General, Security, Privacy, Uncategorized

But…Shouldn’t Security Be Our Number 1 Priority?

Six executives fill the boardroom chairs and you seem to have chosen the only chair that lets loose a metallic shriek upon any movement. Ugh. But there is work to do. You are all here to solve a problem. A big problem. One of your organization’s IT solutions desperately needs replacement and you are here to provide a “security lens” on the discussions about to be had.

Things start out well enough. They go over the list of features that are required in the replacement product: what are deal-breakers? what could be left behind if required? pay tiers? support models? deployment plans and timelines? Things like that. The requirements are high level and you spend your time listening to the discussion but not really participating. Then the discussion turns towards compliance and security. Your ears perk up.

They start asking your type of questions: “What type of information do we need to store and how are we going to protect it?”, and the like — in not-so-many-words but you pick up the subtext. “Do we need to think about compliance?”
All eyes turn to you.

Continue reading

Standard
Uncategorized

Debriefing on the Apple-FBI Debacle: The Aftermath

The Event

As many of you may have heard, in February the FBI requested that Apple make a modification to their systems to allow them to have access to an encrypted iPhone — which swiftly invoked the ire of the security community. Many experts asked why the FBI would even ask such a “ludicrous” and “short-sighted” question.

They questioned the FBI’s understanding of basic encryption principles and quipped that the decision must have been made by a politician since no security expert would have made such a request. They further pointed to the past revelations about Snowden’s leaks and how many government associations have recently (and continue to) abuse the powers they¬†have been given in this area.

Many worried that such a request would set a precedent, and even the FBI director admitted that it most likely would.

Apple responded in kind and denied the request. This signaled the start of significant political posturing by both players to garner support for their cause. The security community and many industry leaders quickly sided with Apple.

Ultimately the FBI elected to contract a third party who used an unknown exploit to gain access to the device. Both parties ceased their posturing and stood down.

Continue reading

Standard
Programming, Technical, Uncategorized

Installing scikit-learn; Python Data Mining Library

Update: The instructions of this post are for Python 2.7. If you are using Python 3, the process is simplified. The instructions are here:

Starting with a Python 3.6 environment.

Assumptions (What I expect to already be installed):

  1. Install numpy: pip install numpy
  2. Install scipy: pip install scipy
  3. Install sklearn: pip install sklearn

Test installation by opening a python interpreter and importing sklearn:
python
import sklearn

If it successfully imports (no errors), then sklearn is installed correctly.

Continue reading

Standard