January 22nd, 2014

Welcome to the Panopticon.  Or surveillance circle-jerk.

With apologies to Tom Lehrer,

Global Surveillance Week!

Chinese spy on the Japanese
Russians Spy on the Chinese
Indians Spy on the Pakistanis
Aussies spy on the Kiwis
North Koreans spy on Dennis Rodman

The NSA spies on everyone
And EVERYONE spies on the Americans


A new security report confirms that Chinese hackers spied on The New York Times in 2012, as well as attendees of the G20 Summit in St. Petersburg last fall. Iranian hackers spied on dissidents in the lead up to state elections last May. The Syrian Electronic Army is only getting better, and North Korean hackers were behind a destructive cyberattack that wiped data from South Korean banks last year.

via New Security Report Confirms Everyone Is Spying on Everyone –

Topic News
January 22nd, 2014

As WSJ reports, the security guys tried to get chip-and-pin launched in the US 10 years ago.

This is the same technology that has REDUCED UK losses by 70%.


Why did it fail in the US?

VISA & MasterCard Greed.

Long transaction times.

Target’s short-sightedness.

And who pays for it all?  Us.  The consumers, taxpayers and shareholders.

Who doesn’t pay for it?  Executives at Target, VISA and MasterCard.

The US leads the world in credit card fraud.  Not a metric to me proud of.

From WSJ:

Executives in Target’s credit-card division tried to keep the program but lost out to the concerns of executives responsible for store operations and merchandising, a group that included Mr. Steinhafel, who worried the technology slowed checkout speeds and didn’t offer enough marketing benefits, according to a person familiar with the decision.

The risks of big, expensive attacks like Target’s could help spur a consensus on the issue.

“All of us have a common interest in being protected, so this might be a chance for retailers and banks to for once work together, as opposed to sue each other like we’ve been doing the last decade,” James Dimon, CEO of J.P. Morgan Chase JPM -1.00% & Co., said last week on an earnings call.

Mr. Steinhafel, in his first public comments since the breach, said momentum is picking up for mass adoption of chip cards. “I think we’re ready to move,” the Target CEO said in a Jan. 13 interview with CNBC. Target, he said, was “out front of the industry, and the industry didn’t follow.”

via Target Tried an Anti-Theft Credit-Card System Years Ago –

Topic News
January 22nd, 2014

As SC magazine reports, a contractor stole data on 20 million South Koreans and smuggled it out on a USB stick.

Data of 20 million South Koreans copied to USB stick, sold to marketing firms

An IT worker was arrested after allegedly copying names, Social Security numbers, and credit card details of 20 millions South Koreans to a USB stick, so the trove of information could be sold to phone marketing firms.

According to a Monday BBC News article, the IT worker under suspicion worked for the Korea Credit Bureau.

In response to the breach, top executives at three credit card firms impacted by the incident – KB Kookmin Card, Lotte Card, and Nonghyup Card – made a public apology and resigned from their positions.

The contractor suspected of stealing the information is thought to have obtained the data through the Korea Credit Bureau’s access to the credit card companies’ databases.

via Data of 20 million South Koreans copied to USB stick, sold to marketing firms – SC Magazine.

Topic News
August 20th, 2013

Raj_Goel_headshot (1)

The IT Support/MSP game has changed.  Clients are no longer satisfied with just getting their desktops managed and servers supported.

Almost every industry has customer privacy and security compliance regulations – and clients are looking at us, their IT providers and business confidantes, to help them become and remain compliant.

So what do you need to know about compliance?

First – determine what industry or vertical you will tackle, then dive into it.

In my experience, clients do not want a generalist firm that says we provide HIPAA/HITECH/PCI-DSS/Sarbanes-Oxley/GLBA/ [insert acronym here] compliance. More and more, savvy buyers want MSPs that focus on their vertical.

If you’re tackling healthcare, you must deep-dive into HIPAA/HITECH, FTC Health Breach, State Records Retention and State Privacy Laws.  If medium-to-large retailers ($10M-$4B) are your targets, then a thorough understanding of PCI-DSS and State Privacy Breach Laws is required.  If banking and finance is your focus, then GLBA, SOX-404, State Privacy Breach, FINRA regulations, PATRIOT ACT and FFIEC compliance knowledge is a must.

Underpinning all these regulations, standards and statutes are 3 simple truths:

  1. Every regulation or standard requires good, tested, verifiable backups
  2. Use of strong passwords and tested security configurations is a must
  3. Encrypting data in-motion, and data-at-rest is a very, very, good idea.

As you start your journey towards becoming a compliance-oriented MSP, I can offer you a few resources for HIPAA/HITECH, PCI-DSS and PRIVACY LAW compliance.

HIPAA/HITECH Compliance: Email me and request the

  • HIPAA Compliance Checklist
  • Articles and newsletters regarding trends in HIPAA enforcement and compliance


  • Overview of the state privacy breach laws
  • Trends in Financial Crimes
  • Lessons Learned from Superstorm Sandy

As always, if you have questions regarding security, privacy or compliance, feel free to contact me at

Latest articles, blog posts, presentations and webinars are available at

Come meet Raj in person and hear him present on “What MSPs Need to Know About Compliance” at the Datto Partner Conference.

Topic Events, News
August 17th, 2013

Here’s another excellent reason to NEVER buy digital content from iTunes, Google Play or Kindle.

Cross the border, lose your content…

Jim O’Donnell was at a library conference in Singapore when his Ipad’s Google Play app asked him to update it. This was the app through which he had bought 30 to 40 ebooks, and after the app had updated, it started to re-download them. However, Singapore is not one of the countries where the Google Play bookstore is active, so it stopped downloading and told him he was no longer entitled to his books.

via Cross a border, lose your ebooks – Boing Boing.

Topic News
August 17th, 2013

Charlie Stross (an awesome writer) wrote an excellent piece on what life will be like for England’s future monarch.

This kid is going to live in the panopticon – maybe Will & Kate should watch this video with him and maybe this


This prince is going to find things a little different because he’s going to be the first designated future British monarch to grow up in a hothouse panopticon, with ubiquitous surveillance and life-logging …

I expect there to be Facebook account-hacking attacks on his friends, teachers, and associates—and that’s just in the near term. He’s going to be the first royal in the line of succession to grow up with the internet: his father, Prince William, was born in 1982 and, judging by his A-level coursework, is unlikely to have had much to do with computer networking in the late 1990s. This kid is going to grow up surrounded by smartphones, smart glasses (think in terms of the ten-years-hence descendants of Google Glass), and everything he does in public can be expected to go viral despite the best efforts of the House of Windsor’s spin doctors.

via Monarchy versus the Panopticon – Charlie’s Diary.

Topic News
August 17th, 2013

The Dutch are smoking something…and it isn’t good.

They are watermarking books and will report buyers, er customers, er, suckers to the anti-piracy mafia on the flimsiest of accusations.

This is an EXCELLENT reason to buy ebooks from authors (Cory Doctorow) and sites (e.g. that do NOT use any watermarking or DRM.

Netherlands, ebook sellers have announced that they will retain full reading records on their customers for at least two years, and will share that information with an “anti-piracy” group called BREIN (a group that already has the power to order Dutch ISPs to censor the Internet, without due process or judicial oversight; and who, ironically, were caught ripping off musicians for their anti-piracy ads).

via Dutch ebook sellers promise to spy on everyone’s reading habits, share them with “anti-piracy” group – Boing Boing.

Topic News
August 17th, 2013


Spying in the digital age required access to the fiber-optic cables traversing the world’s oceans, carrying torrents of data at the speed of light. And one of the biggest operators of those cables was being sold to an Asian firm, potentially complicating American surveillance efforts.


Topic News
August 17th, 2013

How much privacy are you willing to give up for security? This conversation has dominated the headlines in recent months and participants in a recent poll on the ASIS LinkedIn Group were nearly split on what has precedent – security or privacy concerns. The question below generated nearly 100 comments from practitioners worldwide.

In a Pew Research poll, 62% said it was more important to allow the gov’t to search for possible terrorist threats even if it meant giving up privacy: Security vs Privacy–Which Side Are You On? 

ASIS 2013/(ISC)2 Security Congress speaker Raj Goel, CSSP, weighed in with the following blog post:


Topic News
August 17th, 2013

When talking about privacy & surveillance, lots of people say “eh, what’s the harm?  I don’t care if Google knows it’s my birthday today” or “why should I worry, I haven’t broken any laws”.


The Atlantic has a summary of a FANTASTIC paper by Prof. Ryan Calo on harm caused by incessant tracking by corporations.


Topic News