Sub Rosa

Monitter.com

2009-06-09T19:52:00.001-07:00

Combine the word Monitor with the social networking tool Twitter and you have Monitter.com. This simple-to-use website allows you to customize Twitter searches by keyword and location and save your searches as RSS feeds to have the data emailed or texted to you instantly.

Start off with searches for your company name or a new product or event and monitor twitter for threats, disgruntle employees and internal leaks.

It is interesting to note how many people actually post on Twitter about events that have an OPSEC significance.

http://www.monitter.com

Do You PGP?

2009-03-01T18:50:00.000-08:00

Pretty Good Privacy
http://en.wikipedia.org/wiki/Pretty_Good_Privacy

PGP Corporation
http://www.pgp.com/

International PGP Home Page
http://www.pgpi.org/

GNU Privacy Guard (GnuPG)
http://www.gnupg.org/

Can you crack the FBI's Cipher?

2009-01-04T13:39:00.000-08:00

The FBI has posted a new cipher for you to try your hand at cryptanalysis.

http://www.fbi.gov/page2/dec08/code_122908.html

It's actually pretty easy, but still fun for those of us who enjoy such things.

Free Vulnerability Assessment Software

2008-11-19T16:02:00.000-08:00

The Department of Energy Lawrence Berkeley National Laboratory (LBNL) offers resources for the emergency Services Sector (ESS), including one of interest to emergency managers and personnel tasked to reduce the likelihood of chemical, biological, and radiological (CBR) attacks against buildings and mitigate the severity of such attacks against their occupants. The information emergency personnel and building managers need to determine key vulnerabilities and implement mitigation strategies for buildings often is targeted to technical consultants and design professionals. LBNL has developed the Building Vulnerability Assessment and Mitigation Program (BVAMP), a free software tool to improve emergency preparedness, plan shelter-in-place responses, restrict access to building systems and information, and develop building system control protocols for use during a deliberate CBR release. The BVAMP tool is a series of yes/no questions about four aspects of a building's vulnerability—emergency response plan, building access, heating, ventilating, and air conditioning (HVAC) systems, and HVAC controls—appropriate for small- to medium-sized releases such as those that would be expected from a terrorist attack. After the questions in each section are answered, BVAMP assembles an advice report. Included with the BVAMP tool are a building vulnerability assessment walk-through questionnaire and a list of the questions used in the tool itself. Article found on the IAFC Homeland Protection & Security Weekly Newsletter Analyst Note: To examine the BVAMP tool, go to http://securebuildings.lbl.gov/BVAMP.html and select "Buildings" under VulnerabilityAssessment.

"2A Today for The USA"

2008-10-24T14:27:00.001-07:00

"2A Today for The USA" - JPFO Video (23 minutes)

A great video on the 2nd Amendment

http://www.jpfo.org/filegen-a-m/2a-today-download.htm

This website offers numerous options for viewing or downloading this free video.

Bird Flu Preparedness eCourse

2008-10-24T11:14:00.001-07:00

Bird Flu Preparedness eCourse Certification Program Opens to Public -- Bird Flu Manual Online, the world's foremost online reference and resource mine designed specifically to help businesses prepare for a pandemic outbreak of Bird Flu, has recently made freely available to the public their Pandemic Preparedness eCourse Certification Program.

>> http://www.prweb.com/releases/2008/10/prweb1492844.htm <<

>> http://www.birdflu-manual.com/ <<

Disaster Preparedness

2008-10-21T10:52:00.000-07:00

FREE ON-LINE TRAINING

IS-22 Are You Ready? An In-depth Guide to Citizen Preparedness
http://training.fema.gov/EMIWeb/IS/is22.aspThe "Are You Ready? An In-Depth Guide to Citizen Preparedness" has been designed to help the citizens of this nation learn how to protect themselves and their families against all types of hazards. It can be used as a reference source or as a step-by-step manual. The focus of the content is on how to develop, practice, and maintain emergency plans that reflect what must be done before, during, and after a disaster to protect people and their property. Also included is information on how to assemble a disaster supplies kit that contains the food, water, and other supplies in sufficient quantity for individuals and their families to survive.

IS-55 Household Hazardous Materials - A Guide for Citizens
http://training.fema.gov/EMIWeb/IS/is55.aspThis course was designed for the general public. The course will introduce you to household hazardous materials and things you can do to protect yourself and your family from injury or death. In the 1st unit, you will learn about basic chemical and physical properties, the ways chemicals enter your body, and the effects chemicals have on your body. In the 2nd and 3rd units, you will learn about cleaning products, lead, mercury, gasoline, compressed gases, carbon monoxide, medical supplies, chlorine, pesticides, and much more. In the last two units, you will cover labels, personal protective equipment, proper disposal methods, preventive measures to take before natural disasters, and less toxic alternatives. Dangers from chemical products depend greatly on the individuals using them. Chemicals are safe to use when people read the directions and use them correctly. This course is available on-line as an interactive web-based course. It will take 1 to 3 hours to complete all the units and take the final exam. There are several interactive activities throughout the course. These activities are optional and not content based, however, you are encouraged to view them, as they will reinforce content learned.

IS-394.A Protecting Your Home or Small Business From Disaster
http://training.fema.gov/EMIWeb/IS/IS394A.aspThe purpose of this course is to provide a foundation of knowledge that will enable participants to: Describe different types of natural disastersDescribe hazards that pose a risk to their home or small businessExplain how protective measures can reduce or eliminate long-term risks to their home and personal property from hazards and their effectsExplain how protective measures for small businesses secure people, business property, and building structures and prevent business loss from a natural disaster.

REFERENCES TO DOWNLOAD

American Red Cross (Bay Area) - Disaster Preparedness Videohttp://www.redcrossbayarea.org/preparedness/stream.htm
Disaster can strike quickly, anytime day or night—and often without warning. It can separate you from your loved ones, force you to evacuate, or confine you to your home. With a disaster plan, supplies, and safety training, you will be ready to take care of yourself and your family. The American Red Cross Bay Area Chapter, in conjunction with the Alameda Fire Department, and Alameda Power and Telecom, produced this 19-minute video about disaster preparedness. Watch it and learn the American Red Cross' three basic steps to disaster preparedness: Make a Plan, Get a Kit, and Be Informed & Get Trained. (Can be downloaded as a QuickTime Video 54.9MB)

Delaware Citizen Corps has produced a five part video series on disaster preparedness for the State of Delaware.http://www.delawarecitizencorps.org/videos

Mountain House http://www.mountainhouse.com/emg_info.cfm

Oak Ridge National Laboratory - Chemical Stockpile Emergency Preparedness Programhttp://emc.ornl.gov/CSEPPweb/CSEPPTraining.html

Seattle Disaster Preparedness Training Videohttp://www.iriseducation.org/disasterprep/

Washington Military Department - Emergency Resource Guide
http://www.doh.wa.gov/phepr/handbook.htm

http://www.doh.wa.gov/phepr/handbook/hbk_pdf/EmerRes08.pdf

Free On-line Security Training

2008-10-19T21:53:00.000-07:00

For those of us interested in disaster preparedness and developing a better security awareness, the following on-line courses are an excellent resource. Each of these courses is free and open to the public.

Prevention and Deterrence of Terrorist Acts (1.5 hours)
URL: http://www.ncbrt.lsu.edu/elearn
As the threat of terrorism has increased and evolved, the United States government has expanded its support for initiatives to prepare first preventers to prevent and deter terrorist incidents involving weapons of mass destruction, to include chemical agents, biological agents, radiological or nuclear materials, and explosives (CBRNE). This online training course provides the participant with an awareness for preventing and deterring potential acts of terrorism through vigilance, observation, and reporting suspicious indicators or terrorist acts. The U.S. Department of Homeland Security is supporting several major initiatives to prevent and/or deter terrorist incidents. This course is one of those initiatives and was developed in a collaborative effort by the National Domestic Preparedness Consortium.

Are You Ready? An In-depth Guide to Citizen Preparedness FEMA/EMI Course IS-22
URL: http://training.fema.gov/EMIWeb/IS/is22.asp
The "Are You Ready? An In-Depth Guide to Citizen Preparedness" has been designed to help the citizens of this nation learn how to protect themselves and their families against all types of hazards. It can be used as a reference source or as a step-by-step manual. The focus of the content is on how to develop, practice, and maintain emergency plans that reflect what must be done before, during, and after a disaster to protect people and their property. Also included is information on how to assemble a disaster supplies kit that contains the food, water, and other supplies in sufficient quantity for individuals and their families to survive.

Protecting Your Home or Small Business From Disaster - IS-394.A (2-hours)
URL: http://training.fema.gov/EMIWeb/IS/IS394A.asp
The primary audience for IS-394.A, like its predecessor, is small business owners, homeowners, and individual citizens. It is presented in a non-technical format and includes protective measures that can reduce the negative consequences of disasters on homes or small businesses.
• Lesson 1. Overview: Protecting Against Disasters
• Lesson 2. Protecting Against Water Damage
• Lesson 3. Protecting Against Wind Damage
• Lesson 4. Protecting Against Wildfires
• Lesson 5. Protecting Against Earthquake Damage

Information Security In The Workplace
URL: http://www.infragardawareness.com/index.php
Our free security awareness course will not only teach you how easy it is to help make your workplace more secure, it will also teach you the vital skills to protect yourself and your family from cybercrime and identity theft. The course is free to all individuals and small businesses. And when you have completed the course, you can also be amongst the first in the nation to earn your “Certificate In Information Security Awareness In the Workplace” – an invaluable addition to any resume that will be welcomed by security conscious employers.

Information Assurance Awareness – Shorts (1-hour, 45-minutes total)
URL: http://iase.disa.mil/eta/ia-awareness-shortsv2/INFOSEC_Shorts/launchPage.htm
Telework (15-minutes)
Insider Threat (15-minutes)
Wireless (15-minutes)
Passwords (20-minutes)
Peer to Peer (20-minutes)
Social Engineering (20-minutes)

Phishing Awareness (15-minutes)
URL: http://iase.disa.mil/eta/phishing/Phishing/launchPage.htm

Microsoft Office Basic Security (20 – 30 minutes)
URL: http://office.microsoft.com/training/training.aspx?AssetID=RC010425851033&ofcresset=1

Learn about security fundamentals in Microsoft Office programs and what you can do to help protect your computer and documents. Find out about digital signatures, some basic information about macros and viruses, and how to create strong passwords to help protect your documents.

National Institute of Health Information Security & Privacy Awareness Training
URL: http://irtsectraining.nih.gov/
• Computer Security Awareness Course (30-60 minutes)
• Securing Remote Computers (30-60 minutes)
• Privacy Awareness Course (30-60 minutes)

Book Review: "Schneier of Security"

2008-10-18T21:15:00.000-07:00

Schneier on Security -- by Bruce Schneier (Link to Amazon.Com)

Being a fan of Bruce Schneier's other books, I looked forward to his latest work "Schneier On Security", and certainly was not disappointed, although I found that I had read some sections of the book previously.

"Schneier On Security" consist of a compilation of articles published by Mr. Schneier from 2002 through the summer of 2008. If you regularly read Crypto-Gram and Wired Magazine you will be familiar with some sections of this book. Articles published in other magazines and newspapers, and reprinted in this book, I had not previously read and enjoyed the opportunity to read them now.

As with all of Mr. Schneier's writings, the articles in the book are thought provoking yet at the same time easy to read.

The book is divided into 12 chapters, followed by a large list of web-sites providing additional information and references.

The chapters are:
Introduction
1 - Terrorism and Security
2 - National Security Policy
3 - Airline Travel
4 - Privacy and Surveillance
5 - ID Cards and Security
6 - Election Security
7 - Security and Disasters
8 - Economics of Security
9 - Psychology of Security
10 - Business of Security
11 - Cybercrime and Cyberwar
12 - Computer and Information Security
References
Index

Each chapter consists of a few previously published articles related to the chapter topic.

Well written, thought provoking, and an opportunity to get several of Mr. Schneier's articles collected into a single volume.

+ + + + + + + + + + +
From the Inside Flap

You take off your shoes in the airport. You scan the supermarket's "preferred customer" card to get the sale price. You claw your way through tamper-resistant packaging for a couple of aspirin. You accept all these inconveniences in the name of security.

But are you any safer?

Bruce Schneier, arguably the world's foremost authority on computer security, has explored security issues ranging from protecting your password to illegal wiretapping.

This collection of Schneier's best op-ed pieces, columns, and blog posts goes beyond technology, offering his insight into everything from the risk of identity theft (vastly overrated) to the long-range security threat of unchecked presidential power and the surprisingly simple way to tamper-proof elections.

You'll discover:
- Why data mining will never protect us from terrorists
- How your stone-age brain affects what you fear and what security measures you accept
- Why computer security is fundamentally an economic problem
- Whether you can really trust a Trusted Traveler
- If sacrificing your privacy has made you more secure
- Why refusing driver's licenses to illegal immigrants actually reduces security
- The industry power struggle over controlling your computer
- Why we overestimate some risks and underestimate others
- Why national ID cards won't make us safer, only poorer
. . . and much more

This book will challenge your illusions of security at every level.

Think it's okay to give up your privacy if you're doing nothing wrong? What happens when "wrong" gets redefined? How much power over your personal life are you willing to concede to the person you least want to see as president? What's the acceptable trade-off between security and convenience?

In this ruthless, comprehensive, and thought-provoking analysis, Schneier shows us what we should be worrying about and how to get our national fingers off the panic button.

Omziff (Version 3.2)

2008-10-17T21:44:00.000-07:00

Omziff v. 3.2 is a straightforward encryption utility that uses various cryptographic algorithms to encrypt and decrypt textual files. These algorithms include: Blowfish, Cast128, Gost, IDEA, Misty1, AES/Rijndael, and Twofish.

Omziff also generates random passwords, splits files, and does simple file shredding according to DOD Standards.

Omziff contains a decoy file generator; good for creating a directory full of useless files to obfuscate a hidden, sensitive file, and a cryptographically secure random number generator, which creates secure random numbers with irreproducible patterns.

It is freeware, comes in a standalone executable file with no dependencies and is completely USB compatible!

URL: http://www.xtort.net/xtort-software/omziff/

What Is Sub Rosa?

2008-10-15T21:22:00.000-07:00

(sub rosa – confidentially; secretly; privately. from the Latin: sub rosa lit., under the rose, from the ancient use of the rose at meetings as a symbol of the sworn confidence of the participants.)

Sub rosa comes from the Latin, literally "under the rose," from the ancient association of the rose with confidentiality, the origin of which traces to a famous story in which Cupid gave Harpocrates, the god of silence, a rose to bribe him not to betray the confidence of Venus. Hence the ceilings of Roman banquet-rooms were decorated with roses to remind guests that what was spoken there was sub rosa.

In the case of this blog, Sub Rosa is the continuation of my old "Sub Rosa Newsletter". From time to time over the years I have published an e-mail newsletter wherein I offered summaries, analysis, insights, and commentaries on counterintelligence, security, investigations, and related issues. This blog replaces the newsletter and allows me to offer information as it becomes available. I invite everyone who read Sub Rosa in the past to now join us here on-line.