Thursday, March 18, 2021

If You’re Not Going To Take Privacy Seriously Then Why Should I?

I am reminded of an old joke. I’m old so those are the only jokes I know.

The head brew masters for Coors, Budweiser, and Guinness are at a conference. At the end of the day, they go to the bar. When the bartender asks what they’ll have, the Coors brew master says “I’ll have a Coors, made from Rocky Mountain spring water.” The Budweiser brew master says “I’ll have a Budweiser, the king of beers!” The Guinness brew master orders a Coke. The other two look at the Guinness brew master and ask why he isn’t having beer? He replies “If you’re not having beer then neither will I. There’s a man who takes his beer more seriously than most people take their privacy.

In my newest blog at SecureIQLab, I discuss the disconnect between many people’s actions and their sometimes irrational privacy concerns, such as fear of Covid tracking apps. Biometric privacy and security risks are real, but do you submit to biometric data capture when you have a choice not to? I end with a little guidance about what should go into a decision when choosing what privacy risk to accept and what to reject.

Essentially it comes down to choosing between cats and privacy. Cats are the only reason the Internet exists, yet once you go online to look at cat videos, especially on YouTube, kiss your privacy goodbye. Choose wisely.

Randy Abrams
Senior Security Analyst (that’s SeƱor Security Analyst to you)
SecureIQLab

Tuesday, March 9, 2021

Have You Noticed A Pattern To My Blogging?

Some of you may have noticed that I frequently go for long periods of time without blogging. That means I’m employed. When I’m not employed then I have time to blog here.

So now I’m blogging for my employer, SecureIQLab. If you don’t want to wait until I am unemployed again to read my blogs, here are three I’ve written recently.

From Supply Chain to Kill Chain: Biometric Security is a look at some of the ways biometric systems can be attacked. Supply chain attacks are the launchpad for many breaches. For biometric devices this can be problematic. But there’s more…

A couple of years ago I was tasked with writing an article about biometric privacy. 200 hours of research later I had tested every breathalyzer on the market. Well, not really since I just thought of that research. Maybe we can have a beer and breathalyzer club and do Zoom meetings with B&B (Beer and breathalyzers).

Ok, actually the most interesting thing I found was that in Illinois people can sue their own employer into bankruptcy for violations of the Illinois Biometric Information Privacy Act. It’s not just for employers, Facebook settled for $650 million for BIPA violations. Anyway, privacy legislation is getting stricter and the number of states that have such laws or will have them is increasing.

Pretty much anyone considering using biometrics for commercial purposes needs to stay on top of things to avoid costly mistakes. The Illinois BIPA is not at all hard to comply with, and other such laws in other states are easy to comply with, but you have to know what they are and what is required for compliance. It’s good for consumers to know what protections they have as well. Come on over and take a look at some Biometric Legal Implications. This isn’t a law school class and I’m not a lawyer, so there are no parties of any part, no binding arbitration agreements, and it doesn’t cost $500/hour to read it either. 

Next up!

Yes indeed, The Supply Chain Looks Like a Bunny Rabbit With a Drum. Well, what can I say? The Rabbit of Caerbannog has nothing on the Energizer Bunny, Sony, the Russians, or stupid ideas like a Wi-Fi water kettle and networked fish aquarium thermometers in casinos! Seriously, one stupid unsecured refrigerator can spoil your company’s security. Any questions?

Finally

GoDaddy gave a world-class lesson on how to f*ck user security awareness training, encourage insider attacks, and put your customer at increased risk. I explain in Inciting Supply Chain Attacks GoDaddy Style

I hope you’ll pop over and take a look!

Cheers,

Randy Abrams
Senior Security Analyst and Rabbit Whisperer
SecureIQLab