Michael Bissell
  • Twitter
  • LinkedIn
  • Contact me

Ecosystem of Breaches -- Devices and Hardware

2020-08-05 17:00:00

To access the data through the services over a network consumed by a UI we have to run all of this on devices, we're talking hardware, we're talking about a lot of stuff to control. I'm not going to talk about the backend hardware, the servers. I'm just going to talk about the devices that the human beings interact with directly.

For starters, in this day and age with so many people working from hime, we're using a lot of stuff at home that maybe we shouldn't be. We're sharing devices, maybe a desktop computer, maybe tablets…. It's not just limited to the fact that we may have multiple users on the same physical piece of hardware, we're also relying on family members and remote workers help us manage that hardware, which means we're letting other people onto those systems to help us.

Something else to consider is that if we're using mobile devices, things like phones and tablets, we have to remember than pretty much anything we buy from a phone company is going to be configured to use their settings, whether you're on your own wireless or not. A lot of times that data is taking a route that you aren't aware of. A lot of times the name resolution is handled entirely by that telco.

While we haven't seen a lot of attacks through this but it is rather terrifying to think that all you have to do is get into the name resolution of one of the major mobile carriers and you will have an awful lot of control over an awful lot of people.

And while I continue to stress the Internet of Things, IoT is hardware that is interacting with other hardware and provides a way into your data systems. We should understand, and be able to limit, what these devices are talking to, what networks they're running on (did my lightbulbs set up a mesh network that I'm not aware of?), what addresses they're using and what they are talking to.

We often don't isolate things in the enterprise like printers or network devices let alone the baby monitors, smart TVs, smart speakers and lightbulbs at home. These are things that we need to consider as devices that are running things and connecting to other things and are part of our infrastructure even if it's way in the back of our minds.

Obviously when we talk about device management we have to consider the basics, things like virus and malware protection and intrusion control. But again, in this age of huge numbers of people working from home we work on a lot of devices that may not be managed by the corporation in the old stack sense.

But then, there are a lot of reasons that we don't want virus or malware protection running because of performance and convenience or the fact that sometimes the cure is worse than the disease. There's really kind of an art form to this layer of protection and it needs to be informed by your business requirements and what makes the most sense for your people.

That said, individual devices should have their own identity -- your laptop and your phone should be part of the identity token presented when accessing data. Now it's true that when I log into Twitter from my new mobile phone I'm going to get an alert from Twitter. But we should take that further, we should add identity and grant privileges as needed. Should my mobile phone be allowed to change my password? Are there aspects of my profile that it shouldn't be able to update? While it's the same software, we should have graduated, and granulated permissions for different devices.

Finally these devices are running other software along side our software. The typical corporate policy says use the corporate equipment, but naturally this doesn't work with consumer software and can be overly restrictive for individuals.

This, of course, gets down to individual responsibility. I know that I've installed an interesting app, played with it for awhile and the forgot to remove it which means I have no idea what it's doing in the background.

In review:

  • Be aware of the risks of shared devices
  • Accept that we have to grant access to others sometimes
  • Mobile providers can route your traffic through their networks
  • IoT includes things like printers and network appliances
  • Virus and Malware protection is complicated to manage
  • Devices should have different Identity and Permissions
  • You can't control other people's software

Resume

  • My Resume
  • NWEA Experience
  • Apigee Experience
  • Cloudentity Experience
  • Conquent Experience
  • Technical Skills
  • Presentation and Voice
  • API Standards
  • Podcasts

Blog

    The Tech Industry isn't really the Tech Industry anymore
    Innovation, Table Stakes and Dev Ops
    The End of Twitter (as we know it)
    The Problem with Modernization Initiatives
    Scary plugins
    The Art of Asking a Question
    The Algorithm is Training Me
    Quietly Hijacking
    Are OpenAPI and Swagger the same thing?
    Extending the OpenAPI Contract for Security
    OpenAPI contract to HTML
    This blog and this website are built on an API
    Build an API from a CSV file in 4 minutes
    Terms of Service in lieu of Legal Governance
    Slow Response Times
    Uptime and Nines
    What is an SLA?
    Services vs APIs
    Ecosystem of Breaches -- People and Social Engineering
    Ecosystem of Breaches -- Devices and Hardware
    Ecosystem of Breaches -- User Interfaces
    Ecosystem of Breaches -- Networking
    The Ecosystem of Breaches -- Services
    Ecosystem of Breaches -- Databases
    The Ecosystem of Breaches -- Introduction
    Broken Vows -- doing better with keeping secrets
    The Organic Algorithm
    Work From Home Data War
    Finding Your Voice -- How Podcasts Sound different
    Normal is a Myth
    Managing Expectations
    Why Are Podcasts Different?
    Why DIY is not Stay At Home
    Let's talk really basic websites
    Working Remotely and Social Distancing Challenges
    Fashionable Facts
    Siri Being Disturbingly Helpful
    I Want to be Your Distraction
    Building your SLA (Security Level Agreement)
    Why We Don't Read
    Stepping Back (but not away)
    Fake Friends
    Tribal Amnesia
    The New Facebook is Text Messaging
    A bit about Starbucks-ese
    Historical Figures in Modern Clothes
    What is SSO?
    Talking Around the Answer
    My Next Adventure
    On Prem, IaaS, Paas and SaaS
    Why I dropped out of Social Media
    Being Watched by TV
    Why I Can’t Support Bernie Sanders
    Waking up from the Dream of the 90s
    PIN is a Four Letter Word
    Mundane Travels in an Amazing World by Michael Bissell
    Keep Portland, Portland
    The Odd Case of Interconnected Clocks
    Meaningful Work that I Get Paid For
    Time to Disrupt Disruption
    How the TARDIS Travels in Time And Relative Dimensions In Space
    Logging in with Facebook (and Google and Twitter and...)
    Logging into Myspace in 2014
    Heretics of Science
    That's the time I feel like making text to you
    We're Just Meta Uber Super Tool Users
    Birthing and Idea
    Fun With Chinese Hackers and Password Strength
    How to Turn Off Google Location Tracking
    Your Phone is Spying on Everyone
    My New Not a Laptop
    Advertising vs. Reality. Lays Kitchen
    Brilliant Ideas in Dreams -- but it's still a dream
    World Traveling Intros
    Referencing your whacky theories
    Is Being a Geek the Antithesis of Success?
    3-Legged OAuth -- A Love Story
    The Cost of Gentrification
    Medieval Hoarding to the Hive Mind
    Stealing money with bad web design
    Newspaper Hospice
    The Conversation of Learning
    Watching Myself
    Driving through a fly-over
    Death of the Save Button
    Deja-Google and the world traveller
    The Loss of Everything or How I Lost my Phone
    I'll Never be a Space Tourist
    Global Training Director (and MacGyver)
    Amateurs vs Idiots
    Why I {heart} APIs
    Buying Respect on Layaway
    Latte Swilling Robin Hoods, sort of
    Amateur Coffee Drinkers
    The Houses are Trees
    Why I Drink Starbucks in Europe
    Polite Drinking
    The Sounds of Spring
    The Wizard's Gift
    Another Country: The United Federation of Airports
    I'm a Business Tourist
    Traveling through Time And Relative Dimensions In Space
    Resistance is futile... But it doesn't mean people won't resist...
    We're Cybernetic Creatures
    The Thing about Vegas
    Middle Earth: Post-Apocalyptic Hell Hole
    Surrounded by Technology
    The Metaphysics of Nuclear Physics
    How Can You Be in Two Places at Once When You're Not Anywhere at All
    Media is Plural (and the blame game isn't about the news)
    Treasures, Junk and Corporate Serfdom
    Reality is Mind Blowing Enough
    Number 1 Star Wars Fan
    False Engagement (or 'My bank isn't really my bank...')
    The Emperor's New QR Code
    On Kings and Colonies -- Running Government as a Business
    Just Another Day in Portland
    Over Explaining Things
    In a World Where I Have to Pay for Healthcare
    Google Has Replaced Context
    The Internet's Memory is Fuzzy
    STOP HELPING ME (or My Computer is Killing Me with Helpfulness)
    My Cat Thinks He's a Great Manager
    Neglecting my Navel
    Masterful Service
    Warning: Do Not Operate Heavy Equipment while Thinking
    'None of Your Business' by Anonymous
    Hoarding Information
    Attack of the Season
    Subjective Facts
    Portland Rain Isn't for Everyone
    Visiting My Mother in the Hospital
    My Dirty Little Secret is I'm not a Vacuum Cleaner
    It's not Facebook, You May Already be an Idiot
    Portland Composts and I Simmer
    Japanese Manners Poster -- Please do it in America
    Complicated Stuff that I'm Forced to Use
    Get the Money out of Politics
    Everyone is Special
    Redberry vs Blackberry
    Tea and Occupation
    Advertising that smells like the man you want your advertising to smell like
    Lack of Privacy as a Celebration of Life
    You say ADD like a bad thing
    My Private Life is Public, my Public Life is Private
    I have an unnatural relationship with my phone
    Mr. Monopoly sells gas
    Do no evil... unless you can't help it
    Cool off with a Pepsi... Air conditioner?
    My Brain is Full
    Pandora becomes more like Radio
    Tony Chachere vs Big Easy Foods
    Upgraded to Death
    Now THIS is a collectable figure -- Darth Vader 'Star Knight'
    Netflix Is Watching
    Session vs. Red Stripe... Mmmm... Beer...
    Netflix and @Qwikster
    Pepsi Steals Christmas
    Shanzhai -- The Ancient Chinese Art of Brand Identity Theft
    Dealing with Google+ Spam
    WhiteCube.com vs WhiteCu.be
    Old Rasputin -- Beer and Nostalgia
    Fake Republican Twitter Accounts
    Pacman Noodles
    Random Change
    Oil of Okay
    Sun Bucks Coffee
    Ball Star Classic
    KFC or KF China?
    Johns Daphne vs. Jack Daniels
    Interjecting Infidelity
    The Case of the Identical Tablet: Apple vs. Samsung
    They Know Where You Are: Privacy and Google Maps
    Lazy logo design and a naked blue guy
    The Season for Ignoring the Season
    Apple Story
    No one can resist my Schweddy Balls
    Give me appIebees over Applebees any day
    The Mystery of the Two Applebees
    What's on the Other Side of that Link?
    Losing millions... insiders cashing out... Surprise! GroupOn delays IPO
    Facebook Party vs. Jane Eyre Introductions
    Full Metal Internet
    Branding Irons
    Your iPhone is like Your Bifocals
    Death of a Salesman's Store
    Living in dots and vibrations
    Virtual Disasters -- Watching the Hurricane on the Internet Traffic Report
    Facebook Hates Your Link and other stories from arts meets geeks
    Apple's Innovation of One Control Freak
    Hashtags on TV
    GroupOn -- Good for Meth Dealers, bad for Fishing Guides
    This Video Is Not Available on Mobile
    'Join The Conversation' Yeah... Corporations are sexy
    'Did you mean?' -- Google's chiding nanny of search results
    The Next Fad: Adword Optimization
    The double standard of Mobile Web vs Mobile Apps
    Branded Technology
    Sharingspree.com -- Stealing more than GroupOn's Idea
    The Internet Isn't Entertaining Enough
    The Bullfighters EULA
    Global Chit-Chat and the Norwegian Isolationist
    It's not your bank... It's Apple's and Amazon's
    Violated by Madison Avenue
    Goodbye Murphy
    Frustrated social-media serotonin hit
    'Narcissism' by Michael R. Bissell -- Reading myself...
    Facebook Reinvents the Meta Tag. Evolution? Or just weird mutant?
    Dude, you were looking at web stats and laughing
    If real life was like the world we see in commercials
    'We need to...' Internet Marketing Myths
    Facebook's deal with the Devil
    My cool new phone is a little too cool.
    You are never alone
    Aw, Snap!
    Promotion vs. Distribution... You'd think they'd know that one...
    Miracles and Meetings
    Facebook Causes Depression
    The I-Don't-Understand-It-So-It-Must-Be-Valuable Valuation
    Countries less valuable than Groupon
    Politics and instantaneous communication
    Live by your wits, until you get the flu
    Who owns your friends?
    Agonies of Programming for Facebook
    Content for Social Media
    Walking to Surreality
    Fact Free Zone
    Facebook did not topple Egypt
    The Value of Ideas
    Frustrating Miracles
    Social Media Slot Machine
    Anonymous vs Me
    The Numbers Game
    The Internet and our Sedentary Society -- maybe some hope?
    News from the Twitter Follow Campaign Trail
    The Death of... Well, everything...
    The art of Indiscriminate Twitter Following
    The Cloudy Meaning of The Cloud
    My Emotional Repsonse to iAnything
    Alien Technology and Government Conspiracies
    Portlandia... Yeah... it's probably true
    A Short Rant about Los Angeles
    Time for a New Reality
    The Great Popularity Contest of the 21st Century
    The Death of Email
    Protecting Free Speech... Anonymously (and geekily)
    Farewell to Doug -- the Dali Lama has moved on
    Amazon Shouldn't Have Shut Down WikiLeaks
    Google isn't the bad guy... this time
    Thankless Jobs
    Making Money -- Or Money Making You
    Kids In Charge
    It's Okay that Roger Sterling's Book Sucks
    Sex, Seduction and Manipulation
    The Superpowers of the Hive Mind
    Big Brother is Finally Here
    Time for New Ideas
    Comcast, Netflix and the Mystery of the Modem
    Custom Tailored Crap
    The Great Technical Disconnect
    New for the Sake of New
    A Retail Store Built Like the Web
    A Quick Rant -- The New Twitter and Real People
    Disposable Personas
    When did Google Start Policing the Internet?
    Getting back to HTML basics, thanks to Apple
    Inspecting my Navel Base
    Quantum Entanglement and the Death of Radio
    A shoebox vs. an online backup
    Cave Man Distribution Networks
    Dressing for Work
    The team that hates itself -- Visionaries, Managers and Technicians
    iBooks -- Creative Epicenter or Gatekeeper?
    The Failure of Success
    The Economy is Going to Get Worse, but that's okay
    Time lost on Twitter
    Common Sense of the New Economy
    Twitter's back alleys and dark places
    Social Media is NOT Advertising
    On censorship
    Microsoft Courier
    Form (designers) versus Function (geeks)
    Bad Restroom Health Sign
    PDXBOOM -- The power of social media and the portland pipe bomb
    China and Apple -- Different organizations, same management
    The volume of screens
    Logorama
    Sleeping through miracles
    Who needs an URL anyhow?
    Transmedia
    That magical little tablet
    The complications of making coffee
    How your website can be in two places at once
    Masterpieces created by sheer volume
    Suing over lack of originality
    A Primer on Internet Fame -- dancing babies, hamsters, numa numa, and more...
    The Lawsuit Lottery
    Checking my messages
    Another Random Night of Arts in Portland
    Rules are made to be broken -- in a reasoned, systematic way
    So many accounts, so few passwords
    The Dali Lama of Hillsdale
    Who really uses Twitter? 60% of Twitter's traffic isn't on Twitter
    Riding the commute route on Saturday
    Not everyone is like you
    The Web is a Jerry Rigged Kludge
    Portland Bike Plan: Too Expensive or Playing with numbers?
    Twitter: Asleep at the Mouse Wheel
    Where regulation is good: Google Voice and Vonage
    How Facebook is (unintentionally) forcing programmers to piss off users
    The Twit Cleaner
    Perfect Secretary's pitch for @Adbroad (and the Youtube API)
    The Emotions of Text
    The Shorty Awards Scandal -- Manual Spam is still Spam
    Google Analytics, the cloud and missing numbers #fail
    Helen Klein Ross & Michael Bissell Interview at Adweek's Social Media Strategies Conference
    The Internet is the New 60's
    Getting back in the saddle (bicycle saddle, that is)
    Ranting about Portland Drivers
    Cougars from New Zealand (and I don't mean big cats)
    Adding facts together, or why you can't charge your cell phone from wifi
    Social Media and the Destruction of the World
    Rabid Fans vs Passive Viewers -- The Coco vs Leno saga
    How to tell someone to retweet (without using up your 140 characters)
    You can't buy social media
    A book unopened is but a block of paper
    Building the LOST: The Final Season Sweepstakes
    Holiday SPAM (or the lack thereof)
    Archiving Twitter
    Too Many Toolbars
    Random Censorship with Google Adwords
    Accessibility and Shopping Online
    'Upgrading' my flight
    Twisted path to customer service
    Flash: Shiny objects blinding your audience
    Twollow and other gold rush scripts
    Arthur Miller's All My Sons
    GPS in a Laptop computer
    Thinking outside the box... There was a box?
    Twitter was designed for Text Messaging
    It's not the corporations, damnit
    Entrepreneur or Dreamer?
    Adweek Social Media Twitter for Brands Presentation
    Socializing is more than Social Media
    Generational Marketing is a Myth (or Who's your Daddy?)
    Social Media is Just the Way We Use the Internet
    Twitter Followers Don't Matter (ask the porn sites)
    The Internet is Gooder than Books
    Sometimes you don't want your campaign to go viral
    Best Twitter Branding Campaign
    A Good Explosive Recipe and other found knowledge online
    Like flies to crap, Spammy Twitter Followers don't really go away
    Video Projectors for your phone
    iPhone SMS Security Hole
    How Flipmytweet works
    Cell Phones as Microscopes
    Markie's Birthday
    Digg is not the Hijacker -- You Are
    Steve Ballmer -- the walking dead?
    Twitter as an open mic poetry reading
    Automatic Social [un]Awareness
    New York, New York
    First splash for United Against Malaria
    New Media/Old Media and the CLIO Awards
    Interview at SXSW: Mad Men Twitter And Tracking
    Saturday Yard Work
    We've got an App for that -- it's called the Web
    Made it to SXSW in Austin
    What is Conquent?
    The trouble with Wordpress and other templates
    Wayward Words with Baggage
    Speaking at SXSW March 17th
    The fleeting Memory of the Internet
    It's okay to say 'I don't know'
    Good Morning America, now Go Fight Traffic
    More surreality in Portland
    Nike Takes Over Conquent
    Facebook owns this title
    Excuses, excuses
    A little on Social Media
    Feeding on Content
    Attack of the Bots
    Irish Music in Oregon City
    Landing on an Aircraft Carrier
    Got Curry? And some bizarre art?
    Web 1.0
    Random Music and Random Life in Portland
    To the dump, to the dump, to the dump dump dump
    Flight Simulator
    Cold night, hot fire, happy cat
    Net Neutrality
    Walking to work in the snow
    A window into Moreland of the Past
    Getting clever with data feeds
    Big and Little Beirut
    The Other Credit Crisis
    The Broadband Inauguration
    T-Mobile owns Magenta and Other Patent Stories
    The Risk-takers, Doers and Makers of Things
    The noise of 20,000+ Twitter Followers
    Reflections on my DC Trip
    Born Again American
    30,000 feet, 500 MPH Suburban Strip Mall
    Cellphones, toilets and the Inauguration
    The wall of pissing
    National Treasure/National Archives
    My trip to DC so far
    Everyone is insane
    Getting ready for DC
    The End of Days (of song): Microsoft Songsmith Example
    The Very Model of a Modern Major General
    Browser Bigotry
    The Death of your Soul: Microsoft Songsmith
    Creative Development or Developing Creatively?
    Race to Witch Mountain
    The Myth of Wikipedia (or the Wiki-1400)
    Online/Offline Sales -- is it really that bad?
    Is PayPal Tacky?
    Old School Web Design Still Works
    Domain Squatting
    Christmas Fire
    Green Chri$tma$
    QA 101
    Portland Snow
    Get some return on that web traffic
    I think they have a backup...
    I'd love to have that problem
    The [un]importance of statistics
    Don't be a tool of viral marketing
    CAT Scan!
    Follow up to the shoulder injury
    Emails, discussions, blogs, wiki and web content
    Ironic Injury
    On the Santa Monica Pier
    You Designed for Print First
    You let someone else register your domain name
    You figured .biz, .info, .us would work fine
    What's after the Integrated Circuit?
    Intelligent life is out there (but it's bugger all down here on earth)
    Subject Matter Experts Talking Other Subject Matter
    The Totalitarian Regime of Apple
    Oversimplifying how people work
    crowdSPRING
    Creative Services for the New World
    Reverse Anthropomorphism
    The End of Time
    Oil prices and birdsong
    Watching Starship Troopers AGAIN!
    Better Living Through Twitter
    Lessons Learned From Apple
    It's the Brand, Baby
    Business Architecture vs. Web Construction
    On Truth
    You can't build life
    Accidentally Drunk in Portland
    Al Gore the Winner
    Intelligent life is out there (but it’s bugger all down here on earth)
    Aussie Rules Football
    Trip to Nostalgia Land
    I am such an idiot
    Long day of travel
    Miami -- as far from Portland as you can go in the US
    Inverse Peter Principle
    COMPLETE GEEKOUT:MD5s as database keys
    Random Knowledge
    I'm fascinated with modern plumbing
    Leaving Seattle (or why you should keep your ticket close)
    On the Rails
    The Hive

© Michael Bissell. All rights reserved.