“IT as a service” can be a patchwork of “solutions” which ultimately make resource management more of a nightmare than a dream. Preventing that nightmare is where AppSense shines. AppSense solutions are designed to meet the needs of even the most demanding global enterprises.  With AppSense, desktops, PCs, applications and devices all become interchangeable building blocks that IT can draw from to build their own optimized “IT as a service” fabric. This includes: traditional PCs, virtual desktops, locally installed applications, virtualized applications, remote application sessions, mobile devices and tablet pcs.

In March 2012, AppSense commissioned Forrester Consulting to examine the total economic impact and potential return on investment (ROI) enterprises may realize by deploying the AppSense Management Suite. The purpose of the study was to provide readers with a framework to evaluate the potential financial impact of the User Virtualization Platform on organizations having shared server-based computing environment. For those who are interested in the short, to the point version of the story, Forrester Consulting found that users saw IT operation cost savings,worker productivity cost savings, capital expense cost savings and project-based cost savings associated with application migration. The composite three-year risk-adjusted ROI was 284%, with a “payback” period of merely 5 months. This is precisely the sort of savings that “IT as a service” should provide but often doesn’t.

For more details, the complete report is available here to read or download.

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Adobe Digital Editions: Adobe has released version 3.0 for Digital Editions to fix a highly critical unpatched vulnerability reported in version 2.0.1. Updates are available through the program or from Adobe’s website.

Apple iTunes: Apple has released version 11.1.4 for iTunes. Updates are available through the program or from Apple’s website.

Apple Pages: Apple has released version 5.1 for Pages to fix a highly critical vulnerability reported in previous versions. Updates are available through the program or from Apple’s website.

Apple Pages for iOS: Apple has released version 2.1 for Pages for iOS to fix a highly critical vulnerability reported in previous versions. Updates are available through Apple’s iTunes or from Apple’s website.

Avast: Avast has released version 9.0.2013. Updates are available on Avast’s website.

Dropbox: Dropbox has released version 2.6.2 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]

Piriform CCleaner: Piriform has released version 4.10.4570 for CCleaner. Download is available from Piriform’s website.

Skype: Skype has released version 6.13.0.104. Updates are available on Skype’s website.

Current Software Versions

Adobe Flash  12.0.0.38 [Windows 7: IE]

Adobe Flash  12.0.0.43 [Windows 7: Firefox, Mozilla]

Adobe Flash  12.0.0.38 [Windows 8: IE]

Adobe Flash  12.0.0.38 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.06

Dropbox 2.6.2 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 26

Google Chrome 32.0.1700.76

Internet Explorer 11.0.9600.16476 [Windows 7: IE]

Internet Explorer 11.0.9600.16384 [Windows 8: IE]

Java SE 7 Update 51 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]

QuickTime 7.7.4

Safari 5.1.7

Safari 7.0.1 [Mac OS X]

Skype 6.13.0.104

Newly Announced Unpatched Vulnerabilities

None

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports that Cisco has released many updates for multiple products, including Cisco TelePresence Systems (CTS), Secure Access Control System (ACS), TelePresence Video Communication Server, Video Surveillance Operations Manager,  NX-OS, Aggregation Services Routers (ASR) 5000 Series and others.

Citrix XenClient XT: Secunia reports that Citrix has released version 3.2 of XenClient XT to fix a weakness and two vulnerabilities in previous versions.

---

If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community

---

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

 

Guest column by Citadel Information Group

Cyber Crime

Gang Rigged Pumps With Bluetooth Skimmers: Authorities in New York on Tuesday announced the indictment of thirteen men accused of running a multi-million dollar fraud ring that allegedly installed Bluetooth-enabled wireless gas pump skimmers at filling stations throughout the southern United States. KrebsOnSecurity, January 22, 2014

A Sneaky Path Into Target Customers’ Wallets: It was, in essence, a cybercriminal’s dream. For months, an amorphous group of Eastern European hackers had been poking around the networks of major American retailers, searching for loose portals that would take them deep into corporate systems. The New York Times, January 17, 2014

A Closer Look at the Target Malware, Part II: Yesterday’s story about the point-of-sale malware used in the Target attack has prompted a flood of analysis and reporting from antivirus and security vendors about related malware. Buried within those reports are some interesting details that speak to possible actors involved and to the timing and discovery of this breach. KrebsOnSecurity, January 16, 2014

Cyber Warning

Bug Exposes IP Cameras, Baby Monitors: A bug in the software that powers a broad array of Webcams, IP surveillance cameras and baby monitors made by Chinese camera giant Foscam allows anyone with access to the device’s Internet address to view live and recorded video footage, KrebsOnSecurity has learned. KrebsOnSecurity, January 23, 2014

DHS Alerts Contractors to Bank Data Theft: A security breach at a Web portal for the U.S. Department of Homeland Security has exposed private documents and some financial information belonging to at least 114 organizations that bid on a contract at the agency last year. KrebsOnSecurity, January 21, 2014

ANDROID VULNERABILITY ENABLES VPN BYPASS: A vulnerability in the Android mobile operating system could allow hackers to write applications that would bypass a secure virtual private network connection and redirect traffic in clear text to an attacker. ThreatPost, January 20, 2014

Cyber Security Management

Risk and responsibility in a hyperconnected world: Implications for enterprises: For the world’s economy to get full value from technological innovation, it must have a robust, coordinated approach to cybersecurity. A new report from the World Economic Forum and McKinsey & Company looks at how that could happen. Mckinsey&Company, January 2014

National Cyber Security

Obama Stands Fast on Intelligence Gathering but Promises More Oversight: In his speech on Friday the U.S. president made no apologies for the National Security Agency’s work. The government will, however, stop storing citizen phone records. Scientific America, January 20, 2014

Cyber Misc

Google pulls browser extensions after complaints: Such extensions are part of a larger business that focuses on installing software add-ons, such as toolbars, on people’s computers when they download some other type of software from the Internet. USA Today, January 20, 2014

The Adventures of a Cybercrime Gumshoe: I was fortunate to spend several hours this past week with two reporters whose work I admire. Both wanted to learn more about my job as an independent investigative reporter. Their stories about my story are below. KrebsOnSecurity, January 18, 2014

Unto the Breach: On Wednesday, a letter landed in my email inbox from Gregg Steinhafel, the chief executive of Target. He wanted me to know that there was a decent likelihood that some of my personal information had been stolen by criminals who had “forced their way into our systems,” as Steinhafel put it, and pulled off one of the biggest data breaches in history. The New York Times, January 17, 2014

Cyber Sunshine

Feds Infiltrate, Bust Counterfeit Card Shop: Federal authorities in New Jersey announced a series of arrests and indictments of 14 individuals thought to be connected to an online one-stop shop selling embossed, counterfeit credit cards and holographic overlays. KrebsOnSecurity, January 24, 2014

Cyber Calander

Join OWASP Los Angeles, Orange County, San Diego, Santa Barbara, and the Bay Area as we join forces to host AppSec California!: AppSec California is the first of hopefully many annual conferences hosted by all of the California chapters. Join us on the beaches of Santa Monica which is closest to our Los Angeles Chapter. Space is limited to around 200 attendees so be sure to get your ticket before we sell out! AppleSec California, Event Date: January 27-28, 2014

“Lunch Meeting – It Takes the Village to Secure the Village”: Dr. Stan Stahl, President of the Los Angeles Chapter of the Information Systems Security Association and President of Citadel Information Group presents. SOCALAFP, Event Date: February 14, 2014

Cybersecurity Essentials for Business Professionals: Please join us in this free presentation where we will discuss essential issues that every entrepreneur and business professional must know about cybersecurity laws, guidelines, and protocols. This event will be moderated and conducted by Salar Atrizadeh, Esq., principal and founder of the Law Offices of Salar Atrizadeh. Also, Stan Stahl, Ph.D., President of Citadel Information Group and ISSA-LA, Brad Maryman, and Howard Miller will serve as panelists Law Offices of Salar Atrizadeh, Event Date: February 21, 2014

---

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

 

Guest column by Citadel Information Group

Cyber Crime

A First Look at the Target Intrusion, Malware: Last weekend, Target finally disclosed at least one cause of the massive data breach that exposed personal and financial information on more than 110 million customers: Malicious software that infected point-of-sale systems at Target checkout counters. Today’s post includes new information about the malware apparently used in the attack, according to two sources with knowledge of the matter. KrebsOnSecurity, January 15, 2014

Target confirms malware used on point-of-sale terminals: During an interview with CNBC, retailer’s CEO defends four-day delay in notifying customers of security breach as necessary for the investigation and preparation for consumer reaction. Cnet, January 12, 2014

Yahoo says malware attack farther reaching than thought: The company posts guidelines for Yahoo users worried about infection and says people outside Europe may have been hit. It also says the attacks went on longer than previously reported. CNet, January 11, 2014

Cryptolocker scrambles eight years of data belonging to US town hall: The Cryptolocker ransom Trojan has claimed another victim in small-town America, scrambling eight years-worth of files held by a New Hampshire town authority. Some are believed to be irretrievable. ComputerWorld, January 7, 2014

Cyber Attack

Is your refrigerator really part of a massive spam-sending botnet?: Security researchers have published a report that Ars is having a tough time swallowing, despite considerable effort chewing—a botnet of more than 100,000 smart TVs, home networking routers, and other Internet-connected consumer devices that recently took part in sending 750,000 malicious e-mails over a two-week period. ArsTechnica, January 17, 2014

Cyber Privacy

The Next Data Privacy Battle May Be Waged Inside Your Car: Cars are becoming smarter than ever, with global positioning systems, Internet connections, data recorders and high-definition cameras. Drivers can barely make a left turn, put on their seatbelts or push 80 miles an hour without their actions somehow, somewhere being tracked or recorded. The New York Times, January 10, 2014

Cyber Warning

Java ‘Icefog’ Malware Variant Infects U.S. Businesses: Beware Java-based malware that’s been used to exploit at least three US-based organizations. DarkReading, January 15, 2014

STARBUCKS APP STORES USER INFORMATION, PASSWORDS IN CLEAR TEXT: A vulnerability in Starbucks’ mobile app could be putting coffee drinkers’ information–including their usernames, email addresses and passwords–at risk. ThreatPost, January 15, 2014

Cyber Security Management – Cyber Update

ORACLE PATCH UPDATE TAKES ON 36 JAVA VULNERABILITIES: All has been relatively quiet of late on the Java security front, which is in stark contrast to a year ago when Java was the scourge of the Internet. Vulnerabilities in Java were being exploited at an alarming rate in a number of targeted attacks including watering hole attacks against prominent government agencies, manufacturers and activists. ThreatPost, January 15, 2014

Securing the Village

LA Is Actively Seeking Cyber Security Experts: As the public-at-large continues to become more subservient to advancing technology, its susceptibility to social media fraud and corporate security breaches has become burdensome. Daily lives and economic solvency are at stake. To the rescue is the near-six-figure cyber security profession, an effective cyber warfare weapon that out-smarts pathological terrorist groups, relentless criminals and even disgruntled employees. [David Lam, Citadel VP Technology Management Services, is quoted] CBS Los Angeles, January 13, 2014

Cyber Research

RESEARCHERS FIND BEST TIME FOR HACKERS TO STRIKE: For hackers, timing is key. At least that’s according to a group of University of Michigan based researchers that authored a paper on hacking and how timing could factor into the decisions and decision making processes engaged in by cyber criminals. Digital Trends, January 14, 2014

Cyber Law

Calif. senators intro bill to stop state from aiding NSA spying: Two California senators have introduced legislation that would ban state agencies, officials – and even corporations providing services to the state – from assisting the National Security Agency’s sweeping surveillance of citizens. SC Magazine, January 9, 2014

Cyber Misc

BitTorrent Creator’s New Software DissidentX Hides Secrets In Plain Sight: Encryption tools help people keep secrets. Bram Cohen has a more subtle ambition: he wants to help people keep secret the act of keeping secrets. Forbes, January 15, 2014

Cell Phones Let Cops Track People For A Thousandth Of The Price, Study Finds: It’s no secret that the ability to track a cell phone has led to a sea change in law enforcement surveillance methods. But now a pair of researchers have actually put a number to the plummeting cost of that covert spying in the modern world: Tracking a cell phone’s location, they found, costs somewhere between 1.9% and .015 % of the price of tailing someone the old fashioned way. Forbes, January 9, 2014

RSA boycott splits security industry on tactic’s effectiveness: Some see protest as justified, others believe it to be impulse reaction to reports of RSA collaboration with NSA. CSO, January 9, 2014

Cyber Calander

Join OWASP Los Angeles, Orange County, San Diego, Santa Barbara, and the Bay Area as we join forces to host AppSec California!: AppSec California is the first of hopefully many annual conferences hosted by all of the California chapters. Join us on the beaches of Santa Monica which is closest to our Los Angeles Chapter. Space is limited to around 200 attendees so be sure to get your ticket before we sell out! AppleSec CA 2014, Event Date: January 27-28

---

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Adobe Acrobat / Reader: Adobe has released updates for both Acrobat and Reader to fix at least three highly critical vulnerabilities reported in previous versions. Updates are available through the programs or from Adobe’s website.

Adobe Air: Adobe has released Version 3.9.0.1380 of Adobe Air to fix at least two highly critical vulnerabilities reported in previous versions. Updates are available through the program or from Adobe’s Air Web Site.

Adobe Flash Player: Adobe has released updates for its Flash Player. Updates are available through the program or from Adobe’s Flash Web Site.

Axantum AxCrypt: Axantum has released version 1.7.3156.0 of AxCrypt. Updates are available from Axantum’s website.

Google Chrome: Google has released version 32.0.1700.76 of Chrome for Windows, Mac, Linux and Chrome Frame. Updates are available through the program.

Google Chrome for Android: Google has released version 32.0.1700.99 of Chrome for Android. Updates are available through the program.

Microsoft Patch Tuesday: Microsoft released several updates addressing at least 6 security vulnerabilities, some of which are highly critical, in Microsoft Office, Word 2013, SharePoint,  Windows 7, Server 2008, and more. Updates are available via Windows Update or from Automatic Update.

Oracle Java: Oracle has released Java SE 7 Update 51. The update is available through Windows Control Panel or Java’s website. [See Citadel’s recommendation below]

Current Software Versions

Adobe Flash  12.0.0.38 [Windows 7: IE]

Adobe Flash  12.0.0.43 [Windows 7: Firefox, Mozilla]

Adobe Flash  12.0.0.38 [Windows 8: IE]

Adobe Flash  12.0.0.38 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.06

Dropbox 2.4.11 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 26

Google Chrome 32.0.1700.76

Internet Explorer 11.0.9600.16476 [Windows 7: IE]

Internet Explorer 11.0.9600.16384 [Windows 8: IE]

Java SE 7 Update 51 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]

QuickTime 7.7.4

Safari 5.1.7

Safari 7.0.1 [Mac OS X]

Skype 6.11.0.102

Newly Announced Unpatched Vulnerabilities

Netgear DGN2000: Secunia reports an undocumented security issue of Telnet service listening on TCP port 32764 in Netgear’s DGN2000 Wireless Router. No official solution is currently available.

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

BlackBerry OS: Secunia reports that BlackBerry has released updates to fix 4 highly critical vulnerabilities in BlackBerry 10 OS and BlackBerry PlayBook OS, due to a bundled version of Adobe Flash Player. Update to a fixed version.

Cisco Multiple Products: Secunia reports that Cisco has released many updates for multiple products, including Cisco WebEx Meetings, Identity Services Engine (ISE),  Secure Access Control System (ACS), Cisco Jabber for Windows, and others.

McAfee Vulnerability Manager: Secunia reports that McAfee has re released updates for its Vulnerability Manager to fix vulnerabilities in versions 7.5.5 and prior. Apply hotfix or update to version 7.5.6 when available.

Oracle Multiple Products: Secunia reports that Oracle has released many updates for multiple products, including Oracles’s PeopleSoft Enterprise Services Procurement,  PeopleSoft Enterprise PeopleTools,  PeopleSoft Enterprise HRMS, Demantra Demand Management, AutoVue, Agile PLM for Process, E-Business Suite, iPlanet Web Proxy Server, Hyperion, WebCenter Sites, Hyperion Strategic Finance, Solaris,  Solaris Samba, WebCenter Portal and others.

VMware ESXi / ESX: Secunia reports that VMware has released updates for ESXi / ESX to fix two Denial of Service Weaknesses. Apply patches.

---

If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community

---

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

 

Guest editorial by Stan Stahl, Ph.D.
_______________

I publish 6 or so essays a year in honor of the Fourth of July, Memorial Day, Thanksgiving, etc. My objective is to write in ways that bring us together around the ideals of America, rather than in ways that separate us. I am proud that readers often tell me they find my essays inspiring, for it means that I have captured that inspiration which is America.

My website The Agnostic Patriot provides a platform for my essays, which, as my readers know, are about America’s search for common ground as we the people continually co-create America’s more perfect union.

Why the name The Agnostic Patriot? My sole axiom is the Declaration’s self-evident assertion that we are all created equal. On all other matters, I strive to be politically agnostic.

America to me is not about “winning;” it is in steering that course of liberty between the tyranny of the King and the tyranny of the mob.

Like my essays, The Agnostic Patriot is a work in progress. In addition to holding all of my essays since 2005. I continue to populate a “Favorites” page, containing various writings and links that I find particularly meaningful. I also have a “News & Commentary” page which contain my “Let Freedom Ring” Twitter feeds broken into categories ranging from politics to philosophy. I have recently added a page to hold the writings of my son, Jonathan, as he thanks the veterans of the vietnamese war, one soldier to another. His is a reminder that freedom is never free.

This essay begins my 13th year of writing these freedom essays. I wrote my first essay on the Thanksgiving after 9/11, giving thanks to the the fundamental principles of the American dream: freedom, liberty and a civil body politic.

I hope you find this essay of interest. If you do, I encourage you to forward this email to your friends and colleagues. If you don’t, please don’t hesitate to unsubscribe. (A link for doing so is located at the bottom of this email.)

Cheers –

Stan
@stanstahl

---

 If you want the truth to stand clear before you, never be for or against.
The struggle between “for” and “against” is the mind’s worst disease.

– Sent ts’an, c. 700 C. E.

_________________________

Martin Luther King Day, 2014

Injustice anywhere is a threat to justice everywhere. We are caught in an inescapable network of mutuality tied in a single garment of destiny. Whatever affects one directly affects all indirectly.

Martin Luther King
Letters from a Birmingham Jail

Rita and I read these words again last September in London, etched on a glass panel above the entrance to the library of the Supreme Court of the United Kingdom. Etched on this same glass panel are also written “The first duty of man is the seeking after and the investigation of truth” and “Justice is truth in action.”

Sometimes it’s easy to find truth, to know what justice requires. The truth in Birmingham Alabama in 1963 when Martin Luther King wrote those words while a prisoner in the Birmingham city jail was easy. Fifty-one years ago in Birmingham, Alabama, Blacks could not drink from public water fountains, could not sit at “whites only” lunch counters, could not attend the University of Alabama, could not vote, and could not peacefully demonstrate for their freedom. This was not justice.

Sometimes it’s not so easy to find truth, to know what justice requires. Sometimes it’s hard. And — truth be told — we are wired to make it hard on ourselves.

Take for example the recent brouhaha over Duck Dynasty’s Phil Robertson. Robertson, you may recall, said in an interview in GQ that he believed homosexuality to be a sin and that he never saw the mistreatment of any black person growing up in Louisiana before the civil rights era.

The left, as expected, took Robertson to task for being homophobic and incredibly naïve about race relations in Louisiana in the 1950s. The right, also as expected, accused the left of denying Robertson his right to free speech, his right to his own opinion – good, bad, foolish or wise — arguing as they regularly do that political correctness is driving honest differences of opinion out of the public square.

A&E – the TV network that broadcasts Duck Dynasty – played its part, first “caving to the left” by dropping Robertson from the show and then “caving to the right” by bringing him back.

So where is truth? Where is Justice? Would it be just to take Phil Robertson off the air? Or is justice better served by leaving him on the air? [1]

*****

If you want the truth to stand clear before you, never be for or against.
The struggle between “for” and “against” is the mind’s worst disease.
Sent ts’an, c. 700 C. E.

Two hundred thousand years of evolution — from our origins in Africa to our spread across the planet — have designed into us certain traits. Each of us feels connected to whatever “group” we happen to belong to. We also feel separate from – disconnected from – other groups.

All of us come into the world prewired to prefer whatever group we belong to over other groups. The preference isn’t conscious; we don’t rationally consider our own group and come to the objective determination that it’s best. We feel our group is the best and then construct ‘arguments’ proving we are the best. Basically, we delude ourselves into believing that our group is best.

You can test your own racial preferences on the website YourMorals.org. [2] It’s a 5-10 minute test that’s been taken by thousands of people and it’s able to tell you the extent to which you prefer Europeans over African Americans or vice versa. I recently took the test and — yes — I have a preference for one race over another. All of us do.

What this means – whichever race one prefers – is that we all notice race – we pay attention to race – we profile people based on their race. We do it pre-consciously … but we do it.

But then, how can it be otherwise? It’s inevitable.

Imagine you’re living 185,000 years ago, somewhere in Africa. One morning you see the tribe who lives across the river swimming over to your side. Do you wave a welcome to them? Do you say to your wife: “Mabel. Look who’s coming across the river. Why don’t you make some of your nice ostrich omelets for our guests?” If you do, thwack!!! You’re dead and Mabel’s DNA – if it survives at all – only does so in combination with the people who just killed you.

The fact that you and I are here means that our ancestors paid attention. They knew who was in their group and who wasn’t. If others came along who weren’t in the group and who were perceived to be a threat, then our ancestors had no trouble killing them. Our presence here today means our ancestors won these battles.

These are our roots. Racial — and other group — preferences are built into who we are. We spend a lot of time denying that we have these racial preferences, pretending to be race neutral in our post-racial Obama age. But it’s not true. We are very race conscious.

So rather than deny it, let’s admit it. Let’s acknowledge that we are race conscious and that our own evolution blinds us to this truth. When we do, we turn it into a strength.

Acknowledging the truth of our own racial preferences allows us to appreciate how difficult it is for us to accept King’s truth that injustice anywhere is a threat to justice everywhere. True as these words are, we just aren’t wired to believe them. We have to work at it.

Magic happens when we work at accepting this, When I stop feeling the need to defend my gut-level instinct that Phil Robertson is dangerously wrong; when I allow myself to acknowledge that he and I are woven together in a single garment of destiny, that’s when I come to appreciate the deep truth that whatever affects Phil’s right to life, liberty and the pursuit of his happiness affects my own right to life, liberty and the pursuit of my happiness … And conversely; whatever affects my rights affects his. It’s no longer about my side ‘winning’ or his side ‘winning;’ now it’s about finding ways to live together in peace, harmony and justice, each exercising our inalienable right to life, liberty and the pursuit of happiness.

Martin Luther King articulated this deep moral truth — not just for his own people in their struggle for justice — but for all people who feel they don’t belong, who feel that this is someone else’s world, that they just get to live here.

We are — all of us — caught in an inescapable network of mutuality tied in a single garment of destiny. Blacks and Whites. Straights and Gays. Bible-quoting duck hunters and atheist vegans. Whatever affects one directly affects us all indirectly.

This can’t just be my world. Nor can it just be your world. The experiment in self-government that is America, the meaning of We the People and E Pluribus Unum, the promise of the Blessings of Liberty require that we make it our world, our destiny.

Let Freedom Ring.

[1] I encourage you to take a look at Michael Sandel’s Harvard course entitled Justice. http://www.justiceharvard.org/.

[2] YourMorals.org is a collaboration among social psychologists who study morality and politics. Jonathan Haidt’s recent book “The Righteous Mind: Why Good People Are Divided by Politics and Religion” explores this emerging field. I highly recommend Haidt’s TED talk on the same topic:  The moral roots of liberals and conservatives.

 _________________________

Copyright © 2014. Stan Stahl, Ph.D. All Rights Reserved. Permission is granted to republish this essay provided the essay is reproduced unedited and in its entirety, its source is identified as The Agnostic Patriot at www.agnosticpatriot.org and this copyright notice is included.

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Android: Android has released version 4.4 of the Android to fix a vulnerability reported in previous versions. Updates are available through the device.

Google Chrome: Google has released version 32.0.1700.72 of Chrome for Windows, Mac, Linux and Chrome Frame. Updates are available through the program.

Current Software Versions

Adobe Flash  11.9.900.170 [Windows 7: IE9]

Adobe Flash  11.9.900.170 [Windows 8: IE, Firefox, Mozilla, Netscape, Opera]

Adobe Flash  11.9.900.170 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.05

Dropbox 2.4.11 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 26

Google Chrome 32.0.1700.72

Internet Explorer 11.0.9600.16476 [Windows 7: IE]

Internet Explorer 11.0.9600.16384 [Windows 8: IE]

Java SE 7 Update 45 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]

QuickTime 7.7.4

Safari 5.1.7

Safari 7.0.1 [Mac OS X]

Skype 6.11.0.102

Newly Announced Unpatched Vulnerabilities

None

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports that Cisco has released many updates for multiple products, including Cisco Secure Access Control System (ACS), Adaptive Security Appliance (ASA) NX-OS and others.

Cisco Wireless Routers: US-Cert reports an unpatched vulnerability in Cisco’s WAP4410N Wireless-N Gigabit Security Router and the RVS4000 4-port Gigabit Security Router.  Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd

Symantec Endpoint Protection Manager: Symantec has released an update to its Endpoint Protection Manager to fix a vulnerability reported in previous versions. Update to version 11.0.7.4.

---

If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community

---

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

 

Guest column by Citadel Information Group

Cyber Crime

Hackers Steal Card Data from Neiman Marcus: Responding to inquiries about a possible data breach involving customer credit and debit card information, upscale retailer Neiman Marcus acknowledged today that it is working with the U.S. Secret Service to investigate a hacker break-in that has exposed an unknown number of customer cards. KrebsOnSecurity, January 10, 2014

Yahoo’s malware-pushing ads linked to larger malware scheme: A deeper look by Cisco Systems into the cyberattack that infected Yahoo users with malware appears to show a link between the attack and a suspicious affiliate traffic-pushing scheme with roots in Ukraine. PC World, January 10, 2014

Malware attack hits thousands of Yahoo users per hour: (CNN) — A malware attack hit Yahoo’s advertising server over the last few days, affecting thousands of users in various countries, an Internet security company said. CNN, January 6, 2014

Deconstructing the $9.84 Credit Card Hustle: Over the holidays, I heard from a number of readers who were seeing strange, unauthorized charges showing up on their credit and debit cards for $9.84. Many wondered whether this was the result of the Target breach; I suppose I asked for this, having repeatedly advised readers to keep a close eye on their bank statements for bogus transactions. It’s still not clear how consumers’ card numbers are being stolen here, but the fraud appears to stem from an elaborate network of affiliate schemes that stretch from Cyprus to India and the United Kingdom. KrebsOnSecurity, December 6, 2013

Cyber Privacy

Mikko Hypponen: How the NSA betrayed the world’s trust — time to act: Recent events have highlighted, underlined and bolded the fact that the United States is performing blanket surveillance on any foreigner whose data passes through an American entity — whether they are suspected of wrongdoing or not. This means that, essentially, every international user of the internet is being watched, says Mikko Hypponen. An important rant, wrapped with a plea: to find alternative solutions to using American companies for the world’s information needs. TED, October 2013

A Guardian guide to your metadata: Metadata is information generated as you use technology, and its use has been the subject of controversy since NSA’s secret surveillance program was revealed. Examples include the date and time you called somebody or the location from which you last accessed your email. The data collected generally does not contain personal or content-specific details, but rather transactional information about the user, the device and activities taking place. In some cases you can limit the information that is collected – by turning off location services on your cell phone for instance – but many times you cannot. Below, explore some of the data collected through activities you do every day. The Guardian, June 12, 2013

Financial Fraud

Firm Bankrupted by Cyberheist Sues Bank: A California escrow firm that was forced out of business last year after a $1.5 million cyberheist is now suing its former bank to recoup the lost funds. KrebsOnSecurity, January 8, 2014

Cyber Warning

Yahoo Malware Turned European Computers Into Bitcoin Slaves: As many as two million European users of Yahoo may have received PC malware from virus-laden ads served by its homepage over a four-day period last week. Business Insider, January 8, 2014

Cyber Security Managment

USING PSYCHOLOGY TO CREATE A BETTER MALWARE WARNING: It turns out the best way to get people to pay attention to those malware warnings that pop up in browsers may be to stop tweaking them, scrap them entirely and rebuild from scratch. According to a study on the subject published last week, efficient malware warnings shouldn’t scare users away, they should give a clear and concise idea of what is happening and how much risk users are exposing themselves to. ThreatPost, January 7, 2014

Asking these big questions will help you predict future compromise: Nick Selby has a set of questions he always asks when helping an organization root out the cause of a compromise. Here’s why they also help him predict future problems with a security program. CSO, January 7, 2014

Cybersecurity is for the C-suite, ‘not just the IT crowd’: FORTUNE — “Ninety-seven percent of Fortune 500 companies have been hacked,” says Peter W. Singer, “and likely the other 3% have too, they just don’t know it.” Such is the less-than-rosy picture painted by Singer — director of the Center for 21st Century Security and Intelligence at D.C. think tank Brookings Institution and bestselling author of 2009′s Wired for War — and co-author Allan Friedman in the opening pages of their new book Cybersecurity and Cyberwar: What Everyone Needs to Know (Oxford University Press). CNN, January 6, 2014

Cyber Lawsuit

LinkedIn Sues Unknown Hackers in an Attempt to Find Out Who They Are: LinkedIn (LNKD) is facing a common plague of social networking companies: thousands of fake accounts used for spam and other nefariousness. So the company is using an increasingly familiar tactic: It’s suing those responsible for setting up the fake accounts, even though it doesn’t know who they are. Bloomberg, January 8, 2014

Judge dismisses challenge to border laptop searches: The searches are rare and don’t require reasonable suspicion, a federal judge said. ComputerWorld, December 31, 2013

Cyber Misc

2013 was the year of cybersecurity: Cybersecurity came up so many times in 2013 that it was easy to miss how quickly and completely it became a central feature of how we think about U.S. foreign policy and national security. Partly, this was an inevitable result of technology becoming more pervasive. And partly it was just an extension of things that had begun in earlier years, such as the U.S. use of cyberattacks on the Iranian nuclear program, which started in 2010. The Washington Post, January 7, 2014

HYPING ARTIFICIAL INTELLIGENCE, YET AGAIN: According to the Times, true artificial intelligence is just around the corner. A year ago, the paper ran a front-page story about the wonders of new technologies, including deep learning, a neurally-inspired A.I. technique for statistical analysis. Then, among others, came an article about how I.B.M.’s Watson had been repurposed into a chef, followed by an upbeat post about quantum computation. On Sunday, the paper ran a front-page story about “biologically inspired processors,” “brainlike computers” that learn from experience. The New Yorker, January 1, 2014

Cyber Calander

ISSA-LA January Lunch Meeting: Topic: The Hidden Risks of Mobile Applications to Your Organization. Mobile applications are becoming a major security threat to organizations and they don’t even know it yet. While many people talk about the potential risks of mobile devices, often the true impact of these risks is not understood. In his presentation, attendees will see real-world examples of how mobile applications can be written to be malicious and explore the damage a skilled criminal can cause. While many of these risks do not have simple fixes, Stickley will provide advice for organizations to reduce their exposure and analyze emerging risks, such as BYOD as part of an ongoing risk management program including what to look for in application settings when downloading new applications to a mobile device, the type of intrusions in the current mobile technology landscape, how to best educate their organization’s internal employees, and best practices and policies for organizations to reduce their risk exposure. ISSA-LA, Event Date: January 15, 2014

Join OWASP Los Angeles, Orange County, San Diego, Santa Barbara, and the Bay Area as we join forces to host AppSec California!: AppSec California is the first of hopefully many annual conferences hosted by all of the California chapters. Join us on the beaches of Santa Monica which is closest to our Los Angeles Chapter. Space is limited to around 200 attendees so be sure to get your ticket before we sell out! AppleSec California, Event Date: January 27 – 28, 2014

The post Cyber Security News of the Week, January 12, 2014 appeared first on Citadel Information Group.

---

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

 

Guest column by Citadel Information Group

Weekend Vulnerability and Patch Report

The following software vulnerabilities and updates were announced last week. Citadel Information Group strongly recommends that readers update their computers and take other action as indicated.

Important Security Updates

Dropbox: Dropbox has released version 2.4.11 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]

Google Picasa: Google has released version 3.9 Build 137.80. Updates are available at the Picasa website.

Current Software Versions

Adobe Flash  11.9.900.170 [Windows 7: IE9]

Adobe Flash  11.9.900.170 [Windows 8: IE, Firefox, Mozilla, Netscape, Opera]

Adobe Flash  11.9.900.170 [Macintosh OS X: Firefox, Opera, Safari]

Adobe Reader 11.0.05

Dropbox 2.4.11 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]

Firefox 26

Google Chrome 31.0.1650.63

Internet Explorer 11.0.9600.16428 [Windows 7: IE]

Internet Explorer 11.0.9600.16384 [Windows 8: IE]

Java SE 7 Update 45 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]

QuickTime 7.7.4

Safari 5.1.7

Safari 7.0.1 [Mac OS X]

Skype 6.11.0.102

Newly Announced Unpatched Vulnerabilities

None

For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

None

---

If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.

If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.

Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.

 

Citadel Information Group publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.

Citadel Information Group … Delivering Information Peace of Mind ® to Business and the Not-for-Profit Community

---

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.

 

Guest column by Citadel Information Group

Cyber Crime

Snapchat, Skype have security breach: SAN FRANCISCO — Several million Snapchat usernames and phone numbers were apparently leaked online late Tuesday night. USA Today, January 1, 2014

Cyber Attack

OPENSSL WEBSITE DEFACED; CODE REPOSITORIES UNTOUCHED: UPDATE: A Turkish hacking group compromised and defaced over the weekend the website of OpenSSL, an open-source SSL and TLS encryption implementation resource. ThreatPost, December 30, 2013

Cyber Privacy

Facebook Made of Teflon When it Comes to Privacy, Analysts Say: Facebook is being sued for allegedly intercepting users’ private messages, following links and sharing the information with advertisers and marketers. CIO, January 3, 2013

Were your details leaked in the Snapchat hack?: Security researchers have created a tool to help worried Snapchat users find out if their details were released online by hackers as part of an attack affecting 4.6 million people, as the temporary messaging company works with US law enforcement to find culprits. The Telegraph, January 2, 2014

NSA spyware gives agency full access to the iPhone — report: Leaked documents shared by Der Spiegel show that a piece of NSA spyware called DROPOUTJEEP can access pretty much everything on the iPhone. CNet, December 31, 2013

The NSA’s elite hackers can hijack your Wi-Fi from 8 miles away: Attendees at the Chaos Communications Congress in Hamburg this weekend got a surprising rundown of the NSA’s surveillance capabilities, courtesy of security researcher Jacob Appelbaum. Appelbaum, who co-wrote the Der Spiegel article that first revealed the NSA catalog, went into further detail onstage, describing several individual devices in the catalog and their intended purposes. The Verge, December 30, 2013

NSA reportedly intercepting laptops purchased online to install spy malware: According to a new report from Der Spiegel based on internal NSA documents, the signals intelligence agency’s elite hacking unit (TAO) is able to conduct sophisticated wiretaps in ways that make Hollywood fantasy look more like reality. The report indicates that the NSA, in collaboration with the CIA and FBI, routinely and secretly intercepts shipping deliveries for laptops or other computer accessories in order to implant bugs before they reach their destinations. According to Der Spiegel, the NSA’s TAO group is able to divert shipping deliveries to its own “secret workshops” in a method called interdiction, where agents load malware onto the electronics or install malicious hardware that can give US intelligence agencies remote access. The Verge, December 29, 2013

Financial Fraud

Neverquest banking malware more dangerous than Zeus trojan: New Neverquest malware steals bank account logins and lets attackers access accounts through victims’ computers. TechRepublic, December 30, 2013

Cyber Threat

The top 8 security threats of 2013: In a year full of them, experts share what they believed to be the biggest security threats of this past year. CSO, December 11, 2013

Cyber Warning

Cryptolocker ransomware has ‘infected about 250,000 PCs’: A virulent form of ransomware has now infected about quarter of a million Windows computers, according to a report by security researchers. BBC, December 24, 2013

Cyber Security Management

Managing Cyber Security Threats from Inside: The number of annual security incidents caused by insider threats is increasing. In The CERT Guide to Insider Threats, Capelli et al write, “Insider threats are an intriguing and complex problem. Some assert that they are the most significant threat faced by organizations today.” Smart Data Collective, December 30, 2013

5 fixes to help CSOs stay ahead of risks: No matter how valiant the efforts of chief security officers, or how much businesses say they focus on securing their systems, or the amount of money spent on IT defenses — many of the same IT security challenges persist. CSO, December 10, 2013

Cyber Security Management – Cyber Defense

Database Risks Increase As Patch Frequency Decreases: Department of Energy breach report offers stark lesson in patch management’s relationship with database risk postures. DarkReading, December 27, 2013

Cyber Survey

Survey: U.S. Citizens More Worried About ID Theft Than Privacy: Despite recent controversy over surveillance by the NSA, U.S. voters are still much more worried about identity theft than online tracking of their activities, a new study says. DarkReading, December 27, 2013

Cyber Misc

Viewing Where the Internet Goes: When Edward J. Snowden, the disaffected National Security Agency contract employee, purloined tens of thousands of classified documents from computers around the world, his actions — and their still-reverberating consequences — heightened international pressure to control the network that has increasingly become the world’s stage. At issue is the technical principle that is the basis for the Internet, its “any-to-any” connectivity. That capability has defined the technology ever since Vinton Cerf and Robert Kahn sequestered themselves in the conference room of a Palo Alto, Calif., hotel in 1973, with the task of interconnecting computer networks for an elite group of scientists, engineers and military personnel. The New York Times, December 30, 2013

Happy 4th Birthday, KrebsOnSecurity.com!: Dec. 29 marks the 4th anniversary of KrebsOnSecurity.com! Below are a few highlights from this past year, and a taste of what readers can look forward to here in 2014. KrebsOnSecurity, December 29, 2013

Brainlike Computers, Learning From Experience: PALO ALTO, Calif. — Computers have entered the age when they are able to learn from their own mistakes, a development that is about to turn the digital world on its head. The New York Times, December 29, 2013

The post Cyber Security News of the Week, January 5, 2014 appeared first on Citadel Information Group.

---

The IT Summit would like to thank Citadel Information Group for allowing us to provide this information to you.