Fiat, It’s What’s For Dinner

Disclaimer: this post is not about a political party but about something much bigger.

It seems the White House is not satisfied with the defeat of SOPA and PIPA:

There Is No Need For A Cybersecurity Executive Order

Since the collapse of the Congressional attempt to pass the Cybersecurity Act of 2012 there has been mounting pressure for the Obama Administration to “do something”, that something being the imposition of a regulatory regime to protect critical infrastructure. But the Cybersecurity Act of 2012 failed because it was fatally flawed.

On Friday, Federal News Radio reported that they had obtained a copy of a proposed Executive Order that would attempt, through executive fiat – as Steve Bucci at the Heritage Foundation terms it– to impose most of the measures called for by Senators Lieberman and Collins.

Bucci raises an important point:

“[Regulation] is exactly the wrong approach for dealing with a fast-moving and incredibly dynamic field like cybersecurity. Give hackers—whether working for themselves or for another nation-state—a static standard, and they will waltz around it and have their way with the target entity.”

Congress has gone through several dozen cybersecurity bills in the last three years, not to mention the failed attempt to pass a data breach law which dates back to 2005. Even as they revise and re-write, there have been dramatic changes in the defensive posture of our critical infrastructure providers. Effective changes.

Let’s look at the proposed Executive Order as revealed by Federal news Radio. There are ten sections of the draft. Most of them call for nebulous voluntary information sharing or requirements that DHS create frameworks within three months. I can just see the scramble that will occur, and the watered down frameworks that will result, after multiple extensions to the due date are granted.

Read the rest here

I have many thoughts about this issue. I’ll spare you most of them. But I will say that it’s interesting how there is no hue and cry from the mainstream press over this potentially far reaching access to private information, and especially when I consider the righteous indignation exhibited when the Bush administration obtained phone records without a narrowly defined court order.

And for the record (again), I have not been a fan of the Homeland Security Act from its beginning. Sadly, Homeland will probably surf my site since I’ve said this, and it wouldn’t be the first time. Shaking my head as I write this because I know others who have experienced the same but feel skittish to talk about it. What the hell is our country coming to?

Tangent: It’s Always Something — Damn DNS Changer

Have you heard about the possible Internet outage for a chunk of folks come Monday morning? You haven’t? Well, it seems the FBI busted some hackers for creating rogue DNS servers, and they have been allowing the servers to run so that a large number of people who are affected could clean up their systems. For the uninitiated, DNS servers are the machines that allow you to access the Internet, and your system may be pointing to a rogue server instead of your ISP’s server, which means on Monday when the rogue servers are gone, your access to the Internet could be gone. Hopefully that’s as technical as I’m going to get since I want you awake for the rest of the post.

So you’re thinking, “I don’t want to be without Internet service on Monday. What do I do? What do I do? What DO I do?!” I’m so glad you asked because I’m going to tell you, and maybe this will get a wee bit more technical. But first, relax. The problem doesn’t affect as many people as the news bulletins imply. There now you can read the rest of this without panic.

The group working with the FBI to provide technical assistance has created help pages. Instructions for checking your system are here. Please note the page is not always reliable. It’s better to check your server addresses manually. Scroll down on the link to find instructions for your particular operating system. And as far as fixing the problem if you have it? The same group has provided some resources. My advice? Use Kaspersky. I’ve used all the other software companies for general coverage and specific fixes, and they’re not nearly as good. I’m being kind here. If I were really going to tell you what I think, I would say, “DON’T ever use Norton or McAfee for anything ’cause they suck, and if you already use them, uh, you’re not that protected. Do you know how many systems I’ve worked on that were messed up by a false sense of security about those softwares?!! And also be leery of MSE (Microsoft Security Essentials) simply because Microsoft shouldn’t have that much power.” But I’m being nice, so I won’t say that. I’ll only say that I’ve tried all of the others and found Kaspersky to be the most consistent in protection. And if you’ve ever had a system infected, you know what a pain in the ass it is, and you usually have to come to someone like me who messes with it and hopefully puts it back to normal for a fee more than the Kaspersky software costs. Note: back up your files before you start any of this. I shouldn’t have to say this, but it’s surprising how many people don’t do it as a matter of routine.

And frankly, I just like Eugene Kaspersky. It’s my infernal gut dictating this. Yes, I admit it. I like the guy, and Euguene, you should keep the long hair!
[click for his Twitter profile]