I Want Blackberry to Win This One – the Z10

One of Canada’s favourite companies just completed their launch of their new phone and OS –  introducing the Blackberry Z10. I followed the launch along from start to now, thanks to TELUS who invited me.

The launch party in Toronto.

Whomever was in charge of the party crushed the guest list; that was a quality crowd.

Got to see many old social media faces and friends, from the good ‘ole days 2009-11-ish.

See how the keyboard is predicting what I’m typing? Once you get the hang of it, ahhh the efficiency.

(see my cell phone history here)

It plays Flash! & HTML5

Parental controls, nice.

Security note – the default of NFC is “on”. Turn it off immediately #security

NFCNear Field Communication. Pass files between phones without touching. (this blog post touches on it, here and start at the Charlie Miller part)

Then, it was off to TELUS HQ for a Z10 learning session.

I was pretty pumped for this event because, because at that time I was into researching how to move ‘contacts & calendar’ files among iPhone / BB / Android… BUT, move it withOUT using the cloud.

A – Nope.  Have to use the cloud.

However, TELUS has half the problem solved… it’s a cabled solution, available in each of their retail stores; port contacts from phone to phone, but not calendar.

(here’s the video)

Good luck, Blackberry! 
Your new phone is beautiful, you got this,
& Canada’s still behind you cheering you on xo 

 

Meet the Former Head of USA Cyber Security

Meet Melissa Hathaway, former Director of the Joint Interagency Cyber Task Force with the Obama and Bush administrations.

TELUS invited me to her keynote at their HQ on York Street. I loved it.

Unfortunately I wasn’t able to document the love, because it was one of those times you don’t pull out your camera.  Which is why I created this beautiful collage.

She was an eloquent speaker, covered a wide variety of topics and verticals, and imagine how globally this lady thinks, neat.

And what I took away from this experience was: woah, I know more than I realize.  I kept up with 90% of her presentation, knew every case study cited, my black-market prices are correct, as are which tools and what attacks are en vogue.  I’m proud of this; remember, this cyber security stuff is a hobby, I don’t have a degree or formal training.

What I decided this means is: I’m on the right track, let’s kick things up. But not gonna lie, I’m a bit nervous to.

For example:

I show you how to defeat a popular spear-phishing attack, the post takes off, helps many people, and the attack is defeated.  However, the attackers are now all, “what is this blonde thing that is hurting our business, let’s teach her a lesson“.

But, this stuff in my head could help you, so might as well *. And I’ll take Charlie Miller’s advice; I asked him about this when we met at SecTor 2012.

Me: You shut down stuff and affect large changes, do you worry about repercussions like I do, how do you stay safe?
Charlie: I try to be really nice and friendly always
Me: kk ty

And besides, lock it down as much as you want, but one good ‘ole SQL injection into the search bar and it’s game over, so there’s that too.

You should see the videos in my head, like when I track someone using free, publicly available tools and information they posted online.  Or show you the price you’re really paying when you stream “free” TV from overseas.  I’m excited.

Thank you Melissa and TELUS, I needed this.

 

* – There’s a phone scam in Southern Ontario right now – no one will ever call you to say your computer, or your ISP, is being hacked. Don’t give them the number they ask for, nor accept files or click their links.

 

TELUS Spends More on Security Than Anyone

So interesting to me. So when I’m invited to blog events, when I’m supposed to be focusing on whatever, instead I gravitate to this fact, “sooo, what are you spending it on?  Here’s where I think the biggest security holes are, what do you think?”, like that.

Which is how I ended up in a phone meeting with Dave Weiss, VP Solutions Development and Marketing at TELUS.

The timing of the meeting was great, because the night before I was at their flagship store launch party.

I like the store, because it’s all white (you’ve seen my home).

It was at the party, that I heard about, “Smart Set Up“.

Smart Set Up – basically, they’ll help you get your phone up and working, before you leave the store. Email installed, voicemail, Twitter accounts setup, whatever it is you need, and all with security in mind.

They’ll help you create strong passwords, remind you to change them regularily, and to be aware of the value of the information now in your pocket (BYODish).

(I’ll throw in my 2 cents here: don’t click on stupid stuff)

This is a good email password: [j~w=A{v(%9cs8_t<3hif

I’d way rather have my credit card compromised,
than my email. Wouldn’t you?

On their end, the one you don’t see, they’re taking sercurity seriously.

You want them to do this, so you never have to. Things like securing data centres and networks, both virtually and physically.

That’s why you’ll never find me on a tiny provider; the smaller companies don’t have the money, and security is almost always the first thing to get cut at budget slashing time.

I talk a lot with my hands, a lot

Think I was demonstrating locking down a data centre here, to the people on the phone :|

View from the meeting.

 

Talking with Telus About Security

Last week, Telus invited me to to an information security talk at Reasearch House, one of North America’s largest data-collection facitilities.

I said yes, without fully understanding what I was walking into; check this out:

Sooo, basically I sit in this comfortable chair, on the good side of one-way-glass, and straight-up get to stare and people-watch, while they talk about my favourite topic?  Yesssss.

These are senior-level Security and IT decision makers, from 6 large Canadian organizations, that I know you know.

Security is a difficult discussion for companies to have publicly, because when you point out your vulnerabilities, it opens the door to potential attacks.

That’s why I’ve blurred out their names and faces (learn how to edit a photo you’re posting online here)

These are the kind of guys who protect the company’s information, and yours.  They’re not a help desk, and every phone call they receive is a, “it’s the end of the world” call. Maybe bring them doughnuts sometimes.

Today’s topic was BYOD – Bring Your Own Device.  

Example: your personal cel phone, (not supplied by your employer),
is allowed to send and receive corporate email,
and connect to the corporate network

AKA: Bring Your Own Disaster

EMPLOYEES

BYOD is a bigger deal than you may realize.  Thousands of devices, that are probably less-than-secure, connecting to the corporate network and WiFi.  That’s now at least 3 more operating systems to accommodate, manage, and secure. Even worse, now confidential company information is walking around in someone’s pocket, going to the bar, you have a lock on your phone, right.

Mobiles are not immune to malware and virus’.  One click on something stupid in social media land, and the virus comes in through your phone, out to the company network, and off it goes spreading bad news.

(One day, you’ll connect through a VPN. We’ll get into VPNs here soon)

EMPLOYERS

Maybe re-visit your employee-exit policies and procedures.  I feel this might be a hole that needs plugging.

Even if you are parting on friendly terms, you still must immediately address the large amount of sensitive information on their personal device(s), and what those devices have access to.

I talked about this in my Autonet.ca article, “Toyota Secure Website Hacked”:

“If he was fired Thursday, and he used his passwords to enter the site at midnight, that would make it seven hours during which his credentials weren’t changed. That is not best practice for employee termination; account access should be immediately disabled upon notification of termination.”

And to terminated employees: don’t be offended when they do this, it’s best. You don’t want the responsibility of owning that information, especially on a mobile device.

If you take only one thing from this post:

Much of your company’s security comes down to you, the end user / employee / weakest link.  I know practicing good security can be annoying and slow things down, but there’s more resting on your shoulders than you may realize.

And thanks for having me Telus, this was so neat.