Author: Carl Nerup

Carl is a long-time advocate for balancing security and privacy as a non-binary argument. Due to his limited number of IQ points, he also has the ability to take complex technologies and make them easy to understand. He is a strong advocate of the outdoors and will always tell you that he would rather be backpacking!!

Covid and Comcast: The Perfect Hack

 by Carl Nerup

 

Sometimes, real life shows you the true potential of ‘The Perfect Hack’.

Last week, after a trip to San Diego, I woke up with cold like symptoms.  So, I took a Covid test on Wednesday and it was positive.  Fortunately, I am fully boosted so my illness was mild but regardless it was necessary for me to quarantine in my house for 5-7 days.   That Friday my friends at Comcast decided that reliable TV and Internet were now optional, and I lost all connectivity to my house.   And, as Sunday was Father’s Day, I was double disappointed because my Covid Quarantine had given me the perfect excuse to watch the US Open and literally everyone had to leave me alone (grin).

But, alas, it was not to be.

Then it occurred to me – what a perfect hack.   No TV, no internet, and I can’t go anywhere.

So, I started thinking – and I had a lot of time to do so – if I was going to cause America a giant headache, I would attack the cable companies.  Think about it – no TV, no internet, no Alexa (how do you turn off lights BTW).  And the only fix was a truck roll from Comcast that they could not do for 5 days.

For a long-time I have been pondering the ease by which someone could hack your TV and make your life miserable – and it is not like the fix is easy.  What do you do? Buy another TV, get someone to do a truck roll to fix everyone’s TV, or perhaps the brand damage is so bad that they just mail everyone a new TV.  None of these are good choices (both heavy on time and money).

Considering recent events, I now realize that the better attack is that simple modem into your house from your Cable/ Internet Provider.  It is easy to hack.  In fact, I wonder why no one has done it yet.   If you really want to make things painful for Americans – take away their TV and Internet.  Brilliant.

The irony here is that the fix is simple.  There are tools today that can be used to protect your modem into your house from malicious software – not that they are implemented as the price might add another $0.25 to the BOM cost of your modem (got to keep that cost down).   My company does it today for folks that do worry about the potential for exactly this kind of hack.

However, we as consumers do not demand the protection and the cable companies don’t want to spend the money – and you know the government does not want to tell them what to do (if they could agree).   So, enjoy your connectivity but do not take it for granted because what is here today could (and likely will) be gone tomorrow.

Postscript:  No TV or Internet did allow me time to have some great conversations with my spouse, read some books that I have really wanted to get to, and take a nap or two.  And, without all the noise of the world, my stress level did go down quite a bit……but, I knew how long my outage would last.  With a hack – all bets are off for how long the fix would take.

 

The Ever Present Now

 by Carl Nerup

 

This week I had the privilege of spending some time with one of my very long-term friends who is truly a very good person and tragically, in the late stages of cancer.   While his time may be coming sooner than the rest of us, it was very much a sobering event in my life.  Admittedly, while I am certain I am not the first person to experience this, for me it made for a tough day.

As we were talking, I asked him what he misses in his life right now and he took the moment to share.   He misses driving for himself, he misses the chance to play golf, and then he said he misses his grandchildren.  I paused and asked “But, you get to see your grand kids right now – yes?”  His answer was telling, as he went on to say, “I am going to miss the chance to see them grow up.”   Then he paused, looked at me and said: “I guess what I am really saying in a more nuanced way is that I am going to miss the time I thought I would have.”   We chatted a bit more,  then it was time for me to go and we parted with a few tears and a genuine sense of love shared between us.

The Insight.

As I was thinking about my visit, it seemed that he left me with an important question.   I can live in the past, focus on my future, but how much time do I really spend in the present sharing what I think right now with those I love?

There is a popular Chinese proverb that says: “The best time to plant a tree was 20 years ago. The second-best time is now.”  So, I took it to heart and called my family, close friends and told them what they mean to me and that I love them.   After all, what was I waiting for?   I thank my friend for this gift, for he took some of that precious time he had, shared some of his wisdom to make me and the world a better place.

So, I made the leap to how this might apply to my current efforts in working with my customers.

What are you waiting for?  The threats in our world are real and present.  The time to make your personal and corporate security happen is today.   We at Cog Systems have some ideas and would gladly share them with you to help make your connected devices more secure.  We even have some products you can buy today that will bring that added protection that you know you need.

Plant a Tree Today.

In short, plant your tree now by investing to make yourself and your company a more secure environment.

Personal Note.

Oh, and if you will allow, pick up the phone and call that person that means so much to you and tell them directly why they are so valuable and that you love them.   You will never regret it.

Katy, Bar the Door!

 by Carl Nerup

 

You lock your front door, right?   Do you also lock the back door?   What about your windows?   Well – duh – of course you do, common sense requires you at least do the basics to protect your home and family.

So, back to Katy.   Did you know the phrase “Katy, Bar the Door’ goes back to 1437 with the Scottish King James I?   Turns out the King was in Perth and a few of his more discontented subjects wanted to have a word.  Tragically, the room that King James was in had a door that was missing a locking bar.  The story goes that Catherine Barlass tried to save him by barring the door with her arm. Her arm was broken, and the mob murdered the King. Hence, the term the ‘lass that barred the door‘ was born and commemorated in Dante Gabriel Rossetti’s poem The King’s Tragedy in 1881.

In this case, we treat VPNs as the lock for the front door of our connected devices.  But, what about the back door, or your windows?  Remember there is always an angry mob coming for your device.

So, “Katy bar the front door, the back door, and the windows!”   This is an overly simple analogy for leveraging defense in depth – just in case someone tries to breach one of your many entry points.  You sure do not want your laptop to suffer the same fate as the Scottish King.

Use your VPN, but then add a Protocol Break, and a Firewall.  Now we have protected three potential threat vectors to your connected device.   Is this enough?  No, but what do you think your insurance agent might say if you failed to only lock your front door?  Heck, what would Katy say?

Aegis Secure is now making a world class Enhanced Retransmission device (ERD) to give you a way to lock the back door and windows as part of your Defense in Depth protection for your connected devices (a VPN is the front door).   In collaboration with Cog Systems, Aegis Secure is now offering a commercial ERD that gives you a Firewall & Protocol Break through a simple 2” square device you tether to your connected devices to bring these added security features to your end user device.

Aegis Secure helps you bar the doors and windows, in partnership with your VPN.

In honor of Katy, let Aegis Secure help you bar the doors and windows.  Ping www.aegis51.com to help you realize Defense in Depth for yourself and everyone in your company.

The Cybersecurity Cake

 by Carl Nerup

Defense in Depth is as synonymous to cybersecurity as frosting is to cake.

So, indulge me. It is your birthday, good on you for making it another year around the sun and to celebrate most folks would normally hope for a cake. If it is my house, you even get to pick what type of cake you want to help celebrate your special day. Now, it is the big day with your family and friends and out comes your celebratory dessert – a sheet cake. Be honest, you are still glad to get a cake (better than a bag of Twizzlers) but a sheet cake?

Yes, you are disappointed because if you are truly honest you were hoping for a layer cake. A robust three-layer cake with candles on top burning bright. Why the three-layer cake? The extra frosting protecting the three layers of stupendously tasty cake in between make all the difference. This is the difference between simply meeting the requirement and exceeding it.

So, if we stretch this overly simplistic analogy to your organization’s cybersecurity approach for your connected devices – a VPN is the sheet cake. A sheet cake should not be the extent of the cybersecurity approach for your employee’s connected devices (Mobile, Tablet, Laptop).

Defense in Depth is a layer cake. You deserve a layer cake. The world demands it for the protection of your privacy and critical data.

Let’s add some layers to your Defense in Depth approach for your connected devices. The VPN is the bottom layer, a Firewall is the middle layer, and a Protocol Break is the top layer. Now wrap it in an easy to configure admin/ user interface for frosting and you have delivered on the promise. You deserve it.

Aegis Secure

To meet this need, Aegis Secure is now making a world class Enhanced Retransmission device (ERD) to give you the top two layers to your Defense in Depth protection for your connected devices. In collaboration with Cog Systems, Aegis Secure is now offering a commercial ERD that gives you those added layers (Firewall & Protocol Break) with a simple device you tether to your connected devices to bring these added security features local to the end user.

You deserve it, you need it, and if you are honest with yourself – you want it.  You want the Enhanced Retransmission Device for your connected devices. Just like you want a layer cake for your big day.

Happy Birthday.

Ping Aegis Secure to get your Layer Cake and realize Defense in Depth for yourself and everyone in your company.

“Your Money or Your Life”

 by Carl Nerup

 
The saying, “Your Money or Your Life,” comes from the dreaded Highwaymen who were “as common as crows” between 1650 to 1800 in rural England. Travel was already hazardous due to the absence of decent roads and a lack of general rule of law. No one rode alone without fear of being robbed. In fact, travelers often wrote their wills before hitting the road.

 

Your phone is your life.

Not only when you consider all the time you spend on your phone (about 4.5 hours a day), but all the things that you keep in it. Think about it – 1) how would you call anyone since you have not memorized a number in a decade? 2) add all your banking, health, work, and social information; and then 3) it is now your electronic ID/ primary authenticator among everything else. What would you do if your phone disappeared? Is it the end of your life as you know it?

 

The 21st Century Highwayman.

Bring up ransomware and everyone knows what you are talking about thanks to the 21st Century Highwaymen who are shutting down hospitals, factories, power plants, and banks. Only your imagination limits what they attack next – and your phone is on that list.

 

It Happened, Now What?.

The dreaded ‘YMCA’ Ransomware attack has hit your mobile phone. It locks the phone, and it plays an un-ending loop of ‘YMCA’ by the Village People. Sure, ‘YMCA’ is fine in small doses – but not endlessly. You can make it stop – just pay the Highwayman!! Your ransom? Send $1,500 in Bitcoin to some random account. After all, it’s “your money or your life.”

Hold on, you say. This is not my fault! It is the hardware, an app, or the carrier allowing the bad bits get to me! The Highwaymen are not stupid, and the Highwaymen undertake rolling attacks of the ‘YMCA’ ransomware – hitting random manufacturers in dispersed geographic regions to keep the problem on the user. None of the hardware, app or carrier players are going to pay your ransom, but they will pay dearly in brand damage for failing to even attempt to prevent attacks with tools adoptable today from the folks at Cog Systems. Not to be cynical, but why would you even ask for help from the hardware, app and carrier providers?

No insurance exists for the attack of the ‘YMCA’ ransomware – it is on you. But at least you have a choice: 1) Pay the ransom ($1,500); or 2) Buy a new phone ($1,200) and then reinstall and configure your apps.

“The more things change, the more they stay the same.” Who would have thought that an aphorism by Jean-Baptiste Alphonse Karr from 1850 would still carry so much relevance today? The dreaded Highwayman to the ‘YMCA’ Ransomware attack separated by just 200 years.

The ‘YMCA’ Ransomware attack is coming.

Did you write your will?