Z Trek: The Alan Zeichick Weblog

, ,

Malware in movie subtitles are coming to a mobile near you

Movie subtitles — those are the latest attack vector for malware. According to Check Point Software, by crafting malicious subtitle files, which are then downloaded by a victim’s media player, attackers can take complete control over any…
, ,

My article on digital watermarks cited in a U.S. government paper

March 2003: The U.S. International Trade Commission released a 32-page paper called, “Protecting U.S. Intellectual Property Rights and the Challenge of Digital Piracy.” The authors, Christopher Johnson and Daniel J. Walworth, cited an article…
,

Female entrepreneurs are treated differently than male entrepreneurs

According to a depressing story in Harvard Business Review, venture capitalists consider female entrepreneurs to be quite different than males. The perceived difference is not good. According to the May 17, 2017, story, “We Recorded VCs’…
, ,

Proposed laptop travel ban is not good news

From eWeek’s story, “Proposed Laptop Travel Ban Would Wreak Havoc on Business Travelers,” by Wayne Rash: A current proposal from the Department of Homeland Security to mandate that large electronic devices be relegated to checked luggage…
,

Things you must understand for technical and business due diligence

Technical diligence starts when a startup or company has been approved for outside capital, but needs to be inspected to insure the value of the technology is "good enough" to accept investment. The average startup has something like 1/100 odds…
, ,

The art and science of endpoint security

The endpoint is vulnerable. That’s where many enterprise cyber breaches begin: An employee clicks on a phishing link and installs malware, such a ransomware, or is tricked into providing login credentials. A browser can open a webpage…
,

Slow-motion lifecycle of our echinopsis flower

Our beautiful little echinopsis has a second flower. Here you can see it opening wide over a 22-hour period. Sad to think that it's nearly finished. Thursday or Friday the closed-up blossom will drop off the cactus. Tuesday, 5:20pm Tuesday,…
, ,

What the WannaCry ransomworm means for you

Many IT professionals were caught by surprise by last week's huge cyberattack. Why? They didn't expect ransomware to spread across their networks on its own. The reports came swiftly on Friday morning, May 12. The first I saw were that dozens…
, ,

Almost on my way to London for NetEvents to talk about endpoint security

If you’re in London in a couple weeks, look for me. I’ll be at the NetEvents European Media Spotlight on Innovators in Cloud, IoT, AI and Security, on June 5. At NetEvents, I’ll be doing lots of things: Acting as the Master…
,

Ransomworm golpea a más de 150 Países

Los informes llegaron rápidamente el viernes por la mañana, 12 de mayo – la primera vez que leí una alerta, referenciaba a docenas de hospitales en Inglaterra que fueron afectados por ransomware (sin darse cuenta que era ransomworm), negando…
, ,

The ongoing challenge for women in high-tech companies

In the United States, Sunday, May 14, is Mother’s Day. (Mothering Sunday was March 27 this year in the United Kingdom.) This is a good time to reflect on the status of women of all marital status and family situations in information technology.…
,

Save yourself, save your corporate assets, by blocking spearphishing

Ping! chimes the email software. There are 15 new messages. One is from your boss, calling you by name, and telling him to give you feedback ASAP on a new budget for your department. There’s an attachment. You click on it. Hmm, the file…
, ,

Open up the network, that's how you enable innovation

I have a new research paper in Elsevier's technical journal, Network Security. Here's the abstract: Lock it down! Button it up tight! That's the default reaction of many computer security professionals to anything and everything that's perceived…
, , ,

Your board members are a cybersecurity liability — here’s what to do

To those who run or serve on corporate, local government or non-profit boards: Your board members are at risk, and this places your organizations at risk. Your board members could be targeted by spearphishing (that is, directed personalized…
,

H-1B visa abuse: Blame it on the lottery

In 2016, Carnival Cruises was alleged to have laid off its entire 200-person IT department – and forced its workers to train foreign replacements. The same year, about 80 IT workers at the University of California San Francisco were laid off,…
,

Flame decals add 20-25 whp to your car's performance

It has been proven, beyond any doubt whatsoever, that flame decals add 20-25 whp (wheel horsepower) to your vehicle, and of course even more bhp (brake horsepower). I know it's proven because I read it on the Internet, and everything we read…
,

Why am I being spammed by the American Bar Association?

IANAL — I am not an attorney. I've never studied law, or even been inside a law school. I have a cousin who is an attorney, and quite a few close friends. But IANAL. So why am I on the American Bar Association's email list? I am not a member…
, , ,

Last year's top hacker tactics may surprise you

Did you know that last year, 75% of data breaches were perpetrated by outsiders, and fully 25% involved internal actors? Did you know that 18% were conducted by state-affiliated actors, and 51% involved organized criminal groups? That’s…
, ,

No security plan? It's like riding a bicycle in traffic in the rain without a helmet

Every company should have formal processes for implementing cybersecurity. That includes evaluating systems, describing activities, testing those policies, and authorizing action. After all, in this area, businesses can’t afford to wing it,…
Red Yucca Flower
,

Beautiful little flowers on our Red Yucca (Hesperaloe parviflora)

We have two Red Yucca plants in our garden. Both are magnificent: The leaves, with curlicue strings, are about two feet high. The flower stalks are about five feet high. Currently, each plant has only a single flower stalk; we expect them…
Sean Spicer with Pepsi
, ,

Self-inflicted public relations disasters: United Airlines, Pepsi, Tanium, Uber

There are public-relations disasters… and there are self-inflicted public-relations disasters. Those are arguably the worst, and it’s been a meaningful couple of weeks for them, both in the general world and in the technology industry. In…
,

Manage the network, Hal

Some large percentage of IT and security tasks and alerts require simple responses. On a small network, there aren’t many alerts, and so administrators can easily accommodate them: Fixing a connection here, approving external VPN access there,…
, ,

Look who’s talking – and controlling your home speech-enabled technology

“Alexa! Unlock the front door!” No, that won’t work, even if you have an intelligent lock designed to work with the Amazon Echo. That’s because Amazon is smart enough to know that someone could shout those five words into an open window,…
, ,

Email clients and 3D paint applications do not belong in operating system releases

No, no, no, no, no! The email client updates in the 10.12.4 update to macOS Sierra is everything that’s wrong with operating systems today. And so is the planned inclusion of an innovative, fun-sounding 3D painter as part of next week’s…
, ,

Windows 10 Creators Update will take forever to download, install, and update

Prepare to wait. And wait. Many Windows 10 users are getting ready for the Creators Update, due April 11. We know lots of things about it: There will be new tools for 3D designing, playing 4K-resolution games, improvements to the Edge browser,…
, ,

Listen to Sir Tim Berners-Lee: Don't weaken encryption!

It’s always a bad idea to intentionally weaken the security that protects hardware, software, and data. Why? Many reasons, including the basic right (in many societies) of individuals to engage in legal activities anonymously. An additional…

Oooh, it’s my first scam spam citing the Trump Administration

This is a great piece of unclaimed-money spam. Normally I redact the email addresses – but these are far too juicy to censor, especially the "from" address. Merely because the spam links to a genuine web page, such as this bio for Secretary…