support but do not see the piece where they fit into the mix and help to build on things by joining and being an active member. Yet, unchecked, the network must still provide the quality of services and support as it does by its very existence as we stand by our motto,

We are Security – your Security – our Security – IT Security. Our Security is Safe and Secure.

How do we expect to build on this without the support of the people and the values they bring to the network?

The network was built as a converged resource of everything about us, what we do, how we work, the people we associate, communicate and work with and the vendors, manufacturers and developers that we sell, service and support their products and solutions. We needed a central resource that would bring everyone and everything together and allow group discussions, networking, collaborating, exclusive promotions and the ability to grow together. While the network is ever changing and enhancing itself to be all that it can be and more, the needs from our members is also growing and so to create the perfect balance, the network needs the active support of its members and people.

So the next time you think about something you need from the network, ask yourself,

What am I able to do for the network and what would the network require of me to help make it better?

Let’s all work together for the betterment of this valuable resource so that we call can benefit from it in as many ways as possible. While you will forward jokes and other non trivial things to your peers, family and friends, how about sending them an invite so they too can come in and join in the initiative.

I am the network and the network is me. I am an extension of the resources and value it brings and so I must conduct and present myself accordingly.

Thank you and have a great day,

~Brett A. Scudder~

In today’s world of technology, you’re under attack from multiple angles, products, solutions and people, yes, people, even those you may know. The threat from known and trusted sources is ever increasing because of the simple fact that because I know you I will trust that what you’re sending me is legitimate. This is a very bad analogy and one that only lead to serious issues because you never know if the message, file, document or link was intentionally sent from the person rather than an infected system being operated by a bot master.

When an infected system gets to this level where it is sending out invites, notices, links and other kind of communications from your PC, the end user is at the mercy of their common sense in thinking of whether or not to open and use it. This presents many problems for the end user because this could come to you in the form of many things, all of which are valid resources that you may normally use.

Let’s take a quick look at a few of the top ones.

Web browsing – quick, simple and easy to infect by drive-by-downloads. One of the fastest growing trends of infection today is the use of websites for infection. A drive-by-download is when you visit a website that has been infected with malicious codes and by simply viewing it the code is downloaded onto your system and builds itself into a threat. Because of its simplicity, there have been drastic increases in the number of infections from drive-by-downloads that are even bypassing anti-virus solutions and making a successful hit on the system. Many will not even know when they are hit because the payload and production is done behind the scenes and is totally transparent to the user.

Are you running the latest version of the browser?
What kind of threats am I exposed to by using this browser?
Does it have a history of successful exploits and if so, am I vulnerable to them and how can I fix them?
When was the last time you checked if you are running the latest updates, patches and fixes for your web browser?
Is the browser configured for optimal use and security while browsing the internet?
These are basic questions you should be asking yourself.

While this is a major issue today, many people still get caught up in the discussion of browser security and what is best, better, more secure or even more vulnerable. My word to you today is, all systems, applications and browsers are vulnerable if not properly patched, secured and used efficiently. Many systems are running vulnerable applications that a hacker or malicious piece of code has many entry points to be successful in hitting a mark. Many users are running security solutions that are outdated, unpatched and expired that it is scary to think they are comfortable with these things.

Email – an infected system is used to send messages to everyone in your address book pointing them to a website they need to visit that is riddled with threats of all sorts. This is one of the easiest forms of compromise because everyone knows that you should not accept emails with attachments from anyone you don’t know much less to get it from someone you know.

So what do you do when you receive an email from someone you know, love, trust and/or do business with?

So I just guaranteed myself that you will visit the link in the email because you’re thinking that it’s legit/ok and because there are no attached files in the message what are the chances of a risk, hmm, much more than you think. Drive-by-download is the fastest and most successful form of attack because of its simplicity. Most people today are not running a security solution that provides web filtering and web browser security and so the traffic goes unchecked. So as simple as that, you visit this website and because your anti-virus solution is not able to detect and block these attacks you’ve now been owned.

IM (Instant Messaging) – a growing trend that is easily exploited and with major impacts because a worm hijack the IM application and start sending out messages as if it was the user sitting at the PC doing it. So you have 200 contacts in your IM list and they are all vulnerable due to you being infected with this worm that is spreading from your PC.

Will you know this is happening?
Maybe, or maybe not depending on how you manage and maintain your system. Maybe one of your contacts will say, hey, I got this message from you to look at some pics on a website but when I went there nothing happened, it was a blank page with an error on it.

Hey, guess what, you’ve just given your friend the threat or exposed them to it unbeknownst to them. This is such an easy method of infection that it’s unnerving.

Storage and media players – now here’s one of my favorite. The use of storage devices like USB flashes drives.
Who doesn’t have one today?

They are so prevalent because of the low cost, ease of transporting, size and high storage that you can get them any and every where you go today. It is a very nice giveaway at an event where the host wants you to have the information or handouts in a soft copy. Go to any tech store or even online today and you can get a 4GB drive for under $20 and in some cases even under $10.

Media players – through the sharing of media files such as avi, mp3s and mp4, threats are easily slipping through the anti-virus systems and successfully attaching to the systems and causing all kinds of damage. One must be very cautious when it comes to sharing files such as mp3, avi and other media containers.

Back in the day we used to think of an infection as an application that has to be run (some still do today), while that was true then for most of the threats out there, it is certainly a different ball game today. You don’t have to run anything to get an infection, simply viewing a website/page is enough to cause a world of pain. Yet, unchecked, old systems with old scanning functions are being used to ward off these new threats and type of attacks.

Back in the day we used to think of email being just text messages, today email is the primary delivery mechanism for audio, video, text and many of today’s critical threats that propagate through the wires.

We need to get rid of the old mindset of thinking and wake up to a new and more sophisticated level of warfare that we would never send our children into but has come into our homes and is right there in front of our families.
We need to rise above the decadent levels of omission where one is exempt from high level meetings, discussions and events because they do not meet certain requirements, but are adversely affected and impacted by these same issues. None should be omitted as the omitted can be your weakest link or area of vulnerability.
We need to start thinking of threats as the new form of invasion from known and trusted sources. You are just as much at risk as anyone else and the threats does not care who, what, why or where you are online, you are at war now stand up and fight by educating yourself, being aware of the threats/risk and arming yourself with the proper solutions to protect you.

These are some of the needed education and awareness that we should be exposing our children and youths to today as they are as much involved as those of us in the workforce and industry.

Thank you and have a great day,

~Brett A. Scudder~

Good day to you,

We are never failing when it comes to the ingenuity, resources, value and professionalism and so we are adding three new segments to the network.

ThreatsMix – leveling the IT Security Threats Landscape for everyone to see where and how they fix into the matrix, the things that affects them, how it affects them and how they can be more protective and secure in today’s world of technology. ThreatsMix will provide a holistic look at providing better education and awareness about the threats and what is active in the wild while you’re actively under direct impact from them.

Where do you stand in the mix, are you  properly secured and are you ready for the next level?

The IT SecuriCity (Security City) is a city built by IT Security professionals, vendors enthusiast and advisors for people to come in and peruse the resources and values that we have to offer. This city will house the latest, greatest and most organized environment of technical and professional technology and IT Security resources as we go forward. Visit our city and check out the sights, views and resources that will be available.

Securious, the word speaks for itself as we have and will always take IT Security very serious and as such will be providing the highest levels of value and resources for all. This is Securious.

More details to come as we build on integrating these into our social network home.

Thank you and have a great day,

~Brett A. Scudder~

Good day to you,

We’re running a promotional signup special on our social network for the next two weeks in an effort to promote the content and information we are making available. Every new member that signs up through October 15^th will receive an extra 1500 points to be used for virtual gifts in the network. We are adding more valuable solutions and products to our virtual gifts store for our members. The more points, the more choices you have to get gifts.

We have a few new vendors who are joining the network and will be contributing towards the gifts so gather up those points and get ready to use them.

http://titssn.org/signup.php

Please remember to spread the word and let everyone know that we’re here to provide valuable education, awareness, training and networking on/about technology and IT Security and all are invited, no exceptions. IT Security is a people problem, not an industry one and is how we’re addressing it.

Thank you and have a great day,

~Brett A. Scudder~

Good day to you,

Last year I started a series of online presentations that were geared towards IT Security education, training and awareness and they had their ups and downs. One thing that is sure is that the information needs to get out to the people but more importantly is to get the right info and resources out. While I invited people to the sessions they declined to attend only to come back with questions of a similar issue a week or two later. Many people today still don’t know how they are impacted by these security issues or how to address them. My online sessions provided critical information about such things in an effort to let people know that IT Security IS a people problem, NOT an industry one and so they must get educated and be aware of what the threats landscape looks like and where they fit into it.

So this year, 2010, we are taking it one step further and introduce a monthly online IT Security Panel discussion to help address some of the issues that are out there in the wild. My aim is that by doing this online we can/will attract a wider range of people in the comfort of their homes, workplaces and places of learning.

I have met and talked with a few security experts who will be joining us at different levels of the security space to help to make this valuable and resourceful. More details will be posted as the sessions are aligned with the panelists so stay tuned.

Thank you and have a great day,

~Brett A. Scudder~

Greetings my fellow readers,

This is an early heads up for you my valuable blogs readers that we will be giving away a lot of great full version security solutions for FREE as a part of our contribution towards helping to provide more education, awareness and security for our online users. I value your support in reading my blogs and sending me your feedback and support so here’s a little something back from me to you.

There will be anti-virus suites, anti-malware suites and other detection, prevention and mitigation solutions from the vendors in our network. You must be an active member of our social network to win so join up now and get ready for some good stuff. All are invited so join us if you are not yet a member of the best new social network around.

http://titssn.org/signup.php

The giveaway details will be provided shortly as I work on purchasing the solutions to have enough to distribute.

Thank you and have a great day,

~Brett A. Scudder~

Obama’s cybersecurity plan gets cautious praise

The challenge will be to get various interests working together

Jaikumar Vijayan | http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9133687  

May 29, 2009 (Computerworld) President Obama’s plan for securing cyberspace and his creation of a new White House cybersecurity coordinator are being greeted with cautious optimism within the security industry.

Many see the strategy as a sign of the administration’s willingness to recognize cyber threats as a national security issue. But until details are fleshed out, it’s hard to know just how far it will go in bolstering the nation’s ability to deal with cyber attacks, they said.

At a White House briefing, Obama described a five-pronged cybersecurity strategy for defending government, military and private sector networks against threats from what he said is a growing number of bad actors. He noted that the new cybersecurity coordinator will be responsible for pulling together a national strategy for securing American interests in cyberspace and stressed that the government would safeguard privacy concerns. (The new office will include a privacy officer.)

Obama’s proposals had been widely expected and are based on the recommendations from a government-wide review of cybersecurity undertaken at his behest by Melissa Hathaway, a former Bush administration aide who he appointed as acting senior director for cyberspace earlier this year.

“I was encouraged see that the [Hathaway] report got presidential support today — that’s critical to the success of any program,” said Patricia Titus, the one-time chief information security officer at the Transportation Security Administration (TSA) who now holds a similar job at Unisys Corp.

The challenge for the Obama Administration is to actually implement the proposals in a meaningful way, Titus said. A lot will depend on the relationships the new cybersecurity coordinator can build and the kind of influence he or she can exert across government and the private sector, she said.

While centralizing authority for cybersecurity matters in the White House can have benefits, care needs to be taken to maintain a balance of power, she said. “We need to make sure that no one is pushing the red panic button without making sure there are other individuals in the decision-making process and at the appropriate levels to get input from,” she said.

Obama did a “great job” of summarizing the cybersecurity threats the nation faces and the approach that’s needed to resolve them, said Scott Charbo, former deputy undersecretary of the National Protection and Programs Directorate at the Department of Homeland Security (DHS).

Especially encouraging is the president’s focus on setting specific milestones and on ensuring accountability within government, said Charbo, who is currently director of cybersecurity at Accenture. Obama’s apparent plan to give the new cybersecurity coordinator a greater say in ensuring that federal agencies are investing adequate resources on cybersecurity is also a very positive step, he said. But successfully moving forward on a White House-led cybersecurity effort will require a “cultural transformation” by government agencies.

“I think everyone is anxious to understand who the cybersecurity coordinator will be,” Charbo said. “It needs to be someone who can listen to new ideas. It needs to be someone who is focused on outcomes and on metrics.”

Ensuring that all of the right players are at the table when developing a national cybersecurity strategy will be key, added Billy O’Brien, former White House director of cybersecurity and communications systems policy. O’Brien is now an analyst at Deloitte.

To date, government officials, defense organizations and the DHS have all been working on disparate missions when it comes to cybersecurity. Getting everyone working together can be a challenge, he said.

The mission of the intelligence community, for instance, is to intercept an attack using the cyber infrastructure; the DHS is supposed to protect critical infrastructure; the Department of Defense has defense-and-attack authority; and the White House has coordination authority. The question that will need to be asked is whether “all of the right players are at the table or if there is a need to add more,” O’Brien said.

Also key: figuring out how to ensure that the private sector is “holding up [its] end of the deal” when it comes to the critical infrastructure in private hands, he said.

Enrique Salem, the CEO of Symantec Corp. , said in a statement that the decision to re-establish a strong White House role for cybersecurity is “gratifying.” The last executive to have a cybersecurity role in the executive offices of the president was Richard Clarke, who was special advisor on cybersecurity to President George W. Bush when he retired in 2003.

In the six years since, cyber security oversight and involvement has moved from the White House to other government agencies, even as cyber attacks have grown to the point where they are now a “full-blown threat to national security and commerce,” Salem said.

“The coordination must come from the White House level to address the situation and to provide focus on the global nature of this problem,” he said.

Software [In]Security: Twitter Security

By Gary McGraw

Date: May 15, 2009

http://www.informit.com/articles/article.aspx?p=1350268

Article is provided courtesy of Addison-Wesley Professional.

Content issues aside, Twitter has some potentially serious security issues. Gary McGraw, author of Software Security: Building Security In, details these vulnerabilities.

Making Your Thoughts as Small and Incomplete as Possible

Just for the record, I don’t use Twitter. But if this column were a Twitter entry, it might read something like:

My biggest issue with Twitter turns out not to be a security issue, but rather a content issue. If you thought that blogging led to information chaos, half-baked ideas, and incoherent logic, Twitter ups the ante by making the constituent thoughts as small as possible. Perhaps I’m a Luddite, but I think editors play an important role in the world separating the wheat from the chaff. I’ll miss my paper copy of the Washington Post once the newspaper business finally dies. Replacing the daily newspaper with Twitter detritus seems like a lousy tradeoff.

But this is a security column, so lets spend a few minutes pondering the security ramifications of Twitter. I can think of a few right off the top of my head: it’s easy to spoof someone on Twitter, it’s a perfect vector for malicious code and phishing, Twitter allows dingbats to cash in their last remaining privacy chit, and it has a coolness factor that often overrides common sense.

Spoofing Twits

On the Internet, nobody knows you’re a dog. In fact, nobody knows who you are at all. This can be a problem.

Fake websites abound on the Web. A humorous collection of them can be found here. Spoofing an organization is as easy as buying a URL. But it gets worse. The rather largish issue of spoofing the entire Web, first described in detail in 1997 by the Princeton Team, remains a serious problem! Really.

Twitter carries on in the long tradition of Internet spoofing by allowing someone to masquerade as just about anyone they want. In fact, even lowly security guys like me apparently merit spoofers. I have no idea who FakeGaryMcGraw is, but it’s not me. The question is whether or not I should care? (Some people apparently do.) It’s really not that clever or interesting making fun of someone anonymously. Twit.

EDITOR’S NOTE

For more on how Twitter spoofing affected then President-elect Obama early in 2009, see John Traenkenschuh’s article Passwords: So Important, Yet So Misused.

Malicious Code: Koobface Targets Twitter

Putting spoofing risks to shame, Twitter makes an excellent vector for malicious code and for phishing. By embedding a URL in a Tweet (less than 140 characters please, so tinyurl may be in order), nefarious persons can cause you to surf to a website with malicious code. Or maybe they can just get you to hand over your credentials.

Lest this sound far fetched, one of the first worms to target Twitter (called Koobface and now on its second wave), used a classic phishing attack. The Tweet in question says jannawalitax.blogspot.com “has a funny video about you” or “a funny post about you” which in theory sends you back to the log-in page of Twitter. But instead of the real login page, a fake page is displayed where many Twitter users happily authenticated themselves with their real credentials (thus handing them directly over to cybercriminals). A second version appears to come from your Twitter colleagues making it even more likely to be clicked on.

Twitter is no more dangerous than any other phishing vector, of course. But it is no less dangerous either.

Privacy? What Privacy?

Finally, there is privacy. Congressman Pete Hoekstra learned the hard way that Twitter peels away yet another layer of the privacy onion. By Twittering the arrival of his Congressional delegation in Bagdad, the Michigan Republican garnered plenty of intense criticism. Did his Tweet compromise the security of the supposedly secret mission (the trip was classified and his location was not to be known)? If not, it’s probably only a matter of time before Twitter is mistakenly used to that effect.

This is not an issue exclusive to Republicans. Obama’s new CIO Vivek Kundra is a big fan of Twitter and has encouraged his staff to make use of the service. Hopefully they will take into account the public nature of Tweets.

The problem in this case is that nobody seems to realize that Twitter is a public forum. Generation Y is busy confronting this big privacy issue head on. Their Facebook, MySpace, and Twitter-laden pasts sometimes don’t help much as they trawl for work during a recession. What you say in public on the Internet is, well, public. Furthermore, what you say and the pictures you post may come back to haunt you when you’re not busy doing tequila shots. Hangover anyone?

Meet the New Boss, Same as the Old Boss

Personally, I think Twitter should be rebranded “Touretter,” transforming Tweets into “Twitches.” Then again that’s probably a disservice to poor people who are victims of Tourette’s Syndrome. There may be more actual content in tics.

A wise person once opined about writing a shorter note if only there were more time. If we equate additional thought with better quality, then the average tweet has to be electronic equivalent of exclaiming “Hey, look what I can do!” just prior to applying for a Darwin Award.

What the world needs is a large number of unemployed newspaper editors to sort through the Tweets and let us all know what stories to pay attention to. I hear there’s going to be a big supply.

© 2009 Pearson Education, Inc. Informit. All rights reserved.

800 East 96th Street Indianapolis, Indiana 46240

Good day to you Mr. President,

It is good to see that you are taking a stance in the IT Security issues of today but the most fundamental problem we face is the concept that it is an industry or corporate problem. IT Security is a people problem and until we start seeing it that way our approach to the issues will always fail. The availability of information and resources to mitigate these issues needs to be centrally available and disseminated effectively across the board in an unbiased manner.

No man stands alone in this cyberwarfare, we must unify the effort to strengthen all links/angles as all are affected, no exceptions.

The problems of the technology space exist across all levels in personal, business and professional use. All are impacted by these issues and when a corporation is hacked and the data stolen, in most cases the end users are the ones that suffer because it is their personal info that ends up in the hands of the hackers or thieves.

I love the fact that you are a technology/gadget minded person as you’re aware of what they entail and how vulnerable we can be through them. I’m sure you would like to see these issues by more feature/resource rich securely and so we both share the same goals, security for all and across all levels.

How about helping us create better education and awareness initiatives like our ENGAGED. We need these levels of training, education, awareness and development at the lower school levels as well. Provide the funding needed to expand on the security users’ group communities and driving the availability of information and resources.

Let us work together on these initiatives and get over the power struggle issues.

We look forward to working with you and your administration sir.

Thank you and have a great day,

~Brett A. Scudder~

WASHINGTON (AP) — The United States has for too long failed to adequately protect the security of its computer networks, President Obama said Friday, announcing he will name a new cyber czar to take on the job.

Surrounded by a host of government officials, aides and corporate executives, Obama said this is a “transformational moment” for the country, where computer networks are probed and attacked millions of times a day.

“We’re not as prepared as we should be, as a government or as a country,” he said, calling cyber threats one of the most serious economic and military dangers the nation faces.

THE OVAL: Obama focuses on security in cyberspace

He said he will soon pick the person he wants to head up a new White House office of cyber security, and that person will report to the National Security Council as well as to the National Economic Council, in a nod to the importance of computers to the economy.

While the newly interconnected world offers great promise, Obama said it also presents significant peril as well. The president declared: “Cyberspace is real, and so is the risk that comes with it.”

Laying out a broad five-point plan, the president said the United States needs to provide the education required to keep pace with technology and attract and retain a cyber-savvy work force. He called for a new education campaign to raise public awareness of the challenges and threats related to cyber security.

He assured the business community, however, that the government will not dictate how private industry should tighten digital defenses.

Government officials have grown increasingly alarmed as U.S. computer networks are constantly assailed by attacks and scams, ranging from nuisance hacking to more nefarious probes and attacks, including suspicions of cyber espionage by other nations, such as China.

Obama noted that his own computer system for the presidential campaign at one point last year was compromised by hackers, but said the security of the names and financial information on contributors was intact.

Copyright 2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

TITSSN offers a state-of-the-art conference center that provides the needed training, education and awareness services for tomorrow’s personal and business enhancement needs. Our facility maintains the latest technology products, solutions and services that will keep you current and ahead of the technology game. Our friendly staff is always willing to assist in your needs and can provide more information if needed.

Located 15 minutes from the JFK airport and 2 stops on the local subway train, our center is located in the beautiful town of Far Rockaway and its beach front splendor and comfort. A 5 minutes walk to the beach gives access to miles of beach front and boardwalk for your relaxation and comfort before or after your meeting/event.

We are technology leaders with a global presence that allows collaboration and networking for all. No matter what size business or need, we can fulfill it. Feel free to visit our website for more details and feel free to contact us if needed. We are here for you.

Our Conferencing / Office Services

Hosted group/office meetings (on and offline)

Internet access, browsing

Web Hosting (domain, messaging, Microsoft Exchange and more)

Teleconferencing Services (audio and video)

Presentation visual tools – projector and whiteboard

Mobile device configurations and setup (Smartphone’s, Blackberry’s)

Document scanning and imaging

Internet safety and security classes

Social Networking classes (Twitter, LinkedIn, Facebook, TITSSN)

IT Security training and awareness classes

Customized computer/technology training and development classes

Internship Programs—schools, colleges, universities

Web infrastructure development (blogs, websites, forums)

Monthly Group Networking meetings

Computer servicing, support, system cleanup and repairs

Business Workcenters—workspace for business operations

Security Threat and Health Assessment

Office/business networking

http://titssn.net/technologycenter

Thank you and we look forward to creating the perfect venue for your event/meeting.

~TITSSN~

Good day to you my members, friends, connections, clients, partners, associates, et al,

Today I am very excited to send you a very special invitation to join us in our new home for you to benefit from what is being provided for you, and to help build on the collaboration and networking resources we’re making available for all on and about technology and IT Security. Don’t think of this as “another network”, think of it as a better network with a more targeted focus on two critical areas of our future, IT/technology and securing them. We’ve taken some of the best features of LinkedIn, Facebook and Ning and integrated them into our own with more to come.

We have put a lot of work into it and will continue to do so in order to make it more valuable as we move forward.

I know this will be of great value for us all as we are all affected by the issues and there impacts and so we must build this great place of collaboration and networking about it. Please help to share this new resource and info.

About the network.

Our Technology / IT Security Social Network is a professional place where people come together to create a vibrant, resourceful, strategic and secure social atmosphere of networking, training, education, awareness and collaboration for, on and about technology and securing them.

We invite you to participate in the full functions and features of our network as we build on it to enhance its values and mission for the future. We ask that you share the word with your associates, friends, peers and everyone that is interested in the world of security and being more comfortable and secure in it. This network is specifically geared towards technology, IT Security and everything in and about it.

The focus of this social network is to build greater training, education, awareness and provide the guidance, advise, services and support needed to maintain the secure presence and stability of all infrastructures (homes, businesses (all sizes and types), schools, churches, etc) for all. We look forward to your participation in this effort as a professional, specialist, technologist, leader, contributor, reader, advisor or just a member wanting to learn more.

Please adhere to the policies and rules of the network so that all may find it a common professional place to collaborate in.

Please join us by signing up here http://titssn.org/signup.php

Thank you and have a great day,

~Brett A. Scudder~

This story appeared on Network World at http://www.networkworld.com/news/2009/042709-user-security-phishing.html  

New York State raises the bar for end user security training

New York State is extremely concerned about phishing in general, and more specifically spear phishing, highly targeted phishing attacks designed to penetrate organizations, government agencies and groups.

Read story about end user security training.

Beginning in 2005, the state Office of Cyber Security & Critical Infrastructure (NYS-CSCIC) along with the Anti-Phishing Working Group, AT&T, and the SANS Institute ran its first antiphishing pilot project.

The goal was to raise employee awareness of the danger of phishing scams and to provide employees with information to help protect themselves and the agency. The project was also designed to gain a better understanding of the effectiveness of security training.

Related Content

The first exercise was conducted with 10,000 end users who were unaware of the project. The first step was to distribute an informational bulletin alerting users to the perils of phishing and providing steps to take if they encounter malicious activity.

Next, the mock phishing scam exercise involved sending an e-mail to the group that appeared to be coming from a legitimate source, the agency’s Information Security Office, and contained a link to the NYS-CSCIC Web site that were instructed to visit to check the security of their password.

If they clicked on the link and attempted to type in their password they failed the test. While 17% followed the link, 15% of the e-mail recipients attempted to interact with the fake password form.

Click to see: Top 5 mistakes users make

Those individuals who passed the test received a congratulatory message; those who were duped were directed to a tutorial on how to be aware of phishing scams.

Another mock phishing exercise was conducted on the same employee audience two months later. The goal was to assess if they learned anything from the first exercise. This time, employees were sent an e-mail that appeared to come from the agency’s Help Desk with a subject line that read “Internet Connection Problems.”

The e-mail informed users of Internet connection outages because of a suspected cybersecurity event, and contained a link to a dummy NYS-CSCIC Web site where they were asked to assist the agency by answering some questions about connectivity issues.

Those who followed the link and attempted to answer questions were notified that they fell prey to the exercise and were given a feedback survey to explain their actions. Fourteen percent followed the link but only eight percent attempted to input information.

William Pelgrin, chief cybersecurity officer and director, NYS Office of Cyber Security & Critical Infrastructure Coordination, Albany, N.Y., was pleased with the results of the phishing exercise.

“Cybersecurity awareness is about cultural change, repetition of exercises like the scam phishing, help,” he says.

In early 2008, NYS-CSCIC rolled out a standalone 10 module computer-based security training program that included interactive exercises, such as the scam phishing program. The introductory, non-technical course also includes modules on security accountability, social engineering/phishing, security threats and other issues that end users need to be aware of.

Later that year, a server version of the same training program was made available to state and local governments through the Multi-State Information Sharing and Analysis Center (MS-ISAC).

Related Content

This year, NYS-CSCIC will conduct more periodic, automated, interactive exercises, in a manner similar to the phishing pilot, in its efforts to create a culture of security through experiential learning.

All contents copyright 1995-2009 Network World, Inc. http://www.networkworld.com

Good day to you,

Every day I talk with people across all vertical markets, business sizes, organizations and cultures about the IT Security issues being faced in our world today and how it impacts our everyday lives, and it is becoming one of those awakening kind of issues for many. Whether they like it or not, they know they are affected in one way or another. While most people tend to try and figure out if and where they fit into this Matrix, the recent mass media explosion of the Conficker worm created somewhat of a sense of understanding as many now saw it from a non technical aspect and as what it really is, a people problem.

As a security attaché, I have relayed this message of IT Security being a people problem and not an industry one for years but it doesn’t resonate well for many because they didn’t understand the matrix and how it worked. Now that they saw and heard of it on the TV (which is an even bigger influencer on people today), the same things we IT people have been trying to tell them now makes some kind of sense. Let us take away the fact that whether the media coverage on the TV was doing much justice or help for the issue(s), it did add a well needed visibility to the scope of the problem and that was very well needed today. It would be nice if we say a segment on the news specific to The IT Security Threats Landscape ~TITSTL~ and issues in and around it. They could bring in some professionals in the field to talk about the issues and what is going on and how people can protect themselves in it. That would be a well needed thing to see at that level today as we are going into this vast technology future of ours which we’re taking head on without looking at the real implications and effects of it.

The logic behind the issue is simple, because your system(s) are up and running and have not been wiped out nor shut down by a threat doesn’t mean it is safe, secure or threat free. In many of my health assessments I have shown the owner my findings of worms, trojans and other blended threats that are sitting on their systems because of lack of proper security solutions to protect them or the improper configuration of the solution being used. The fact that they are there is one thing, what they are doing is something else and both are critical issues to ponder.

While many will refute this fact, I have seen, worked and handled enough of these cases to state as a fact that many fall into this area of The IT Security Threats Landscape. A resident rootkit, keylogger, worm or whatever the variant may be, is actively working its way through your system and causing some form of data loss/theft or compromising the state of applications, connectivity or system stability that we security professionals deem critical. Here is another way to look at this.

If you went to the doctor for a cough that has been bugging you for a while and he says to you, you have a chest or respiratory infection would you tell him no?

If he says to you that you need antibiotics and some cold medicine do you tell him no?

Why not?

Because, this is his field of expertise and study and as such he can make this assessment based on his knowledge of the issue and the facts he has from testing you.

Are you a medical person to dispute his statement and will you seek a second opinion from someone else?

The fact that you’re still alive and well (somewhat, depending on how you define well) does not negate the reality of the issue that you are infected with something that is causing some kind of issue/effect on the body resulting in that cough which in our field of IT we would call an early warning. So, this is the same way in which we look at the IT Security issues of today and how people tend not to look at it. They haven’t gotten that early warning of a cough because the system hasn’t picked up on it yet and when it does happen, because they have not fallen and can’t get up this is not a critical issue. The system becoming slow and unresponsive is that early warning and at that stage most people tend to seek professional help depending on the need/use of the system and how critical it may be for business or even personal use.

So here we stand dealing with people who are harvesters of thousands of people’s information and things about them (whether you know or like it) and they rest idle to this decadent behavior and mindset. Yet, unchecked, their systems sit comfortably hosting these blended threats which are sending/stealing critical private, personal, financial data/information to these hackers unbeknownst to them. The careless whisper of ignorance to these issues is the driving force behind the growing success of such threats today. A hacker have so much more to gain from you giving it to them than for them having to go through getting it from you and is why the botnet issue is such a growing one today. The use of keygens, crack files, peer to peer (P2P), unpatched applications and systems makes it so much easier to exploit what is available that one tends to wonder when and where does it end. It ends with user education and awareness on and about the threats landscape and what these issues are. It end when people start taking this seriously and realizes that you’re just as much a victim as anyone anywhere if you’re not protected properly.

It ends when you stop saying I have anti-virus protection and so i’m ok when you know you haven’ renewed that subscription over six months ago and so you’re missing all the latest and greatest signature based protection that it should provide. Anti-virus alone CANNOT protect you from the threats out there today, it has to be a layered approach where various solutions are in play to cover the needed layers.

It ends when you wake up from this illusion that my OS is more secure than the other and so I don’t have to worry about these security issues.

It ends when we stop underestimating the knowledge of your youths and start educating them much early on the proper use of the internet and the functions and features of it. IT Security must be a part of the school curriculum today as technology is our future for tomorrow and they are our next generation of professionals and leaders.

It ends when you start accepting the fact that you are as much a risk to me as I am to you if we’re not practicing basic IT Security best practices.

It ends when you stop taking the cheap way out of operating a business when hosting people’s private and confidential information which is priceless to them and they trust you to keep it secure. Have some respect for your customers and let them rest comfortable knowing that you have their best interests at heart in properly protecting your infrastructure.

It ends when you realize that these threats are released in the wild with no specific targets but the system(s) you’re using which unfortunately is in the homes, schools, workplaces and places of general interest.

The treats are not specific to government and their systems. It is not specific to the private or public sectors. It is not specific to the educational institutions and it certainly isn’t targeting the healthcare sector only. All are affected and are in the path of these threats because, they are all sharing the same interconnectivity transport medium, the internet and the internet respects no one and has no boundaries.

It is time that people take this as a basic part of their lives where one does not get consumed on questioning the validity or severity of the threat but questioning the readiness of themselves and their systems to face them. While our government may understand the real scope of these issues, their efforts to create effective management and policies to protect the country’s infrastructure are missing critical elements, the people and the roles they play in strengthening the protective layers or being a weak link and point of entry/compromise for what is being implemented. Unless we strengthen the people through education and awareness they will always be a weak link in the chain of protection.

When a company is hacked or they lose their data by whatever means there is, who suffers the most, the employees, the end users. The company suffers a data loss or has a breach but the actual data may be your private and confidential information. Even if the company loses its financial data, it has a much better recovery rate through insurance and such than an individual who now suffers from the loss of privacy and here in the US, credit ratings.

Think about the many places that have information about you that you consider to be private and confidential. Your employer has your social security info (and possibly family members who are covered by you), some financial info for direct depositing of your paychecks. Your 401K info. Health and life insurance info.

Your doctor has your private health records and, results. They have your family’s private info as well as some kind of visit may have been had over the years and that info is in the system.

Your bank has all your financial info and records. They may have your mortgage info as well (if you own a home). The car loan and all the info in it. Student loans and the works.

So think on these things and when you look at all of them, who is most affected in the event of a data loss or breach at any one of those kinds of organizations or businesses, you, the end user, consumer, employee.

IT Security is a people problem and must be dealt with accordingly. It is not about selling security, it’s about creating greater education and awareness about it so we can all contribute towards upholding the strengths of the protective security layers that are there for our protection.

Stop asking if this is real, ask yourself, how do I protect myself, my family, my business, my country from these elements and there effects. This is REAL.

When in doubt, reach out.

~Brett A. Scudder~

The IT Security Attaché

Hi all,

If your day went like mine then you must be beat, phew, what a week so far.

It’s 3am and i’m scanning the wires, net and blogs to see what’s up with Conficker so far. All is well and from the looks of things you still have time to get those patches loaded, get that anti-virus/anti-malware loaded, configured and run a full/deep scan.

I just completed a full scan of my network and double checked my logs and settings and everything looks ok. We’re still early into the day and so who knows.

For those who are saying it could be a joke/hoax and not preparing for it,

What if it isn’t?

Would you want to be prepared even if it isn’t?

I see that the anti-virus vendors have been busy. Some have released 4-6 new definition updates over the past 12 hrs and that’s a good sign. It means they are still working diligently on helping us stay secure. By the time it hits morning here in the US everyone should be running some April 1^st 2009 definitions as I expect there will be at least 1 or 2 within the first 8hrs. If you’re not running with an April 1^st def, then make sure you’re at least at March 31^st after running an auto update for definitions.

I haven’t slept since Saturday just from prepping for today and helping people get their systems patched, updated and secured but I am surely going to catch a few zzzzzzz in a few.

The day is young, be safe than sorry, patch and secure up and rest well.

Until later when I rise,

The IT Security Attaché

For those who missed it here it is. Please take a few minutes to watch it. It may not be all that but is still some good facts about the state of IT Security today.

http://www.cbsnews.com/stories/2009/03/27/60minutes/main4897053.shtml

TITSSN’s March online security webcast – Security is not an option, it’s a must. Five overlooked ways of securing your systems effectively.

Sunday March 22^nd at 7pm

TITSSN continues its monthly online security webcasts/presentation/forum and invites everyone to join us.

As technology continues to grow and the increase in new products and solutions become inundating, we’re seeing more avenues of risk associated with this growth across the board. On Sunday March 22^nd at 7pm we will be taking a look at five critical ways in which we sometimes overlook securing our systems and end up becoming compromised.

Whether this is a home or business system, security is not an option as you never know if or when this system may be used to cross the line. This webcast will give a detailed look at these five issues that have pervasively increased the risks of the threats landscape with little or no interaction from the end user(s). The threats are the same across the board so all are affected.

This will be a live meeting session that offers the needed interactivity (voice and video) for getting the message across effectively.

All are invited as we continue delivering our education and awareness initiatives on/about IT Security and it being a people problem, not an industry one.

—————————————————

When: Sunday, Mar 22, 2009 7:00 PM (EDT)

Duration: 1:00

TITSSN continues its monthly online security webcasts/presentation/forum and invites everyone to join us.

Brett Scudder has invited you to attend an online meeting using Microsoft Office Live Meeting.

https://www.livemeeting.com/cc/usergroups/join?id=7S86HQ&role=attend&pw=8%3Ehg%28ZR%2Fz

Meeting time: Mar 22, 2009 7:00 PM (EDT) 

Add to my Outlook Calendar:

https://www.livemeeting.com/cc/usergroups/meetingICS?id=7S86HQ&role=attend&pw=8%3Ehg%28ZR%2Fz&i=i.ics

——————————————————

Thank you very much and have a great day. We apprecilove your business and support and look forward to serving you more.

~Brett A. Scudder~

The IT Security Attaché | http://theitsecurityattache.com  | Blogs http://theitsecurityattache.com/blogs

President/CEO/Chairman/Founder/Security Architect

~TITSSN ~The IT Security Suite Network~ | http://titssn.net | TITSSN’s Blogs http://titssn.net/blogs

Brett.Scudder@titssn.net (877) 539-8614 / (718) 928-6516

We are Security – your Security – our Security – IT Security. Our Security is Safe and Secure.

A Managed Security Services/Value Added Resellers Provider (MSS/VAR-P)

My LinkedIn profile – http://www.linkedin.com/in/titssn | TITSSN’s IT Security Forum Board http://titssn.net/forum

Follow me on Twitter http://twitter.com/TITSSN

Good day to you,

~Brett A. Scudder~
President/Chairman/IT Security Attaché
~TITSSN~