Rob Cheng's Blog -

Health, Jesse, Technology, Teddy

25Nov-22

Technology is robbing my children of their childhood

I am a work at home dad, and I love my kids. Sometimes, like now, my heart is broken because my kids are addicted to technology and video games.

Relative to the other kids, Teddy and Jesse are great, but relative to their potential, technology is robbing them of the best times of their life. Both of them have their talents (Teddy golf and Jesse piano), but they are unable to explore these talents because rather than practicing, challenging themselves, and growing, their free time is wasted mindlessly watching videos or video games. They lose hours. Sure, as a parent, I try to be vigilant and stern, but it is exhausting and a losing battle.

My children now 15 and 13 years old lack many social skills of children of prior generations. Rather than interact with other kids, and learning to “get along”, they run home and myopically staring at a seven inch screen.

Perhaps the most worrisome is the skill of observation. They believe that the world is to be experienced through a 2 dimensional screen that tickles two senses (see and hear) and ignores the other three senses (touch, taste and smell). Real world is a beautifully complex ecosystem, and yet their experience is limited to what their devices can deliver.

At times, it is overwhelming, but then I realize it is not the children that are lost in this artficial fake technology bubble, it is the adults. God help us.

Leave a Reply Cancel reply

Brazil, Rio de Janeiro, Videos

20Nov-22

Uma Casa Nova

I am so excited about the progress of our new house in Rio de Janeiro. My plan is to retire in Rio de Janeiro when Teddy and Jesse are older.

Leave a Reply Cancel reply

Travel

4Jul-22

Traveling with a Guitar on Delta Airlines

After a grueling eight-hour layover in Atlanta, my guitar and I finally boarded the last plane of the night. After scanning my ticket, Delta Lady #1 ran down the jetway to give me a ticket to place on my guitar.

I told her that my plan was to place the guitar in the closet in the front of the plane. I have traveled with my guitars on dozens of segments on multiple airlines and aircraft without incident. There has always been space in the small closet in the front of the plane or in the overhead bins. In retrospect, I regret not accepting the ticket.

I entered the plane and asked about placing the guitar in the closet, and Delta Lady #2 said that the closet might be full and was reserved for first class. My only option was to place the guitar in the overhead bins. I did not argue and continued to my seat.

Near my seat, there was an empty overhead bin, and I lifted my guitar. Delta Lady #3 said it would not fit, and guitars were not allowed in the overhead bins. Unfortunately, she approached to block me from placing the guitar. I reacted poorly, and continued stowing the guitar. I quickly learned that Delta Lady #3 was correct and Delta Lady #2 was incorrect, the guitar did not fit in the overhead bin.

The situation was escalating which made me uncomfortable. Delta Lady #3 provoked with “How would you feel if someone told you how to do your job?” and “I can get you thrown off the plane.” I ignored the taunts. Another passenger swore at me, and I kept quiet. I started back up the aisle with the guitar, and Delta Lady #2 was approaching, so I gave her the guitar, and sat down at my assigned seat.

A few minutes passed, and Delta Man #1 approached and gave me the ticket for the guitar. Later Delta Man #1 approached me, and gave me an OK sign. A few more minutes passed, and Delta Man #1 returned and told me that I had to leave the airplane.

In the jetway, Delta Man #1 explained that Delta Lady #3 would explain what happened, and that I needed to apologize. She recited her version of events and stated that I failed to obey her instructions. I did not tell her that her instructions differed from Delta Lady #2. I complied and apologized. She did not feel that the apology was adequate and had me thrown off the plane.

Leave a Reply Cancel reply

Politics

5May-22

Secure the Homeland

In March 2022, the Biden administration announced that cyber attacks from Russia were imminent. Although this is untrue, it shines a light on how unprepared the federal government and the rest of the country are for a nation state attack.

A nation state attack is exponentially more serious than ransomware. Unlike ransomware, a nation attack does not attempt to extort a fee to restore operations. It simply destroys without regard to consequence.

More importantly, a nation attack accelerates the frequency and sophistication of the attacks. For over a decade, the United States, Russia, China, North Korea and Iran have been stockpiling vulnerabilities in the event of a cyber war. This is the reason why a cyber attack is NOT imminent, because Russia knows that America likely has a larger stockpile with more severe consequences.

When the Americans shut down 3 Iranian nuclear reactors and Russia shut down the Ukrainian electric grid, each of these attacks were accomplished through one vulnerability. The WannaCry virus infected 250K computers in one day through one vulnerability.

Any nation state, and most certainly Russia, has dozens if not hundreds of these vulnerabilities. Rather than one vulnerability, a nation state attack would deploy numerous vulnerabilities simultaneously entering unobstructed into every server and endpoint and any other device that contained critical information in the nation.

The first line of defense is patch management but this is wholly ineffective because patch management works with known vulnerabilities and these vulnerabilities are unknown by design.

The next line of defense is the antivirus which has not functioned against modern threats for almost a decade yet consumers and businesses and even the federal government blindly throw money at this obsolete vestige from a prior era of computing. So the attack continues.

The last line of defense is EDR / XDR / Zero Trust, which attempts to detect and respond to the full frontal onslaught nation state attack. Unlike ransomware, a nation attack would overwhelm the SOC (Security Operations Center) and it would quickly fall down.

This exposes the largest flaw in the nation’s defense. EDR / XDR / Zero Trust / SOC cannot scale to meet a spike in attacks. For a SOC to double in size, would take months, and a nation state can increase its attack level in seconds.

As stated earlier, this is not going to happen due to a respect for America’s vulnerability stockpile, however our defense frameworks should consider the possibility of a nation state attack. Unfortunately, none of the popular frameworks including NIST, MITRE and even Jack Voltaic comprehend the possibility of a nation state attack.

The first nation to contemplate in its national defensive cyber strategy the impact of a nation attack will win the cyber war. The first nation to effectively create cyber defenses that negate a flood of vulnerabilities attacks from a nation state will rise to the top of the world order, because it is no longer exposed to a cyber counter strike.

There is a solution and that is application whitelisting, AKA allow listing or software asset management. As NIST has been recommending for the last 7 years, application whitelisting should reside between the patch management and the antivirus layers. In this way, during a nation state cyber attack, the application whitelisting will strictly allow authorized applications to run. During this scenario, the volume on the network is substantial and network performance may deteriorate but it will not fall down. Some new good programs may not run properly until the attacks abate, but the goal is resilience, to withstand the attack.

This resilience gives patch management time to identify the vulnerability and remediate the vulnerability so the attacks abate. The nation state will likely deploy more of its stock of vulnerabilities which should also prove futile. At this point, the nation is deploying vulnerabilities faster than it can replenish, until the stockpile falls to zero. Then America wins.

Secure the Homeland.

Leave a Reply Cancel reply

Financial Crisis, Technology

2Oct-21

The Ten Biggest Lies in Cybersecurity

Biggest Lies in Cybersecurity

Prevention is futile

About 10 years ago, long before the ransomware pandemic began, the powers that be decided that cyber prevention was futile, and cyber security should exclusively focus on reaction. Development and improvements to legacy preventative solutions were halted in favor of reactive architectures such as next generation antivirus, Enhanced Detect and Respond (EDR), Extended Detect and Respond (XDR), and Endpoint Protection Platform (EPP). A more prudent and effective strategy is a hybrid between prevention and reaction, however abandoning prevention, maximized revenue for the cybersecurity industry.

Multifactor authentication is the answer

Although MFA is prevention, MFA is expensive with recurring maintenance costs. Not all ransomware enters through an authentication breach. Lately, the ransomware makers are offering insiders of a bounty of $100,000, to release ransomware onto a network. MFA is good but insufficient in itself to thwart ransomware.

Backing up data stops ransomware

When ransomware was in its infancy, good backups enabled quick restoration of operations and no ransomware payments. Today’s ransomware exfiltrates data, disables backup services, and encrypts the original data set and the backup too. Airgapping backups is useless, since the ransomware waits until the backup is not airgapped, and encrypts at that time. Restoring from backup is good for disaster recovery except for ransomware.

Reacting quickly is the key to stopping ransomware

While it is possible to monitor, detect and respond to malicious human activity, ransomware traverses a network at 100 to 1000 times the speed of humans. Ransomware infects a network in seconds or perhaps a few minutes. People cannot respond fast enough.

Ransomware is here to stay

Repeating this lie is job security for the sycophants of the cybersecurity industry. Ransomware is a business with revenues (ransom payments) and expenses. Proactively preventing the ransomware from entering the network simultaneously drives down revenue and increases the costs of the ransomware business model. Ransomware is a metastasizing cancer, but there is still time to suffocate its lifeblood, money.

The problem is Russia

Ransomware is the monetization of security holes. The purveyors of ransomware only need a fast internet connection, obfuscation tools, and a country outside of American law enforcement. Even if ransomware’s origin were Russia, ransomware could be made almost anywhere whose citizens are looking to make a quick million and get away with it.

The higher the budget, the better the cybersecurity

This one is up there with “lather, rinse, repeat” and “drinking alcohol daily improves life expectancy”, although you got to love the moxie. Cybersecurity giant, Accenture, was hit with a garden variety ransomware that stole terabytes of proprietary data, and a $40M ransom. Accenture had almost unlimited budget for cyber. The Accenture infection is analogous to the neighborhood fire department, fire trucks, and firemen burning to the ground.

Layered security is the right approach

This lie is the cybersecurity industry saying that they have no idea whether this widget works, and neither do you, so you might was well give it a try. This Frankenstein approach to cybersecurity makes it impossible to understand what works and what is useless. Paying for useless security maximizes revenue for the cybersecurity industry.

There are no silver bullets

Application whitelisting is the silver bullet. NIST advises organizations to use modern whitelisting programs, also known as application control programs, to stop cyber threats. The Australian Signals Directorate’s Essential Eight Maturity Model has four levels (0-3) and levels 1, 2, and 3 require application whitelisting.

Cybersecurity is complicated

The cybersecurity industry’s ineffective, reactive, throw spaghetti at the wall, prevention be damned architecture is complicated and intellectually out of reach for businesses, lawmakers, and laypeople. There are many prevention paradigms in our society and none are complicated. Health care, fire prevention, tooth paste, home security and so on. Making cybersecurity unduly obtuse and complicated is part of the industry’s sales playbook but it doesn’t have to be this way.

What you can do

Stop repeating the lies. Use common sense. Keep an eye on Australia. When buying cyber products, ask your well dressed, attractive, articulate sales person whether any of their customers have been infected with ransomware lately.

Leave a Reply Cancel reply

The Boys of Biloxi

by John Grisham
Read in Dec 2022

The Ransomware Hunting Team

by Renee Dudley
Read in Nov 2022

Desert Star

by Michael Connelly
Read in Nov 2022

Venture Deals

by Brad Feld
Read in Nov 2022

The Maze

by Nelson Demille
Read in Nov 2022

The Bond King

by Mary Childs
Read in Oct 2022

Never Lie

by Freida McFaddem
Read in Oct 2022

Reckoning

by Catherine Coulter
Read in Oct 2022

The Girl from Silent Lake

by Leslie Wolfe
Read in Sep 2022

Rich Blood

by Robert Bailey
Read in Sep 2022

Leadership

by Henry Kissinger
Read in Sep 2022

Shelter

by Harlan Coben
Read in Aug 2022

The Inmate

by Freida McFadden
Read in Aug 2022

The Lightning Rod

by Brad Meltzer
Read in Aug 2022

Do Not Disturb

by Freida McFadden
Read in Jul 2022

In The Blood

by Jack Carr
Read in Jul 2022

The Perfect Son

by Freida McFadden
Read in Jul 2022

Special Circumstances

by Sheldon Siegel
Read in Jul 2022

The Locked Door

by Freida McFadden
Read in Jun 2022

Misjudged

by James Chandler
Read in Jun 2022

Li-Ping on Theodore Chen – Photos: “Hi Robert, The East Asian Library at USC is organizing an on-site exhibition for Spring 2023 about Dr. Theodore Chen,…” Oct 30, 01:02
Philip on Are All Muslims Going to Hell?: “I am a “born-again” Christian by faith. But after the death of my father, I was worried that he was…” Jan 27, 08:16
Mike Nicholson on Winter in Myrtle Beach: “We’re still pinching ourselves. It was the national tragedy of a pandemic that allowed me to telework full-time, and…” Jun 21, 07:34
Mike Nicholson on Foz de Iguaçu New Slide Show: “1962. I’m not that old.” Jun 21, 06:59
Mike Nicholson on Foz de Iguaçu New Slide Show: “Motorboats? Helicopters? How times have changed!. I first visited the the falls in 1952 when I was…” Jun 21, 06:58
Bob Koveleski / San Diego on Get Out of Neutral: “Rob – You are a “real-guy” and an inspiration to us all. God Bless” May 10, 22:17
canonymity on 10 Reasons Why Brazil Will Become A World Super Power: “Brazil needs fusion energy to lift its population out of poverty. I’ve invested in LPP Fusion at wefunder and spread…” Mar 22, 20:14
Sue (Emery) Manganaro on Rio de Janeiro Beach Scene: “Hey Rob….just happened across your blog. It’s wonderful! It has been forever since our years at Bowie High,…” Nov 26, 01:05
Bob Vittel on Rio de Janeiro Beach Scene: “Wow, I really like that affect! I’m going to try it next time I’m in Rio! Thanks Rob!” Aug 23, 01:53
John Glenn on Can You Hear Him Knocking?: “Rob, I have a Billion dollar tech idea, but am concerned of sharing with any of the Fortune 500 companies.…” Jun 11, 17:27
chengrob on Rio de Janeiro Beach Scene: “Bob, Thanks for visiting my site. Thanks bringing to my attention the cerveja error. It is now…” May 22, 14:37
Bob Vittel on Rio de Janeiro Beach Scene: “Hello Rob! Just by chance fell upon your Web site today and enjoyed browsing through several sections, including the above…” May 22, 03:53
Dale Williams. - CEO DigiTar, Inc. on Rio de Janeiro Beach Scene: “Dear Rob: I have watched PC Matic innovate in the PC user markets via very creative feature sets and brilliant…” May 21, 04:10
Arthur Farmer on USC Honorary Law Degree: “Jeff Coover “Plea For a Nation.msv Youtube” May 15, 00:18
Arthur Farmer on Can You Hear Him Knocking?: “This song is a great reminder of Revelation 3:20. Everyone should answer the door.” May 14, 19:58
chengrob on USC Honorary Law Degree: “Hi Janice, Nice to meet you. You can send me an email at chengrob (at) yahoo.com and we…” May 3, 16:24
Janice Tanaka on USC Honorary Law Degree: “Hi Rob, I am working an a newsletter article about the founding members of the Delta Phi Kappa…” May 2, 20:21
Frustrated Brazilian on 10 Reasons Why Brazil Will Become A World Super Power: “Reading this in 2020 and crying” Jan 24, 01:35
GREGG J LASKOSKI on Jesse’s First Recital: “Rob, After seeing multiple commercials while watching FOX News, Hannity, Tucker Carlson, etc., I went to the…” Sep 11, 23:43
Jerry Axson on Rio de Janeiro Beach Scene: “Hi Rob – I was just taking a look at the PC Matic site and discovered you are in Myrtle…” Jun 12, 05:49