("There is nothing to see here" -- Zork I)

Well, here goes....

Today I started my feeble efforts at a 'daynote' site. Most of the evening was spent setting up the templates, home pages, colors, and whatnot, testing it out as I made changes. I suspect that you will see several different styles of pages as I see how things look in the real world. My intent is to keep the page format quite simple, nothing flashy (or "Flash-y"). Just basic fonts, colors, and a background image. I suspect that will make the pages readable across various versions of borrowers (for the thousands of readers that visit here).

The hosting of these pages is courtesy of Brian Bilbey, who has provided ample space for these musings at a very reasonable price. His home page is here, and if you wander through his "Graffiti" pages, you will find some interesting observations. His is one of several of the "Daynotes Gang" that I visit on a daily basis (although some of the Gang is less prolific than others...see the comments on Brian's pages here). There is much to be learned from that group.

What to expect? Some notes on my daily technical wanderings into the protection of my workplace's information systems. Things to do to keep your computer secure. Links to any interesting related information. And probably some boring information about my personal life.

And who am I? Well, a 51-year-old guy (I don't feel that old ... my philosophy is that I may have to grow old, but I don't have to grow up!), who has been working with computers for over 30 years, so I should have a bit of knowledge that I can share with you. A husband to Pam for the past 27 years. A father of three (Christine, 24, Jason, 22, Stacy, 18). A grandfather (I really enjoy that job, but am not too thrilled with the title) of two adorably cute grandkids (Joelle, almost 3; and Liam, just turned 1). I'll try to keep to a minimum the family pictures, so you won't be bored.

We all live in a small rural area outside of Sacramento, CA (USA), at least, for the moment. Our house is up for sale, as we may move a bit more "up the hill" into the lower Sierra Nevada mountains. And we are in the middle of some minor remodeling of the place (new master bathroom, and an overhaul of the kitchen is next), even while the house is for sale. There's probably a reason for remodeling while the house is for sale; it's probably related to the desire to cash in on the rapidly increasing equity in our house...and to get some funding together for the youngest daughter's excursion into college next year.

And I am a wanna-be author. I have co-written several computer books (now all obsolete, since I haven't done that for a while). I wrote my first fictional short story ("Digital Choke"). It's published on the "Digital Choke" web site. It's a story of the Internet, and how it died one day. Although it may never be a bestseller, it was interesting to write. Your comments about the story, and contributions to it, are appreciated (full info about all of that are within the story).

So ends our first day's efforts. Right now, I'm listening to Eric Clapton's concert on DirecTV (it's a free one). Good old rock and roll. And I just purchased Kevin Mitnick's "The Art of Deception" at the local bookstore. I think that I'll stop now and get started reading.

More later....thanks for stopping by.

Last day of the year. Took the day off from work, slept in, bowl of Raisin Bran for breakfast, read the paper. Then gathered together all the receipts and rebate forms from Christmas, and spent some quality time reading the fine print, making sure that I got everything in the right envelope. A quick trip to the post office for some more stamps, and that task is done. Well worth the effort, which will net me about $300 in rebates. Theoretically, that will be directly applied to the credit cards, which almost wilted under the effort of holiday shopping.

Today's tasks, after making the rounds of the Daynotes Gang, is to work a bit on some security policies, and a presentation for the dept staff meeting later this week. I'm the nearly-newly minted Information Security Office for the entire company (a governmental agency, if you must know). There has never been formal security policies and procedures, and I've been working on those for the last few months. Network security has been a bit lax around there. Although there are some pretty good firewalls and intrusion detection devices on the network, internal security has not kept up. And there needs to be a major education process for all the staff so that they are more security conscious.

I was reading a bit of Kevin Mitnick's book ("The Art of Deception") last night. Quite interesting and a bit scary about how easy it is to do social engineering to get into systems. Some of the social engineering practitioners are quite adept in getting the information they are after. It makes you think that all the security hardware in place is no good if the employees don't have good security practices. It looks to be an interesting book; even though the price was $29.95. But Barnes & Noble had a 20% discount on it, so that eased the pain. I'm not sure how current it is, and Mitnick is a bit circumspect on things, since he wrote it while still on probation. It might be interesting to see what he has to say when his probation ends in January.

Today's tasks include trying out some photo-editing programs for all the holiday pictures taken with the digital camera. Although I got the camera last year, getting prints is still not easy. I got a new printer (Lexmark Z54, $49 after rebate...I originally went to the store for printer cartridges, but this printer was cheaper than the cartridges and had a bit better resolution than my existing color printer), and have printed photos on the inkjets before. But am worried about the longevity of the prints, even when you use photo paper. I'm going to try out the picture programs to edit the pictures, then try out the photo printing at the local Costco and Longs. Both have a self-service kiosk that is connected to their one-hour photo printer, and the price per copy ranges from $0.25 to $0.50 each (where is the 'cents' character on a keyboard?). Actual photo paper prints from those places are longer lasting; I have read that photos printed at home on an ink-jet printer only have a life of under 10 years. That might be good for the short term photograph, but some pictures you want to keep forever.

Kodak has a free program you can download from their web site (www.kodak.com) that I tried a bit last night. Has some fairly decent basic editing, and a quick "email the picture" function. It will also make a slide show, but doesn't allow you to save the slide show. Good for editing pictures, then I can use Nero Burning ROM to burn a CD of pictures. More later as I play with the programs.

That's it for now. Sun is shining outside after several days of rain, and the view from the office is really nice. And the contractor is due in a bit to set the new master bathroom cabinet and linoleum. There's a story about that bathroom that will have to wait until later.

I laid low today. A 24-hour flu bug is traveling around our family. Despite my efforts (washing hands frequently, etc), I got a very mild case. Just "rumblies in my tumbly" (Pooh), and no appetite. Here it is college football day, and I can't eat nachos, chips and salsa, pizza rolls, and other nutritious food. Today diet was soda crackers, some homemade bread, and antacids (to quiet the rumblies).

And tomorrow I am the host of the monthly dept meeting, which is also an excuse to have birthday cake for this month's birthday people. So, my wife and I are making four cakes. And I probably shouldn't lick the bowls (but probably will anyway).

I did print some pictures with the new copy of Photosuite 4 (Platinum). They turned out quite well, although at highest resolution, a page of prints takes about 20-25 minutes to print. But the quality is pretty good. I used the Kodak Ultima Picture Paper (10 mil satin), and my new Lexmark Z54 printer. Next step is to try out the local drug store and warehouse club's prices. I made up a CD of my edited pictures, and will take those to them soon.

(10:45am) So, now I have four cakes in my office, and a check of my calendar shows that the staff meeting is next week. Sigh. Although tempted, I can't eat them all myself. So, I sent out a message to everyone in the office that they could stop by and get a New Year's treat -- and get a head start on breaking their New Year's resolutions. I figure that you might as well get that task out of the way. I am glad that I didn't spend $50 at the local grocery store on two sheet cakes. I'm only out $20....and I get to do it again next week!

Kevin Mitnick's book ("The Art of Deception") is quite interesting....and scary if you are in charge of security for your network. It's all about "social engineering" your way into somebody's network, bypassing all the hardware and software security that a network might have. There are many stories in there about how someone used social engineering to get into a network, and it was quite easy to do. A lot to think about if you are into network security, and even to protect your home computer. For instance, does everyone in your home/office know not to give out their password to anyone, even if it sounds like a legitimate call? Have you changed your password lately? Do you use the same password at multiple locations? Do you have a list of passwords on a sticky note on your monitor, or under your keyboard, or in your PDA? Lots of things to think about.

Since I am in the network security business now (I was previously just a network administrator for a part of the network here), I may be setting up some pages here that will contain a few links to important security issues. In the meantime, you might start at http://www.microsoft.com/security/. Although MS has had (and probably will continue to) security problems, there is some good information there that applies to the home and business user. It is a good starting point. I'll post some other links when I get the security pages up.

By the way, thanks to Brian Bilbrey, who put a nice note about my new efforts here on his Daynotes pages (it's on the Thursday page). Brian hosts this site, and I've been reading his pages for quite a while. It's a regular stop on my daily "Daynotes rounds". I think that you might also find his writings interesting.

(1:15pm) When you move into a new place, you always find a few things that are wrong; a chip in the paint here and there, a door that doesn't close quite right, etc. It's the same thing here at the Digital Choke Daynotes site; a few minor changes and corrections are in order.

Some sharp-eyed readers (and it is gratifying to use the plural of that word) noticed that I didn't have the right year on these pages. And that there was a bad link on the main page to the Daynotes site. I could blame both on Dreamweaver (which I use to create these pages). I am using version 4, since I haven't gotten around to installing the MX version. I do like the program, however, the MX version has a better interface, and works quite well.

And Brian Bilbrey reminds me that I was remiss in giving credit to his hosting of this site. Greg Lincoln is his partner in web crime; Brian says that "it's our box, not just mine, and he does most of the heavy lifting. I just kibbitz." Both of them are highly skilled in Linux and Windows, and you'll find lots of information about that on their sites, as well as their LinuxMuse site. And the cost for hosting these pages (and the Digital Choke short story) is quite reasonable, with excellent customer support.

As for life here, it's been quiet. Although I went to work yesterday (to deliver the four cakes for the staff meeting that wasn't), I was still a bit wasted from the minor flu that my family had shared with me. I left work early, and came home and sacked out for a couple of hours. Played couch potato the rest of the night. This morning am feeling a bit better, but the digestive system needs to get back in shape. Mild foods for today, should be better tomorrow.

Weekend plans are in flux. Probably a bit of yard work to do; I still haven't cleaned up the fallen branches from the last wind storm. A large branch fell off the willow tree in the front yard; it was lucky that it fell away from the house. But it will provide an opportunity to play Paul Bunyon with the chain saw (if I can get it started). I really should start on the 'burn pile', which has been sitting there for quite a while. And it might be time to take down the Christmas tree and decorations.

(4:15pm) I just finished watching "Cybercrime" on "Nerd TV" (TechTV), although I should really be outside doing more yard work. Although they can be a bit dramatic at times, there is sometimes some good information there, or at least something to think about. One segment was on school hackers getting into their school computer systems for grade changing. One of the IT security guys for a school district said that their greatest security risk is people. For instance, teachers will have very simple passwords that are easy to guess, or very complex ones that are so hard to remember that the teacher will write it on a sticky note and put it on their monitor or keyboard. I suspect there are many users out there that do the same thing.

That got me to thinking about the Kevin Mitnick book, which talks mainly how social engineering is a great way to get into networks. Here's an excerpt from his book (the excerpt is available here, a link to the book purchase page is here).

THE EMERGENCY PATCH
You would think a tech support guy would understand the dangers of giving access to the computer network to an outsider. But when that outsider is a clever social engineer masquerading as a helpful software vendor, the results might not be what you expect.

A Helpful Call
The caller wanted to know Who’s in charge of computers there? and the telephone operator put him through to the tech support guy, Paul Ahearn.

The caller identified himself as ‘Edward, with SeerWare, your database vendor. Apparently a bunch of our customers didn’t get the email about our emergency update, so we’re calling a few for a quality control check to see whether there was a problem installing the patch. Have you installed the update yet?’

Paul said he was pretty sure he hadn’t seen anything like that.

Edward said, ‘Well, it could cause intermittent catastrophic loss of data, so we recommend you get it installed as soon as possible.’ Yes, that was something he certainly wanted to do, Paul said. ‘Okay,’ the caller responded. ‘We can send you a tape or CD with the patch, and I want to tell you, it’s really critical—two companies already lost several days of data. So you really should get this installed as soon as it arrives, before it happens to your company.’

‘Can’t I download it from your Web site?’ Paul wanted to know.

‘It should be available soon—the tech team has been putting out all these fires. If you want, we can have our customer support center install it for you, remotely. We can either dial up or use Telnet to connect to the system, if you can support that.’

‘We don’t allow Telnet, especially from the Internet—it’s not secure,’ Paul answered. ‘If you can use SSH, that’d be okay,’ he said, naming a product that provides secure file transfers.

‘Yeah. We have SSH. So what’s the IP address?’

Paul gave him the IP address, and when Andrew asked, ‘and what username and password can I use,’ Paul gave him those, as well.

Now, think about how easy it was to get that information. And how powerful that information could be for a hacker/cracker that might want to get into your system, whether it is at home or at work.

I've been the Info Security officer for my company for a couple of months. There is lots to do there, including policies and procedures, in addition to the hardware and software security. But I am reminded, through reading Mitnick's book, that all the hardware and software protection won't help if the users on the network aren't trained to do their part to protect the company's information. So, I've got to make sure that I educate the users along with all the other security stuff that is necessary to protect the information.

Something to think about.

Thanks to those that have commented on these pages. It is nice to know someone is reading these ramblings. Paul H noted that there wasn't an easy link to my mailing address, so I just put one up at the top. The design of these pages may change, so any other comments you have about anything here is appreciated. I also stuck a link to the latest entry at the top of this page.

Paul also mentioned about the longevity of photo printing on ink-jet printers:

Re printing photos and their longevity. I've looked at that some in
past months and there is a German firm which does ongoing testing for
that sort of thing - a major physical system crash is blocking my access
to my carefully saved information at the moment so I can't provide a
link. But, for us consumer types Epson has recently come out with, the
last I looked there were two, printers that use longer lasting inks that
are also more water resistent. The larger, more expensive, version is
the Epson 280. It has at least one "little brother" that I've seen in
Office Depot, etc. for much less money - but still more than the loss
leaders that depend on ink sales for their profit.

I need to do some research on this subject. I know that there are 'photo' ink cartridges, in addition to the regular color ink cartridges. But some more definitive information might be interesting. I'll post the results of that search on these pages later.

I also got a comment from a reader of the Digital Choke story (there's a couple of broken links in there I have to fix; they should be done by tomorrow). I think that you might find the story interesting. The story can be participatory; an experience from you as a participant in the story might become part of the story. All comments sent through the story pages are anonymous, if you wish.

All contents Copyright (c) 2002-2003 by Two Bridges Group. All Rights Reserved.