Saturday, July 21, 2018

Stollen Cookies?

CC-BY-2.0 (bamml82, flickr.com)Have you heard that a frog can be cooked without a shock to its system by placing it in a pot with cold water, and gradually turning up the heat? Well, you are the frog, and internet-based mobile applications are the heat.

Last night, I was working on a blog post that had remained in draft mode for far too long, and part of what I did was to look for appropriate imagery using my phone. I started looking for "Tug of War" images on flickr.com before changing my search to "Sumo wrestling".

Today, Facebook magically showed me a "sponsored" post from NHK Japan for "GRAND SUMO LIVE". I have NEVER searched for sumo until last night, and that search was on the Flickr website.

Screenshot of sponsored postThe way cookies are supposed to work is that they are only accessible to the website that issued them. So, it would make sence for Flickr to keep track of my searches using cookies. But if I search for something on Google and then visit Amazon, Amazon shouldn't know anything about my activities on Google. Clearly, this is not the case with the Facebook Android app. My search history on Flickr should not be visible to any other site, and since I don't have a Flickr account, I don't think Flickr sold Facebook the data. Somehow, either through an astronomical coincidence, or some other means, Facebook managed to figure out that, at least right now, I have an interest in SUMO.

I'm not suggesting that you start making tinfoil hats. Nor have I deleted the Facebook App... yet. The point of this post, however, is that it truly is possible that this is just coincidence. However, Facebook's track record on matters of privacy is not that great. As a result, I am inclined to think that they are harvesting cookies from my phone. Do I have proof? No, but this is an example of what I have written extensively about: Ethical Debt. Because ethics do not seem to be high on the priority list for facebook, one tends to assume that every questionable event is somehow done in the shadows. Companies MUST hold themselves to a higher standard, because the consumer will stop granting credit if the ethical debt gets too high.

WR

Sunday, July 8, 2018

CISSP Common Body of Knowledge - Domain One, a study aid

The Common Body of Knowledge (CBK) for the Certified Information Systems Security Professional (CISSP) is a lengthy document with a lot of terminology that may be new to those studying it. As part of my preparation for the exam, I started a list of keywords that jumped out at me. As that list expanded, it occurred to me that this would be an excellent basis for a series of crossword puzzles. To that end, here's the first one.

Note, this is by no means a definitive list of keywords. These are just some keywords that came to the fore as I studied. You might find others. I might create another crossword as I continue working through Domain One.


Across

4 An inspection that ensures that expectations and standards are met.

5 The stability of the state of something over a period of me.

6 To isolate dues so that they must be performed by more than one person.

7 Laws or by-laws enacted by governing bodies to control the activities of a subordinate group.

9 A violation of established law.

10 The assurance that the information accessed is correct and free from unauthorized modification.

12 The individual planning or perpetrating an event.

14 The foundational elements that guides one's thoughts and actions.

15 An uncertain event or condition that, if it occurs, has the potential to negatively impact the organization.

20 The assurance that only those individuals with appropriate permission can access information.

24 To ensure that the latest software is in use.

25 The means of ensuring that an activity is being performed with appropriate permission.

27 To observe what is taking place in real-me.

28 A firm belief in the reliability or truth of something.


29 In the case of Information Security, an unauthorized restriction placed on a system.

Down

1 A safeguard that protects against a specific threat.

2 The leadership and organizational structures and processes that ensure that the organization achieves its strategies and objectives.

3 A plan that demonstrates expected reaction to stimulus.

4 Something of value (to an organization in this case).

8 The means of ensuring that the source or destination of a communication is truthfully conveyed.

9 An unscheduled, and unexpected termination of a process or system.

11 To aect the application of core security principles.

13 An event or situation that, if it occurred, would prevent the organization from operating in its normal manner, if at all.

16 The assurance that systems and information required, can be accessed when needed.

17 The acronym that refers to the various stages of a system's existence.

18 A copy of information.

19 The opinion generally held by those external to an organization.

21 The importance given to dierent elements in a collection.

22 A system for gathering and maintaining information.

23 To improve the application of core security principles.


26 A negative action taken against an organization or system.