Motley Moose – Archive

Since 2008 – Progress Through Politics

security

Taking Charge Of Your Safety: Practical Measures You Can Implement Today

As we continue to try to come to terms with the bombings in Boston and the other suggestions of ongoing terrorism, there are practical things that you can do right now to empower yourself and your loved ones.

I invite you to add your own suggestions to this list, as it’s not intended to be comprehensive, just a starting point for discussion.

1. Ensure that everyone in your household is carrying current identification and emergency contact information. While you might have a driver’s license, college ID, or other form of identification, it’s of little use in an emergency in terms of reaching your loved ones. I’ve created my own emergency cards as a Word document that I print and “laminate” using clear tape. They contain my name, two points of contact (each with telephone and e-mail) and a request that they be contacted in case of emergency. If you don’t want to divulge home addresses, that’s fine. Keep these emergency cards current! If your contact has new phone or e-mail due to a job change, unemployment, or move, make yourself and your family new cards with the new information. Make sure that you and your loved ones carry these ID cards on their person!

2. Sign up for a First Aid and/or CPR class. While it’s great to be surrounded by capable first responders, there may come a time when you could make the difference between life and death for someone in an emergency, or even in the course of daily life. Even in non-terror-related circumstances (someone choking at a barbeque, bee stings, summertime swimming pool mishaps, etc.), your ability to respond calmly (even just to know to call 911) can be vitally important. If you’ve had these classes before, it might be wise to take a refresher, as methodologies for CPR have changed over time, and everyone can benefit from reminders on first aid techniques.

3. Avail yourself of useful apps to stay connected with loved ones. When cell phone lines are down or clogged with traffic, you’ll want other means of staying in touch. Apps like Life360 can show you where your loved one (or at least their phone) is located at any given moment. Social media sites allow you to post updates that will keep your contacts apprised of your status during an emergency. Text messages can often get through when phone calls cannot, and they provide a record of time of contact. Do not, do not, repeat: do NOT text and drive! We have enough carnage without you getting into an accident.

4. Develop and rehearse a family, household, or business plan for emergency situations. Discuss ideas with the people you need to contact, and suggest ways to contact each other and – if necessary – meet at a designated location. The plans can provide for various situations: severe weather, terrorism, natural disasters, medical emergencies. Rehearse the plan with occasional drills. Kids can be a great help in designing these plans, and it’s empowering for them to take on a proactive role. They’re also more likely to embrace a plan that they helped to create.

5. Program important phone numbers into your mobile phone. Numbers for your local police, fire, poison control, doctor’s office, and all your key contacts. You can also designate a contact as “ICE” (In Case of Emergency” that someone can dial if you’re unable to use your phone. Make sure that your kids, family members, friends, and co-workers have YOUR current phone number programmed into their phones.

6. Talk with your family, friends, and business associates. Chances are, they’re worried, but they’re also resourceful people who can contribute good ideas. Share your own ideas in the comments below, and see how others are preparing themselves whatever lies ahead. We’re all in this together!

[cross-posted from Teh Orange]

Homeland Security – Keep Java Disabled in Browsers Despite Java Update

Over the weekend Oracle, the company that distributes and maintains Java, released a patch to fix the Java vulnerability that was reported last week.  The update to Java is called “Java 7 (Update 11)”.  Oracle’s release statement for the update can be found here.

As of today, the Department of Homeland Security is still recommending that Java not be enabled in our browsers:

The U.S. Department of Homeland Security has reiterated its warning to Java users that the widely used Web plug-in still poses risks for Internet users, even after Oracle patched the software to prevent hackers from exploiting a zero-day vulnerability.

It comes as some security experts are warning that the new software — Java 7 (Update 11), which was released on Sunday — may not actually protect against hackers attempting to remotely execute code on user machines.

In a statement to CBS, a Java security expert at Security Explorations says:

Although Java 7 Update 11 released by Oracle yesterday addresses the 0-day attack spotted in the wild, there are still unpatched security vulnerabilities that affect the most recent version of the software. Just to mention the bug #50 we reported to Oracle on 25-Sep-2012.

The latest status on the Java issue from CERT can be found here.  It contains the warning:

Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future.

In my last diary on this subject, there were a lot of excellent suggestions relating to browsers and plug-ins which may help mitigate this kind of attack.  Firefox with the NoScript plugin and Chrome with the NotScript plugin were recommended.  Maybe the more technical among us can assist those with less technical knowledge in assessing which of these options may be best for them, and how to make sure they are browsing safely.

Regardless of the browser you are using now, your system is at risk whether you are on a Windows, Mac, or Linux computer and the Java Plug-in is enabled in that browser (or email client if it supports a Java Plug-in like Thunderbird).  Instructions on disabling Java can be found at this link.

Due Diligence

(Knowing Meese are a polymorphic bunch, I will share an article I wrote for InfosecIsland on the response by Siemens, Sony and Cisco to recent security failures in their products or services. -chris)

In the wake of Siemens’, Cisco’s and Sony’s recent experience with Incident Management, the question of diligence comes clearly to the fore. Diligence is the nebulous factor that is key in demonstrating that others should put their trust in you, whether it is a matter of investing in your company or measuring your compliance or just deciding if it is safe to get in your car with you late on a Saturday night.