19. December 2007 by Revelator.

Time for another guest entry. The author is Kirk Dunaway; killer OPSEC trainer, bonafide IT professional, one of those shirt-off-his-back all-around good guys and someone I am proud to call friend. Kirk will grace this page from time to time with his insight into OPSEC and the Web. Enjoy…

     Figure you’re smarter than the average Third World teenager? Of course you are! Why then are they so successful at ripping us off? Forget about the “send me money and I’ll send you a check” scam. If you are still falling for that one, perhaps you should just unplug your computer and weld it into modern art.
     Put a classified ad online or in a newspaper? Get ready for the “please let me know what condition it is in - do you accept cashiers checks” scam. You’ll get a bogus check; send off your stuff, then get the privilege of paying the bank back for the bad check. Fun stuff, eh?

     Your email is an open door into your attention span. And if you share email at home, your spouse or kids can (and will) receive and reply before you have a chance to filter.

     Get emails saying your credit card is suspended? What the?!? Well, you’ve just gotta click that link and send your account info to get that fixed.  I mean, this is a no-brainer - right?  Or maybe you got an email saying that your account may have been exposed and your identity may have been stolen. How the ?!? Shaking from the thought of it you follow the instructions, faxing personal and account information to the phone number listed. And wasn’t it nice of them to include instructions on what to do in case your identity gets stolen? How thoughtful.
     In either case, you just gave away the farm. NO financial company will EVER ask you for your account number, PIN number, etc from you. If you do have an account there - they already know! Try this next time; hover your mouse over a link in an email and look at where it goes (at the bottom of the window) but NEVER CLICK IT!!! And never call a number listed in the email! Just open a new browser window and go directly to that institution. Usually the first thing you’ll see is a warning about the scam email you just got. At the very least get the good phone number to call from the “real” website.

     And please, please, please, teach this to your spouse, kids, parents, aunts, uncles, cousins, neighbors and furnace repairmen. The less successful these scams are the less we will be bothered by them.

Aloha,
Kirk out

Posted in WWW | Print | No Comments »

14. December 2007 by Revelator.

Reading The Godfather’s input on OPSEC in the movies prompted me to pull out something I wrote while working in the Joint OPSEC Support Element. I suspect when you read it you’ll get the movie reference to include the specific scene. Enjoy…

You want OPSEC? You want OPSEC? You can’t handle the OPSEC!
     Son, we live in a world that has no security, so critical information needs to be guarded by men with OPSEC. Who’s gonna do it? You? OPSEC can have a greater impact than you can possibly fathom.
     You weep for INFOSEC and you curse COMPUSEC. You have the luxury of not knowing what I know - that the OPSEC process, while a pain in the ass to you, saves lives; and my existence as an OPSEC professional, while grotesque and incomprehensible to you, saves lives.
     You don’t want the truth because deep down in places you don’t talk about at parties, you want my OPSEC - you need my OPSEC.
     We use words like “vulnerability”, “indicator”, and “countermeasure.” We use these words as the backbone of a life spent defending something. You use them as a punchline.
     I have neither the time nor the inclination to explain myself to a person who rises and sleeps under the blanket of the Operations Security I provide and then questions the manner in which I provide it.
     I would rather you just said “thank you” and went on your way. Otherwise, I suggest you shut your mouth and protect your critical information.

Keep the Faith!

Revelator

Posted in Movies | Print | No Comments »

12. December 2007 by Revelator.

That’s right folks.  The Western OPSEC Forum (WOF) is coming to sunny Las Vegas so save up your nickles and get your plans in order.  The Forum takes place 12 - 14 February 2008 and is graciously being hosted by the National Nuclear Security Administration Nevada Site Office (NNSA/NSO).  As Manager of the NNSA/NSO OPSEC program you can imagine that I have been fairly involved in paving the way for the IOSSs arrival.  And as OSPA/VP I am happy to announce that the OSPA is co-sponsoring the event.  I happen to know that many OSPA members have already registered and that our Prez/Founder, Exec VP and VP and other members of the Board of Directors are confirmed to attend.  I’m also happy to announce that plans for OSPA’s first member social/meeting are in the works and will be released at a later date. 

All the info you need should need about the WOF is available at http://www.ioss.gov/ but if you still have questions feel free to contact me at marino@nv.doe.gov or 702-295-2979. 

By the way, Wayne Morris (our Exec VP) and I have accepted the invitation to give our “Marketing Your OPSEC Program” presentation.  Also, Board member Scott Milliman will be presenting his highly rated “TRASHINT” brief.  We’ll let you draw your own conclusions about our Marketing presentation but I can personally attest to the high educational and  entertainment value of Scott’s speech.  If you haven’t seen it yet - you need to.  There are also OPSEC workshops for neophytes as well as those of us who consider ourselves fairly versed in things OPSEC.  I’ve attended many of these Forums and I can tell you that the IOSS puts on a great event that is guaranteed to educate you and entertain you as well as providing a great environment for networking and shared comeraderie.  Plus, if you missed it up front - you will be in Las Freaking Vegas!

Seating is limited (this isn’t a line - our seating only allows for 170 attendees) so get to the IOSS site and get registered TODAY!  I’m looking forward to seeing each of you there.

Keep the Faith!

Revelator

Posted in Conferences | Print | No Comments »

8. December 2007 by Revelator.

Why is it that people who own nice cars always refer to them by make and/or model?  “Lunch?  I would love to - we can take the Mercedes.”  “Why yes, this is good coffee.  I stopped there in my Beemer on the way to work.”  “What? We lose our contract in 8 days!?  You know, my Escalade seats 8.”  What you never hear is; “Lunch?  I would love to - we can take the Gremlin.”

Here are some more things I’m getting tired of hearing… “My daughter Epiphany goes to THE Ohio State.”  “My wife Honoria, the one who does IT security for IBM; I think she’s seeing someone else.”  I mean, if I had a dime for everytime I heard that one… 

And what’s with all the stickers on cars these days?  I really don’t care that Tad and Muffy play on the soccer team, are chartruese belts in sushi-do, go to Dolly Parton Middle School, play the clarinet in the fourth grade marching band and improvisational jazz quartet OR that you are a member of the Royal Order of Buffaloes, think that baby seals are depressed and/or socially repressed about global warming or that I can’t blame you cuz you voted for McGovern.  And by the way, if I was horny I doubt I would honk just to let you know.

Ok, now I must find the OPSEC in this… People these days are way too eager to share personal information.  They won’t give you their Social Security Account Number (that is readily available from, oh - I don’t know; 17, 505 sources) without a writ of habeas corpus but you can’t get them to shut up about everything else in their self-important lives.  Now, I’m no criminal nor do I portray one on TV, but I am a student of the threat and know that each bit of personal information collected can and will be used against you in a very bad way.

 I’ve raised four kids and each of them grew up just fine without covering my vehicle with stickers about their accomplishments.  And some people actually like me in spite of the fact that I’ve never offered to drive anyone to lunch in my dented eight year old Dodge Truck.  I did use my alarm combo/ATM Pin/code for work/birthdate/every password on every internet site I’ve ever registered for as my personalized liscense plate number - but we’ll just keep that between us friends.

Keep the Faith!

Revelator

Posted in Critical Information, Family OPSEC | Print | No Comments »