Now, You Know Why I Have Issues With Doctors

Jacksonville Police are looking for a guy who's been posing as a doctor at Wolfson Children's Hospital. To make matters worse, the guy was seen walking in the operating room. Wow, talk about a lawsuit!

The man was stopped because he smelled of alcohol and proceeded to leave once he realized his cover was about to be blown.

The following is a bit disturbing:

Later that day, an employee found the black computer bag the man was seen carrying. The bag was under a car in the parking garage and contained everything the man was seen wearing in the surveillance video, including a badge from Shands-Jacksonville Medical Center with a picture of a young child that was cut out and taped on the badge.

“That in and of itself shows you that this persons possibly was up to something but maybe his attempt was foiled,” Jacksonville Sheriff’s Office spokesman Ken Jefferson said.

The last comment by the spokesman was a bit disturbing because usually people don't impersonate professionals like doctors if they're not up to something. So how did he get access? He used the usual items like a medical coat, a badge, a stethoscope and a clipboard. I swear i you need to get into building in the world all you need is a clipboard and an ID badge.

Time for a Product Review - IronKey

Let me say I was a bit skeptical at first. But one day, while listening to my favorite podcast - SecurityNow, I became intrigued by IronKey. If you know me, then you know "intrigued" usually me spending hours on Google learning as much as I can before I put down the cash to buy anything. I did just that.

I'm avid user of encryption so I have a slightly above basic understanding of how encryption works. Looking into the product, my first impression was that it was just another USB drive with the software on it. Nope. This thing has the encryption on its RAM chip - embedded. To say the least, I was impressed. The casing is almost indestructible without destroying the chips inside. It even has an aluminum backing which you use to engrave you signature in pen - very thin overcoat. It also has a serial number.

To make it sound even cooler - would you believe this thing has a self-destruct sequence? I'm not talking about Mission Impossible countdowns, but it only gives you ten tries to guess the wrong passphrase and then it destroys your data to include the encryption making the drive useless. I love this thing. I HIGHLY recommend this product. Did I forget to mention that IronKey also has its own TOR router with FireFox preloaded? Very cool!

Chinese Really Dig Cyberwarfare...You Think?

My ultra-favorite security magazine Security Management has written an articlle detailing the testimony of certain government officials and contractors before the U.S.-China Economic and Security Review Commision. They informed the panel "that the Chinese government has embraced cyberwarfare and is directing its intrusions at U.S. government and critical infrastructure networks." According to Colonel Gary D. McAlum, director of operations for the Joint Task Force for Global Network Operations,

"The People's Republic of China has concentrated primarily on cyber-reconnaissance, particularly data mining, rather than cyberattacks."

What about all of the attacks originating from China we've been reading about? Don't fret. The Chinese have set a goal of 2050 to achieve "electronic dominance" through attacks on information infrastructure.

The DoD won't come out and say the world's second largest econoomy is vying for supremacy through hacking, it did note "a 31percent increase in malicious activity on its networks from 2006 to 2007." What attraction does cyberwarfare have fo such a country as China? It provide anonymity and an "asymetrical advantage", according to Dr. James Mulvenon, director of advanced studies and analysis for Defense Group, Inc..

Commission Co-chairman Peter T.R. Brookest cited attacks last spring on Estonia recalling that it wanted to evoke the collective defense clause of the NATO Charter and said "this is a question of escalation" moving from non-conventional to conventional, i.e. military, responses.

Mulvenon said there's no reason why the United States should restrict itself to trying to deter cyberattacks electronically. His next remark should sound familiar.

"We should ... begin with the premise that we have all the tools of ... national power, and in many cases it might not be to the U.S. advantage to respond to an electronic or cyberintrusion or cyberattack simply in that realm," he said. "We may, in fact, want to take advantage of escalation dominance that we have in other elements of national power, whether it’s military or economic."

CyberCommand anyone? What about this little tidbit from the article?

Michael R. Wessel said he fears that the perimeter security methods such as routers and firewalls used to protect against network intrusion are produced overseas, increasingly in China." Can we in fact have a secure perimeter," he wondered, "if in fact the Chinese are helping to build that perimeter?"

The nasty Cisco routers are keep creeping back into the blogosphere. For more information from Security Management, click here.

Duck, Boss!!

Microsoft CEO Steve Ballamer hid behind a desk, as a man was throwing eggs at him. He was addressing the audience at a university in Hungary. As he asks the group about their final exams, this guy stands up and began asking Ballmer about a deal between Microsoft and the Hungarian government that he claimed is costing Hungarian taxpayers.

The man, then, begins to throw an egg at Ballmer. The crowd laughs, at first, at the spectacle of Ballmer hiding behind a desk. For some reason, once he began throwing the final two volleys, people got upset and started yelling at the man.

One would hope Ballmer would have better security. I wonder why no one was there to get him out of there immediately. It might be time to review Microsoft's executive protection program.

Finally...Some Good news

It looks like the TSA has found something other than actor Dennis Farina's gun. Shemeka Greaves, a TSA officer at O'Hare International Airport, read a newspaper account about Janisia Grant, 8, who had disappeared with her mother a week ago Thursday, the TSA said in a news release.

According to the article, "Greaves checked the security tapes and confirmed that Janisia had been through an airport security checkpoint and boarded a plane to Atlanta with a companion, the TSA said. "

As you might imnagine, Grant's mother does not have custody of the child.

FBI: China Using Bootleg CISCO Router to Infilitrate DOD

This really should come as no surprise, but every day there's a new thing that grabs my attention. The feds have seized over 400 counterfeit Cisco routers worth in the neighborhood of $76 million. I don't how much your firm allocates to competitive intelligence but the Chinese have a slightly larger budget. The FBi believes the routers were being used to penetrate both private and gpublic sector networks. These routers, as you might imagine, would certainly have vulnerabilities and a backdoor these agents could then use to access the networks which were targeted.

Who in government would purchase such routers? According to the article, "Among the purchasers of the fake equipment were the U.S. Naval Academy, U.S. Naval Air Warfare Center, U.S. Naval Undersea Warfare Center, U.S. Air Base at Spangdahelm, Germany, the Bonneville Power Administration, General Services Administration, and the defense contractor Raytheon, which makes key missile and weapons systems." Pretty big fish.....

Nosy Employee...Oh, How do I love thee?

Turns out the lady pictured above, Nadire Zelenaj, was arrested for using computers at work to access secure government websites containing information about suspected terrorists. Her site of choice while employed as 911 dispatcher - a terrorist watch list. It should be noted there is a difference between accessing information and having the ability to change it. Her job as a 911 dispatcher would only have granted her access privileges (I hope). So far, she's only been charged with illegally accessing that information 232 times! A fellow employee became suspicious (I love nosy employees....They keep the rest of us honest) and reported her. Investigators then tracked her accessing the list over the course of almost 2 years from January 2006 and December 2007.

A new kind of war to fight....

Looks like the US Air Force Cyber Command is looking to establish the same level of superiority the Air Force has in the skies as it wants in cyberspace. The Cyber Command wants a new set of "hacker" tools to engage in both offensive and defensive attacks against cyber-based threats which pose a risk to American interests. No word yet on where the headquarters will be. As we hear more and more in the news about the growing murky criminal/hostile terrain that exists online, I suspect we'll see more justification for such units to exists. China has their own unit dedicated to this. Why not us?

Super Sweet Link

If you do any international travel in conjunction with your business, then I HIGHLY recommend Executive Planet. They cover everything from making appointments to how to properly address people in the country you're visiting. So far the site covers the following countries:

Argentina	Australia	Austria	Belgium
Brazil	Canada	Chile	China
Colombia	Czech Republic	Denmark	Egypt
Finland	France	Germany	Greece
Hong Kong	India	Indonesia	Iran
Ireland	Israel	Italy	Japan
Jordan	Malaysia	Mexico	Netherlands
Norway	Peru	Philippines	Poland
Portugal	Russia	Saudi Arabia	Singapore
South Africa	South Korea	Spain	Sweden
Switzerland	Taiwan	Thailand	Turkey
United Arab Emirates	United Kingdom	United States	Venezuela
Yemen