Security in the Aftermath

  • Comments posted to this topic are about the item Security in the Aftermath

  • I liked this article:

    https://www.wired.com/story/capitol-riot-security-congress-trump-mob-clean-up/

    Mail clients were left open according to this:

    https://www.independent.co.uk/life-style/gadgets-and-tech/capitol-building-riots-cybersecurity-b1783794.html

     

     

    • This reply was modified 3 years, 11 months ago by  call.copse. Reason: Added Indy link
  • My current employer, a state health agency requires all its employees to lock their computer when they leave their office space. The other past two employers that I worked for required the same of their employees. Locking my PC is second nature. I was taking an ethical hacking course at another state agency when the fire alarm sounded. I locked my classroom laptop before leaving. When we returned to the classroom, the instructor said that the fire alarm was not a test. They swept the floors looking for employees that did not lock their PC.

    At one of those former employers, a coworker left his PC unlocked and what another coworker did was installed the BSOD screensaver. That was entertaining when Steve came back saw his computer doing a memory dump, rebooting, then crashing again. He was on the phone with the support desk when the guy that installed the screensaver, wandered by and said "Screensaver" and hit the escape key.

  • One challenge I find is trying to get into the mindset of a person who does not observe rules, protocols and behaviours.

    It cuts both ways.  Someone who doesn't observe rules, protocols and behaviours probably struggles to understand why people get upset by violations.  In some situations it is only when someone challenges a rule or established process that we actually think about the rule, its applicability etc.

    It would never occur to me to hack a doorbell or imagine the theft possibilities of doing so, but people have done precisely that.

    There's the difference between the spirit of the law and the letter of the law.  We sign up to the spirit but the application and enforcement are on the letter.  Bringing the letter into alignment with the spirit has kept the legal profession and politicians occupied before King Solomon was born.  There are always edge cases.

  • Many places now have a group policy that when a PC goes inactive for 5 minutes it will automatically lock.

  • "I used to hate taking out the trash from a computer room I worked in, but I now appreciate that allowing cleaning staff into that space might not have been a good idea in a nuclear power plant."

    Steve, your comment here brings to mind one subtle threat to security and privacy that I have been aware of for decades.  My wife and I have shared a home office for over 40 years while she ran a business and I did off-hours support as a DBA.   As we work with our data and that of others,  even with multiple monitors on several systems, there is always some paper laying around that contains unsecured data.  The tendency is to just toss the paper into the waste basket and send it out with the trash.

    Even things like paper billings often give away two of the three security items since they contain accounts numbers and often email addresses that are used for logins to private accounts, leaving only the password unknown.

    Another one that comes to mind is my constant use of sticky notes to jot down things I need to remember for a few minutes.   Looking in front of me, I see a sticky note that contains the account numbers for four accounts.

    We have always kept a paper shredder in our office and use it faithfully.  It is close at hand and prevents our personal information from going into the public.

     

    Rick
    Disaster Recovery = Backup ( Backup ( Your Backup ) )

  • I ought to get a shredder. We don't put trash out (a truck collects our dumpster), but I suppose that's still a potential issue.

    Group Policy is good, but timing is everything, especially if someone is walking by. I built the habit years ago to lock things, and while I don't do it at home, I still am good about locking my machine in a conference center if I walk 20ft to get coffee, or in the Redgate office, if I fill up at the water cooler. I'm not privileged in many things, but I am in some.

  • Yes, at work we were TOLD many times lock your PC when you leave your office.  The group policy is the catch all.  Granted, it won't stop all eyes and hands on a keyboard maliciously.  However, it does help for the ones that leave at the end of the day and forget to log off or shutdown.

  • Steve Jones - SSC Editor wrote:

    I ought to get a shredder. We don't put trash out (a truck collects our dumpster), but I suppose that's still a potential issue.

    Group Policy is good, but timing is everything, especially if someone is walking by. I built the habit years ago to lock things, and while I don't do it at home, I still am good about locking my machine in a conference center if I walk 20ft to get coffee, or in the Redgate office, if I fill up at the water cooler. I'm not privileged in many things, but I am in some.

    I don't lock my PC at home either; it's just my wife and me. In the office, locking my computer is something that I've done since 1997.

  • A boss I had was famous for walking through the area and if he saw an unlocked machine, he'd hit <ctrl><alt>arrow to rotate the developers screen and then lock it. Eventually, everyone got to the point of locking their PC when they got up.

  • Madame Pelosi's laptop was stolen. Are PCs or devices used by members of Congress have some form of (FTE) full disk encryption enabled? For government issued devices, someone in the IT security department could have remotely locked down the devices as well?When the rioters exited the building, there should have been 1,000 national guard troops waiting outside to arrest them - but that totally didn't happen. There is so much about that day that doesn't make sense. It seems to me like Capitol security were told by someone to give the "protestors" some space and not to escalate the situation - but then the protest turned into a full scale riot that they were not prepared for.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • A lot of the rioters appeared to have smart phones - which they were using to video record their escapade. The FBI could subpoena location data from Google, Apple, and internet service providers to place people inside the building and even follow them back home.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • This isn't about the attack on the capital, but the danger of every device inside the capital after the attack. Finding the people responsible doesn't necessarily negate the issues of trust with devices.

  • It may be some time before the full impact of any tech comprises from the Capitol insurrection are made clear. Stolen laptops, passwords, hidden cameras or recording devices may have been installed, emails stolen, keyloggers or other malware installed, and on and on and on. Physical security was compromised so severely that I don't see how any device or account can be considered safe. Probably would need to:

    1. Secure and remove any electronic device still found in the building.
    2. Remotely wipe or otherwise disable any electronic device missing.
    3. Reset passwords on all accounts for anyone with devices in or registered through the Congress.
    4. As others have stated, subpoena communication and location records for any devices brought in by the rioters.
    5. Most worrisome of all is whether the rioters had any inside help. That would make this breach orders of magnitude worse.

    I'm sure there are dozens of other things that security and forensics experts can think of as well.

    -- webrunner

    • This reply was modified 3 years, 11 months ago by  webrunner.

    -------------------
    A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
    Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html

Viewing 14 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic. Login to reply