Sponsors

Tuesday, December 22, 2009

President Obama Introduces the Nation's New Cyber Security Czar: Howard Schmidt

Today President Obama Introduced the Nation's New Cyber Czar, Howard Schmidt. This appointment is in line with President Obama's commitment to protect the Nations Critical Cyber Infrastructure as well as National Security objectives.

Howard Schmidt is a leading authority on Information Security with over 40 years of experience in government, business and law enforcement.

President Obama & White House Cyber Security Chief Howard SchmidtHoward Schmidt appointed White House cybersecurity coordinator

His Qualifications:
  • Chief Security Officer for eBay
  • Chief Security Officer for Microsoft
  • Chief Security Strategist for CERT.org
  • U.S. Military
  • Police Officer
  • FBI
  • Appointed by President Bush in 2001 as Vice Chair of the Critical Infrastructure Board and as special advisor for Cyberspace Security for the White House.
  • Howard Schmidt is also a CISSP and CISM.
  • Professor at Georgia Tech
  • Adjunct Distinguished Fellow at Carnegie Mellon
  • Distinguished Fellow at Ponemon Institute
  • Professor of Research Idaho State
  • President of the Information Security Forum.
His New Responsibilities:

Howard will be responsible for coordinating the cyber security initiatives set forth by the White House administration. Additionally, he will have regular access to President Obama and will be a key member of the Presidents National Security Staff.

In His Own Words:


President Obama's 10 Point Cyber Security Plan
For more see: http://www.bankinfosecurity.com/articles.php?art_id=1503
In May of 2009, President Obama laid out the following 10 Point Cyber Security Plan; The appointment of Howard Schmidt allows him to check off another initiative of the plan.

In his White House speech, Obama said he plans to:

  1. Appoint a cybersecurity policy official responsible for coordinating the nation's cybersecurity policies and activities; establish a strong National Security Council directorate, under the direction of the cybersecurity policy official dual-hatted to the NSC and the National Economic Council, to coordinate interagency development of cybersecurity-related strategy and policy.
  2. Sign off on an updated national strategy to secure the information and communications infrastructure. This strategy should include continued evaluation of Comprehensive National Cybersecurity Initiative activities and, where appropriate, build on its successes.
  3. Designate cybersecurity as one of his key management priorities and establish performance metrics.
  4. Designate a privacy and civil liberties official to the NSC cybersecurity directorate.
  5. Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priority cybersecurity-related issues identified during the policy-development process and formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurity-related activities across the federal government.
  6. Initiate a national public awareness and education campaign to promote cybersecurity.
  7. Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.
  8. Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement.
  9. In collaboration with other Executive Office of the President entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.
  10. Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the nation.

"The task I have described will not be easy," Obama said. "Some 1.5 billion people around the world are already online, and more are logging on every day. Groups and governments are sharpening their cyber capabilities. Protecting our prosperity and security in this globalized world is going to be a long, difficult struggle demanding patience and persistence over many years.

"But we need to remember: We're only at the beginning. The epochs of history are long - the Agricultural Revolution; the Industrial Revolution. By comparison, our Information Age is still in its infancy. We're only at Web 2.0. Now our virtual world is going viral. And we've only just begun to explore the next generation of technologies that will transform our lives in ways we can't even begin to imagine."

My Thoughts:


I am glad to see someone with the extensive 40 year background that Howard Schmidt has, just maybe more people will start to take IT security issues a bit more seriously. I wish him the best luck.

Julius

Reference:




Thursday, December 17, 2009

BDPA Supports S.T.E.M Initiatives

I think these commercials are so cool! Kudos to Time Warner for their Connect a Million Minds education campaign. The BDPA focuses on STEM education.

Support STEM Initiatives:

  • Science
  • Technology
  • Engineering
  • Mathmatics










Tuesday, December 15, 2009

My Take5! Interview with BETF Education Foundation

I would like to share with my blog followers my recent Take5! interview with BETF Education Foundation Executive Director, Wayne Hicks. Please connsider giving to the BETF to support our causes to narrorw the "Digital Divide" and becoming a member of the BDPA - Information Technology Thought Leaders!






Enjoy!

Julius

I must admit that I'm excited to see the the future evolution of the BDPA chapter in Charlotte, NC. The chapter is about to be energized by the youthful intensity and integrity of the incoming president --
Julius Clark

...Julius is part of the new generation of African American leadership that is beginning to take control of our BDPA chapters around the nation.

Julius participated in our Take Five interview series:


  1. How did you get involved in working with BDPA? - I am a native of Boston and first heard of BDPA while living there, but I never had the opportunity to attend a meeting. I built a good IT employment network in Boston and after moving to Charlotte in 1999 it was very important for me to establish my employment network in this city. In 2000 I discovered that BDPA had a Charlotte chapter. I attended my first BDPA Charlotte meeting and was delighted to be in the company of African American brothers and sisters who all shared a passion for Information Technology like I did. Being new to Charlotte I made sure I attended every monthly meeting. At that time Archie Lucy was president. He followed up with me each month after I had attended a few meetings, which made me feel very connected with the local BDPA organization. The board asked if I would like to talk to Johnson C. Smith College students about the Information Technology profession, and soon after that they asked me to become Coordinator for our High School Computer Competition program.
  2. What is the most rewarding aspect of working with BDPA? - Being able to help introduce high school students to the Information Technology field and mentoring adults in the field is the most rewarding. Since I graduated from high school, I always wanted to give back to the African American community in a huge way. The BDPA allows me to give back to my community with something I love; technology!
  3. Tell us about a defining moment in your life? - One defining life moment was when I received my BS in Electronic Engineering, with both of my parents in the audience; I was the first person in my family to earn a college degree.
  4. Who is your hero and why? - Besides my parents, Malcolm X became my hero. After reading the Autobiography of Malcolm X by Alex Haley at the age of 21, my perspective on my life and community changed; It’s like a light switch got turned on in my thinking and I instantly knew how to be a strong Black leader for my community.
  5. Any advice for people considering donation to BETF? - My advice is to give what you can afford, and just don’t allow it to only be monetary-- get involved with your local BDPA Chapter or the BETF and donate Thought Leadership to make it more personal and share your experience and excitement about our cause with others.



Julius is taking over a chapter that is the 15th largest in the nation. I suspect his leadership team will have BDPA Charlotte chapter in the Top 10 before long! What say u?



Wayne Hicks
BETF, Executive Director




Friday, December 4, 2009

Mac Security: How to Harden the Mac Operating System

Mac Security Recommendations





After my previous two blog posting about Macs having the most security vulnerabilities and Windows 7 being more secure than Apple's Snow Leopard OS for the Mac, I received requests for advice on how to secure the operating system. I compiled recommended security information that will help individuals harden their Mac OS, based on the level of security for their needs.

First thing, you must understand why we safeguard the operating system and where to find information on the most severe and common computer risks. After you become aware of the risks associated with your Information Technology, you then harden the system for your needs.

SANS Top 20 Internet Security Problems, Threats and Risks
The SANS Top 20 Internet Security Problems, Threats and Risks, lists the top 20 security vulnerabilities across a wide array of Information technology platforms.

Make your self familiar with vulnerabilities in the SANS Top 20. It contains vulnerabilities and their mitigating controls for the most widely used Information Technology.
For more go to: http://www.sans.org/top20/

Vulnerability Catagories:

Server-side Vulnerabilities in:
  • S1. Web Applications
  • S2. Windows Services
  • S3. Unix and Mac OS Services
  • S4. Backup SoftwareS5. Anti-virus Software
  • S6. Management Servers
  • S7. Database Software

Security Policy and Personnel:
  • H1. Excessive User Rights and Unauthorized Devices
  • H2. Phishing/Spear Phishing

Application Abuse:
  • A1. Instant Messaging
  • A2. Peer-to-Peer Programs

Network Devices:
  • N1. VoIP Servers and Phones

Zero Day Attacks:
  • Z1. Zero Day Attacks

Client-side Vulnerabilities in:
  • C1. Web Browsers
  • C2. Office Software
  • C3. Email Clients
  • C4. Media Players
The S3. section "UNIX/ MAc OS Services", addresses the countermeasures to safeguard the Mac OS.

S3. Section - UNIX/Mac OS Services

S3.1 Description

Most Unix/Linux systems include multiple standard services in their default installation. Mac OS X often suffers from the same vulnerabilities as Unix systems, since it is based on Unix. Unnecessary services should be disabled, and all servers facing open networks should be protected by a firewall.

For services which provide remote login and/or remote service, traffic cannot be simply blocked by firewalls. Buffer overflow vulnerabilities and flaws in authentication functions can often allow a vector for arbitrary code execution, sometimes with administrative privileges, so gathering vulnerability information and patching rapidly are very important. Every year, buffer overflow vulnerabilities in Unix/Linux services are found.

These services, even if fully patched, can be the cause of unintended compromises. Brute-force attacks against remote services such as SSH, FTP, and telnet are still the most common form of attack to compromise servers facing the Internet. Over the last couple of years a concerted effort has been made by attackers to recover passwords used by these applications via brute-force attacks. Increasingly worms and bots have brute-force password engines built into them. Systems with weak passwords for user accounts are actively and routinely compromised; often privilege escalations are used to gain further privileges, and rootkits installed to hide the compromise. It is important to remember that brute forcing passwords can be a used as a technique to compromise even a fully patched system.

Security-conscious administrators should use SSH or another encrypted protocol as their method of interactive remote access. If the version of SSH is current and it is fully patched, the service is generally assumed to be safe. However, regardless of whether it is up to date and patched SSH can still be compromised via brute-force password-guessing attacks. Use public key authentication mechanism for SSH to thwart such attacks. For the other interactive services, audit passwords to ensure they are of sufficient complexity to resist a brute-force attack.
Minimizing the number of running services on a host will also make it more secure. Many services have been used to further exploits.

The Most Exploited Mac Vulnerabilities of the Last 6 Months
SANS Top Cyber Security Risks, For more information go to:
http://www.sans.org/top-cyber-security-risks/

The graphic below highlights the SANS Top Risks and Vulnerabilities being exploited on Macs now!

SANS Top Cyber Security Risks
Attacks on Critical Apple Vulnerabilities (last 6 months)


How to Harden the Mac Operating System


Now that you understand the treats, risks and countermeasures needed to safeguard your Mac system, we go on to implement control changes based on the level of security you want for your needs. Read through the following Mac OS X Security Guides to determine the level of security rigor for your needs. Additionally, I included some links from other sites that offer other hardening tips and recommendations.


Mac OS X Security Configuration Guides - Taken from apple.com

The Security Configuration Guides provide an overview of features in Mac OS X that can be used to enhance security, known as hardening your computer.
The guides are designed to give instructions and recommendations for securing Mac OS X and for maintaining a secure computer.
To use these guides, you should be an experienced Mac OS X user, be familiar with the Mac OS X user interface, and have at least some experience using the Terminal application’s command-line interface. You should also be familiar with basic networking concepts.
Certain instructions in the guides are complex, and deviation could result in serious adverse effects on the computer and its security. The guides should only be used by experienced Mac OS X users, and any changes made to your settings should be thoroughly tested.

Mac OS X v10.5 (Leopard)

Mac OS X v10.4 (Tiger)

Mac OS X v10.3 (Panther)

Other Mac Hardening Reference Sites

National Security Agency (NSA) Mac Hardening Tips
University of Texas at Austin - Mac OS X Server Hardening Checklist
Corsaire Research provides the latest security intelligence
Macshadows - Advice on Mac System Harding
Sign Up For Mac Security notifications - Taken from apple.com

For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. Apple usually distributes information about security issues in its products through this site and the mailing list below.

Mailing list

The Security-Announce mailing list is provided to obtain product security information from Apple.
You can subscribe via http://lists.apple.com/mailman/listinfo/security-announce, also available via RSS.
Notifications developed by Apple are signed with the Apple Product Security PGP key. We encourage you to check the signature to ensure that the document was indeed written by our staff and has not been changed.

Updates

Check the Apple Security Updates page for released updates.

Finally


Hopefully you will find the security recommendations presented here helpful. My desire is to help ensure that you have pleasant computer and Internet experiences.

Enjoy,

Julius



Thursday, December 3, 2009

Windows 7 Has Better Security Than Apple's Mac Snow Leopard

Windows 7 Bests Snow Leopard Says Mac Hacker



An infamous white hat hacker after his penetration testing found that the Microsoft Windows 7 operating system has better security than Apple's Mac in overall operating system security.

Article:
http://news.softpedia.com/news/Windows-7-Bests-Snow-Leopard-Says-Mac-Hacker-121895.shtml

The improved Windows 7 security advantage has to do with a security approach called:

Address Space Layout Randomization (ASLR)

According to Wikipedia
http://en.wikipedia.org/wiki/Address_space_layout_randomization
ASLR has the following effect and benefits on security:


Benefits

Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. For example, attackers trying to executereturn-to-libc attacks must locate the code to be executed; while other attackers trying to execute shellcode injected on the stack have to first find the stack. In both cases, the related memory addresses are obscured from the attackers; these values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.

Effectiveness


Address space layout randomization relies on the low chance of an attacker guessing where randomly-placed areas are located; security is increased by increasing the search space. Thus, address space randomization is more effective when more entropy is present in the random offsets. Entropy is increased by either raising the amount of virtual memory area space the randomization occurs over, or reducing the period the randomization occurs over; the period is typically implemented as small as possible, so most systems must increase VMA space randomization.

This methodology is known as Entropy, which basically means the multiple way that you can rearrange something. Its a good security measure to employ because memory space is constantly rearranged. Malicious code and hackers often take advantage of certain flaws in software which must reside in the same static memory space.

This is sure to shake many Mac owners up who confuse better Mac Performance with better Mac Security as well. It's Apples and Oranges; performance does not mean security!

Enjoy!

Julius


Fact Check: Apple's Mac Operating System has the Most Security Vulnerabilities


"Hey, I'm a Mac...and I have the Most Vulnerability Risks!"



You see the brilliant marketing of Mac computers by Apple, but most people are surprised and shocked to learn that Apple's Mac operating system has the most security vulnerabilities disclosed; they have had the most vulnerability discloses for the last 3 years. The commercials tout the Apple Mac as the worry free computer, but with more security vulnerabilities than Windows, which someone can take advantage of and steal control of your computer.

According to IBM's 2008 XForce Risk & Trends report, Apple's Mac Server and Mac OS products top the list as the most vulnerable OS. Microsoft's operating systems don't appear until 5th place after Linux and the Sun OS.

TOP 10 Most Vulnerable Operating Systems



Now it’s true that Microsoft's Windows operating systems have more individuals targeting it to do a bad things, which is due to Windows products running on over 80% of the worlds computers; it's basically similar to having more robbers determined to rob you than your friend, but your friend has more weaknesses. Apple's Mac operating systems have about 3X more disclosed attack weaknesses than all the variations of currently supported Microsoft Windows products.

Keeping them honest!

Complete 2008 IBM XForce Security report
http://docs.bankinfosecurity.com/files/whitepapers/pdf/255_ibm_xforce_report.pdf

Enjoy,

Julius Clark


Monday, November 16, 2009

My First IT Security Aritcle Published: Was Harriet Tubman a CISSP?

The National Society of Black Engineers (NSBE), in their November 2009 issue of the Alumni Arsenal published my February 2009 blog:

Was Harriet Tubman a CISSP?

I am extremely excited and motivated to write more articles now. I originally wrote the blog because of my passion for Information Security, The prestigious Certified Information Systems Security Professional Certification (CISSP) that I hold and for my deep admiration and respect of the accomplishments of the Freedom Fighter Harriet Tubman. I wanted to combine these three areas to motivate and influence more African Americans to pursue careers in Information Security. I felt that if I could demonstrate how Important Information Security was to the African American experience for freedom, then more students regardless of their background or race would be interested in becoming an Information Security Professional.

So click on the cover or the link at the bottom and take a look. I still can't believe that I have original work in print.

Check out my blog article on the front cover! I am so excited!



Enjoy,

Julius Clark, MBA, MSIS, CISSP, CISA
Information Security Professional

In addition, if you are new to the IT Security field, or have no experience and want to change your career consult with me at:


M69RCC7BKYKC




Friday, October 23, 2009

Finally, A Useful Update for the LinkedIn IPhone App

IPhone LinkedIn App Update v1.5



The LinkedIn IPhone Application has been upgraded with a more usable Inbox, with the robust features we are used to having in the full browswer version!

Summary of new features:
  1. Easy to Browse Network Updates.
  2. Pictures associated with your connections.
  3. Search the connections you have and search by keywords.
  4. Status Update.
  5. Last but not least, you can conveniently use the Inbox and Send box to get to messages with pictures associated with them.
Enjoy,

Julius






, , , , ,

Thursday, October 22, 2009

Blogging: Who, What, When, Where, Why and How


Many people still don't understand the blogging revolution. So let me lend my thought leadership on the issue to those that follow my blog.

Blogger Audience
People Think of things and Needs.
People Google search on Things and Needs.
People inspect the Google search results retrieved.

The Blogger
If you have hot ideas, products, Services, talent or skills, and you love to share information, then blog! Your blog could appear in the Google search results of the People who search for things and needs.

Below are a some excellent videos I found on Youtube that uniquely describe what a blog is, and what RSS feeds do. They were created by Lee Lefever of Commoncraft.com. Additionally, I added another one of their of videos titled RSS in Plain English. Hopefully they will those who are new to blogging understand the Who, What, When, Where, Why and How about them.

Explaining Blogs in Plain English



Explaining RSS in Plain English



Enjoy,

Julius




Sunday, October 18, 2009

Your tax dollars at work: Information Security For Small Business


The National Institute of Standards and Technology (NIST), along with the U.S. Department of  Commerce recently released a video for Small Business titled:


Information Technology Security For Small Business








I recently presented an online webinar based on the video above and the following NIST Security Guidelines:

Small Business Information Security : The Fundamentals (Security Guide for Small Business)
http://csrc.nist.gov/publications/drafts/ir-7621/draft-nistir-7621.pdf
 

According to the U.S. Department of Commerce, there are over 26 Million small businesses in the U.S. The reasoning why small business is considered a Critical Infrastructure Asset for America, which must be protected from Cyber Threats.

Please share this information with individuals and small business owners you know.

Enjoy,

Julius, MBA, CISSP, CISA




Friday, October 16, 2009

Stop Losing Perfectly Good Email To The Junk Mail Folder!



When is the last time you inspected your junk mail folder? Junk mail filters are great Information Security tools to keep spam and other unwanted emails out of your main email Inbox; junk email filters are not intelligent, you will need to peep into your junk mail folder often to find important emails that you may need to reply to. I recently looked in my Outlook Junk Mail folder and found lots of valid emails, that I needed to see. The lesson I learned was to view my junk email folder more often, and do create rules for the type of emails that my junk email filter grabbed. I would bet that many people just forget about the junk email folder and never view its contents. When is the last time you viewed your junk email folder?

 Email Filter & Rules Tips!
  1. View your junk email folder often; I will now view mine everyday.
  2. When you find good email in your junk email folder, adjust your junk email filters to prevent emails sent from that person, domain (@microsoft.com) or catagory from being dumped into your junk email folder.
  3. Gain email Inbox efficiency and organization by creating email rules that automatically move the email types mentioned above into folders, which would assit in finding emails quicker. 
Enjoy,

Julius




, , , , , ,

Tuesday, October 13, 2009

Information Security For Small Business

 The following is a SlideShare I first presented via a live online webinar for the Orlando, FL chapter of the BDPA.

"IT INCLUDES VIDEO ON SMALL BUSINESS SECURITY BY NIST SECURITY PROFESSIONALS AT THE END OF PRESENTATION!

If you are a small business with need of Information Security knowledge. Review this presentation and if you need help protecting your critical systems or data contact me.

Enjoy,

Julius Clark

Information Security for Small Business

Tuesday, October 6, 2009

The Unemployed Information Security Professional: How To Keep Your Skills Sharp






Former Chairman of the U.S. Federal Reserve, Alan Greenspan, yesterday when asked for a statement regarding the recovery of the nation's economy said; "expect unemployment to reach 10 percent and hover there for awhile."




He said this is of concern because the longer people are unemployed, they start to loose their job skills. To help Information Security professionals who are unemployed retain their skills I suggest the following:


10 Things for the Unemployed Information Technology Security Professional to Do To Stay Competitive When Between Jobs

  1. Review all of the IT Security Information you can for Microsoft's new Windows 7 .Operating System; you will be ahead of most security professionals in this area if you do.
  2. Refresh your knowledge of the SANS TOP 20 vulnerabilities; the most critical of IT Security vulnerabilities.
  3. Refresh your knowledge of NIST.gov IT Security Control Guidelines; in-depth information about security controls and countermeasures; most company's use some adaptation of NIST security guidelines.
  4. Review CCCure.org's FREE security training videos and test quizzes; can't believe this resource is free! Incrdible!
  5. Studying for a highly sought after Information Security Certification; gaining a cert will help market yourself to prospective employers.
  6. View free online IT Security Webinars; easy way to get cutting edge training.
  7. Become a speaker for other professional organizations on IT Security topics.
  8. Participate in LinkedIn Group discussions and answer questions related to IT Security; become an IT Security Thought Leader!
  9. Volunteer on an IT Security organization's Board and/ or volunteer your time teaching Computer/ Internet Security to schools or non-profit agencies; great networking opportunities.
  10. Take advantage of the time and consider creating a business plan and start an IT Security consultancy; market your services to local businesses or non-profits who normally don't have access to expert security professionals.
Best of luck,


Julius Clark, MBA, CISSP, CISA








, , ,

Tuesday, September 29, 2009

Anatomy of A Failed Nigerian Email Fraud Scam







On Monday, September 28, 2009, I received an email from what first appeared to be a prospective client responding to my Craigslist.com ad for IT Services. It did not take long for me to verify that the individual on the other end was an Internet Cyber Criminal attempting to commit fraud, and decided that I would be their next careless victim. So to educate the public and to have a little fun, I put on my Information Security Professional hat and played along so I could write a really cool Clark Thought Leadership blog on Email Frauds and Scams.


Anatomy of A Failed Nigerian Email Fraud Scam

  Clark Thought Leadership Security Work Blog


9/28/2009 10:00 PM

Information Security Professional receives email solicitation from an individual responding to a Craigslist.com ad for IT Services. Information Security Professional performed screen captures of all email correspondence with solicitor to be used as evidence and saved in this blog. See below.

(To enlarge, click on image)





9/28/2009 10:02 PM

Information Security Professional performed a Google search of the following line contained in the solicitor's email: 
"I got your contact On Craigslist.org and i was just checking if you will be available to repair and install some applications"


Information Security Professional saved the information obtained by the Google search in a screen capture and saved as evidence in the blog. See below.

(To enlarge, click on image)


Information Security Professional inspected the web page of the first link retrieved in the Google search:

  • http://www.blackgate.net/blog/scam-warning-computer-repairer-installer-needed/.

 Information Security Professional observed that the web page link was a blog called Black Vituperative with an article titled:

  • Scam warning: “Computer Repairer & Installer Needed”.
After Inspection of the web link mentioned above, Information Security Professional determined that web link was a blog article warning about a particular type of email scam. Additionally, Information Security Professional concluded that the sentences from the inspected web page and the information in the email received by the solicitor matched and contained similar information.



9/28/2009 10:06 PM

Information Security Professional responds to solicitor's email.



9/29/2009 10:08 PM

Information Security Professional receives reply from solicitor. Information Security Professional inspected the email and determined that the solicitor replied using an email address, which was different from their initial email solicitation. See below.

(To enlarge, click on image)





9/28/2009 10:20 PM

Information Security Professional replied to solicitor in an attempt to have them visit the Clark Leadership Blog, which could be used as a detective control to potentially determine the solicitor's true location.

Note: The Clark Thought Leadership blog uses the StatCounter.com service to track Internet visitor statistics. The data stored on StatCounter.com is secure from unauthorized access. See below.

(To enlarge, click on image)






9/28/2009 10:25 PM

Internet Security Professional receives reply from solicitor acknowledging that they visited the Clark Thought Leadership blog. See below.


(To enlarge, click on image)


9/28/2009 10:21 PM

Information Security Professional replied back to solicitor quoting a price for their service request.



9/28/2009 10:35 PM

Information Security Professional receives reply from solicitor agreeing to the quoted price. See below.


9/28/2009 10:21 PM

Information Security Professional logged in to the StatCounter.com dashboard page to inspect the tracking information for the Clark Thought Leadership blog. Information Security Professional performed screen captures of the StatCounter logs and saved them to the blog as evidence. See below.

(To enlarge, click on image)
StatCounter Image 1


(To enlarge, click on image)
StatCounter Image 2


(To enlarge, click on image)
StatCounter Image 3




Information Security Professional created a table called Visitor Analysis and placed the StatCounter data into it. See below.


Visitor Analysis
Date
September 29, 2009
Time
10:21 PM
IP Address
41.189.0.139
Continent
Africa
Country
Nigeria
Region
Lagos
City
Lagos
ISP
Swift Networks Ltd.
Visitor Path
Julius-clark.blogspot.com


Information Security Professional created a table called Visitor System Specifications and placed the StatCounter data into it. See below.



Visitor System Specifications
Browser
Firefox 3.5
Operating System
Microsoft Windows XP
Monitor Resolution
1024 x768
Javascript
Enabled

  9/28/2009 10:40 PM

Information Security Professional received reply from solicitor agreeing to the price quoted. Additionally, the solicitor requested that my personal information was needed to send a Certified Check to me. See Below.

(To enlarge, click on image)



After Inspection of all the information contained in table above, Information Security Professional determined that the solicitor gave false information in the email about their location being in Panama City, Panama. Inspection by Information Security Professional determined that solicitor was operating from within the city of Lagos, Nigeria, which is located on the continent of Africa.


9/29/2009 2:56 PM

Information Security Professional performed a search of the Arin.net Who Is search database and performed a screen capture and saved it to the blog as evidence. See below.

(To enlarge, click on image)



Information Security Professional created a table of the Who Is data and the information for the scope of this blog into a table. See below.

ARNT.net Who IS Data of Email Solicitor
Domain
Afrinic.net
Registration Date
April 12, 2005
Registration Last Updated
May 5, 2009
Address 1
03B3 3rd Floor Ebene Cyber Tower
Address 2
Cyber City
City
Ebene/ Mauritius
Phone Number
+230 4666616
Email to Report Abuse
abusepoc@afrinic.net


Findings

After inspection of the evidence from above, Information Security Professional has determined that the solicitor is an Internet Cyber Criminal, who was attempting to commit a fraud for monetary gain. Information reported in this blog article will be reported to the proper legal authorities.



9/29/2009

Internet Security Professional reported the attempted criminal activity to the Internet Cyber Crime Center (IC3). IC3 is a partnership between the Federal Bureau of Investigations (FBI) and White Collar Crime Center (NW3C).


Note: IC3 was established as a partnership between the NW3C to serve as a means to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate.


(To enlarge, click on image)

Enjoy,

Julius, MBA, MSIS, CISSP, CISA

Thanks to my boy Lawrence Belton, CISSP, for providing some Thought Leadership for this blog article!


Below is the email sent by solicitor in ASCII format



Greetings,

I got your contact On Craigslist.org and i was just checking if you
will be available to repair and install some applications on(13) PC ..
Get back to me for details if you'll be available.As soon as possible.


Thanks.


Kind Regards.




++++++++++++++++++++++++++++++++++++++++++++++++++++





Hello ,




How you doing?  


I read your description and i am highly impressed in your services,I have some Hp PCs(Intel Pentium IV) since we currently have a major breakdown on most of our systems and I thought it was best to have a general upgrade and maintenance.(I will be providing the software needed).Below are the things needed to be done one on each laptops:


1 Format Hard Drive
2 Install Win Xp with Service Pack 2
3 Microsoft Office Package
4 AVG Virus Software (Free Lifetime Updates)
5 Adobe Acrobat
6 Laptop Cleaning of the keyboard, screen and other case.
7 Diagnostics of the entire system after to check hard, CD Rom, floppy, etc.


I will like You to know that my mode of payment is by US certified check mailed and address to you from my employer company since I am presently on a business workshop in Panama city,South American and i want you to know that i will handle the shipment myself since i have a shipper from the state here that will bring the laptops to your place,and will come pick them up as soon as you are done with them.


I should have make this a phone order but i have a network problem of where i am and my shipper will be coming with the necessary Software for the installations of the Computers with both the Operating System,Microsoft Office and the Anti-virus for each computers .


However,get back to me with your last asking price for the 11 laptops. I await your urgent response so that i can put the arrangement in order.


Thanks and hope to read from you soon.

Get Expert Advice!