Friday, April 25, 2014

Can you be a bigot without being a racist? Sure, it also goes by the term, “ignoramus”

For those not paying attention, Mr. Cliven Bundy is a Nevada rancher whose cattle have been illegally grazing on government land.  For twenty years.  At a cost to Uncle Sam totaling over a million dollars and counting.  This is the same man who denies the existence of the United States, but uses the Internet as a personal sounding board.  Contradictory?  Perhaps.  Outrageous?  Definitely.  While there’s an argument to be made about the righteousness of the grazing law, defying the law while placing government officials at gunpoint will get you arrested at best or killed at worst.  Don't think so?  Watch the acclaimed film, “Fruitvale Station”.

 If you’re listening, Mr. Bundy, the “Fruitvale” reference is apropos.  When Uncle Sam attempted to (literally) repo your cattle, turning it into a 21st century version of the showdown at O.K. Corral with the Bureau of Land Management (BLM) was not wise, to say the least.  You won the battle, but I’m perplexed at how that in any way relates to subsequent comments you’ve made.  Your response in invoking the name of Martin Luther King, Jr. and Rosa Parks—note the “s”—in a recent interview with CNN only reinforces how ill-informed you are.  Suggesting that you have, “often wondered, are (African Americans/negroes) better off as slaves, picking cotton and having a family life and doing things, or are they better off under government subsidy?” is tantamount to saying that jewish people were better off being exterminated by the Germans, that native Americans were better off being placed on reservations, or that women are better off barefoot, pregnant, and out of the workplace!  Such “thoughts” are repugnant by any stretch of the imagination and best kept to one self.

To use your lingo, what really “chaps my hide” is that your statement perpetuates some radical belief that most (if not all) black folks are somehow taking government subsidies.  Yet, by not paying for your cattle grazing, you’re guilty of what you suggest others are doing.  And do you honestly believe that negro lives during the slavery era could be construed as some warped version of a wholesome “family life”?  Really???  If so, go ahead and take that boot you displayed for the camera during that interview and have a good meal.  To be clear: no one is infringing on your right to your use your (limited) vocabulary.  To wit, you are free to use the terms “negro”, “black boy”, “slave”, and “those people” however you wish.  That said, be advised that there are consequences for such free speech in the same manner that people who yell  “fire” in movie theaters (without cause) can attest.  Recall:  Freedom is not free.  It comes at (some) cost.


In conclusion, I want you to understand that I, for one, don’t believe you are racist, sir; however, I do believe that all of your synapses may not be firing on all cylinders if you don’t have enough good sense to self-censor in public.  For us mere mortals, we call that “ignorance.”  More important, though, you might consider taking inventory of your views and seeing things from others’ perspectives.  

Just food for thought…

Peace,
+THINKER

Friday, April 11, 2014

Heartbleed is out there...Here's what you need to know and do now...

A message from your friendly neighborhood Information Security Manager:  

Unless you’ve been living in a cave, you’ve probably been hearing a lot about the “Heartbleed” bug on the Internet.  While users are generally oblivious to these sorts of notices, here’s why you need to be paying attention to this one…

What is Heartbleed?  Heartbleed is a bug that has made servers that utilize OpenSSL encryption vulnerable to attack.

Why is it an issue?  The issue lies in the fact that the vulnerability has made the recovery of user credentials a trivial exercise for hackers.  Reputable sources estimate that approximate 20-60% of all websites may have been exposed.   A report from Kaspersky Lab indicates there is evidence that there are cyber espionage groups running scans.

What web sites are affected?   According to tech website Mashable, several major banks are not affected because they do not use OpenSSL encryption software. The website released a list of major sites that were infected by the heartbleed bug and have since been updated, including Facebook, Pinterest, Tumblr, Gmail, Yahoo, Amazon and Dropbox.


When was this discovered?  Evidence of the bug surface on Monday, April 7, 2014

How is it fixed?  Administrators of affected servers must both patch each individual server as well as obtain new digital certificates from a certificate authority.

What can I do about it?  Contrary to some reports, changing your password now will not bring you any extra security unless the server has been patched.  And tools have popped up and purport to help you “test” web sites have also been identified as having malware.   Your best bet is to avoid logging in to services for the next week or so, after which you should then log in and change your password that is complex.  In the event you receive a message from what appears to be a service you use, go to the web site directly--without clicking on links in messages to be on the safe side.

How should I manage my passwords? 
·      Never, ever, ever, write your passwords down or share them with anyone.  Not with family, friends, or with the HelpDesk Admin guy at your job.  No one.
·      Don’t use the password cache functions inherent in popular browsers.  Sure, most use the latest encryption algorithms, but anyone who has access to your machine will also have access to your accounts.
·      Don’t use the same passwords for multiple sites.  It’s like having the same key to every door, car, suitcase, and storage area you have access to.  A better way is to obtain a password vault from a reputable source such as CNET—don’t worry, this software is free (search: “free password safe”).  A good password vault will also have a utility for creating distinct, complex passwords for the sites you visit.
·      Create a master password that is complex.  Should be (at least) 12 characters in length, have upper & lower case letters, numbers, and special characters if the site allows.  Store all other passwords in your vault.
·      If the site offer multi-factor authentication—requiring you to enter a code from a token or from your mobile phone—use it!
How do I create a complex password?
Simple passwords—particularly those using words from the dictionary, sports teams, pet’s names, etc.—are easy to crack.  Do yourself a favor and get in the habit of using a complex password.  Here’s how…
1.     Start with a phrase you can remember easily:  “The Range Rover Sport and Jaguar XF are my two favorite cars.”
2.     Take the first letter of each of those words:  TRRSAJXAMTFC
3.     Make the password case sensitive: TRRSaJXamtfc
4.     Add complexity by incorporating numbers and special characters:  TRRS&JXam2fc!
5.     You can add additional complexity by padding your passwords with a prefix or suffix of characters.  For instance, you could use your graduation year, but hold the shift key.  1983 à !(*#  Which now gives you TRRS&JXam2fc!+!(*# 

Peace,
+THINKER