21 Ways Expert Authors Can Go Green

by irena.zyniewska on June 25, 2014

No Gravatar

What Do Writing and Earth Day Have in Common? Green!

You make an impact on the world with your writing, so why not take it a step further by making a positive impact on your environment, too?

Check out these 21 ways to go green with your article writing efforts!

Save Paper

How much paper are you tossing every week? According to the EPA, paper makes up 27 percent of our trash and much of it can still be recycled.*

In addition to recycling paper products, here are 6 tips you can use to save some of that paper from making it to the trash.

Print less by going digital with an eReader (iPad, Kindle, Nook, etc.) for books and other reference materials.
Cancel the delivery of hard-copy periodicals and switch to online-only subscriptions.
Stop junk mail from reaching your door.**
Print less paper by using the “print on both sides” feature of your printer.
Use post-consumer recycled content (PCR) paper (recycled paper).
Get more out of your smartphone or tablet by downloading task reminder apps for notes, lists, and brainstorms.

Conserve Energy

If you practice a little energy conservation, you’ll also practice a lot of wallet conservation. Here are 10 tips to save power and your green:

Turn down the brightness of your screen to a reasonable setting (so you’re not straining your eyes to read the content, but it’s not blazing at full power).
Shut down programs that don’t need to be running in the background, including Bluetooth.
Unplug devices (like tablets and phones) once they’re charged.
Eject any discs that are not being used if you have a CD or DVD drive.
Turn devices on the sleep or standby mode if you’re not actively going to be using it in the next 20 minutes.
Use a power strip and use it to turn off all devices before you leave work for the day or before you go to bed.
Use a desk lamp that utilizes a compact fluorescent bulb and switch off that overhead light.
Turn the thermostat down (60-65 degrees Fahrenheit should still be comfortable) during the winter. Throw on a warmer sweater or a scarf and allow the brisk air to help you stay alert!
Turn the thermostat up a few degrees during the summer and allow your body to acclimate. Don’t sweat the small stuff!
Microwave the water for your tea rather than using the stove to consume less energy.***

Produce Less Waste

Sometimes the best waste prevention is to not have something to waste in the first place! For every item you consider buying or ordering – even if it’s free – consider whether it’s recyclable, how much energy it consumes producing it, and whether you’ll dispose of it responsibly. Here are 5 questions and tips to consider:

Do you have to use the gas? Create a stellar writing space to write at home and make your own coffee/beverage to save the gas from the commute rather than going to coffee shops to write. If you need to get out, don’t drive – walk or bike!
Do you need to waste that cup? At the coffee shop and getting coffee to go? Say “no” to disposable to-go cups and bring your own (clean) travel mug.
Do you really need to use a plastic water bottle? Stay hydrated during your writing session to maintain focus with a reusable water bottle or even go old school with an actual glass!
Do you really want to throw that out? Donate or dispose of electronics properly by recycling them (check with your local recycling facilities how to do this properly).
Do you really need a pen? Choose the classic wooden pencil over plastic pens. Pencils last longer than pens and conserve much more nonrenewable resources to produce.

TwitterDiggLinkedInFacebookRedditTechnorati FavoritesPingSlashdotShare


No Gravatar

Shocking new research reveals that a specific type of lung cancer many smokers develop comes from tiny tears in their lung tissue caused by microscopic glass fibers, also known as glass wool, found in many conventional cigarette filters. These rips in the epithelial (soft) tissue fuel the development of tumors and cancerous cells due to the constant overload of toxins, namely pesticides, nicotine and ammonia, contained in commercial cigarette smoke.
[click to continue…]

TwitterDiggLinkedInFacebookRedditTechnorati FavoritesPingSlashdotShare


No Gravatar

It’s that time of year again!  I just got my hands on the 2011 edition of the Verizon/SS Data Breach Report, and I figured I’d take a moment to share my thoughts.

First of all, note that the scope of the report now includes approximately 800 “incidents” from the year prior; last year’s report was comparable in size, covering 761 events.  Next, I observe that this report is by no means “complete;” while a good deal of the year’s most significant incidents have been covered, there are likely thousands of noteworthy data points which have been overlooked or otherwise left out.

Now, the report:

The Good - Improvements

Improvements Based upon USSS/Verizon Breach Investigation Report

Verizon has some good news and some bad news; the good news – only 76% of recorded data breach targets were servers in 2010, compared to much higher percentages in 2009 and 2008.  However, this implies that the focus has shifted towards endpoint and social targets, which is very bad news, indeed.  Probably nothing ground-breaking at this point, but this demonstrates the consistent challenge corporations face in raising enterprise-wide security awareness; we have erected multi-million dollar defense systems, and continue to monitor our logs for interesting traffic, but we cannot fix “people” problems with products.  Additionally, note that – of the breaches reported – we continue to see a steady decline in those involving multiple parties, as well as business partner attacks.  This is good news to corporations, as it indicates continued success in technical and business measures to control outsider access to enterprise resources.

The Bad - Deficiencies

Deficiencies Based upon USSS/Verizon Breach Investigation Report

Next, I’d like to take a look at some of the numbers which rose consistently between the three recent years.  Specifically, I’d like to dwell on the “Employed Physical Attacks” metrics; over a 3-year window, this percentage has tripled (with little fluctuation in data set size in the prior 2 years), indicating a continued focus on technical security.  While improved technical security may prevent a good deal of data breaches, it is not a holistic solution, and often results in “sore thumb” deficiencies.

The Ugly - Inconsistant Findings

Trends that are Not Necessarily Consistant based upon USSS/Verizon Breach Investigation Report

Finally, I’d like to focus on the metrics provided which seemed to fluctuate between the reports issued in 2009, 2010, and 2011; note that, in 2010, the size of the breach “pool” increased tremendously with the inclusion of the US Secret Service data.  Due to this, I would like to focus primarily on the metrics that rose between the 2010 and 2011 reports.  Most specifically, I am concerned when I see the HUGE rise in percentage of breaches that have been discovered by a third party (+25% over a year, +17% over two years).  While I’m sure corporate log monitoring initiatives have started to kick off, what is being done today is NOT enough.  With “blended” attacks on the rise, there is a growing business case for event correlation and collective log management & review; if enterprise shops do not take action on this item, this number will rise exponentially.  On a similar note, I observe that a steady (though slightly rising) portion of the reported breaches have been deemed avoidable, in retrospect, via simple or intermediate controls.  These controls may include password policy enforcement, implementation of stateful packet inspection on firewalls, and security-focused Quality Assurance for web application content (among others).  The effectiveness of such measures should be audited periodically.

Wrapping up:

  • Shift in focus from Servers to Endpoints and Staff
  • Shift to Physical Compromise, as opposed to Technical
  • Social Compromise percentage consistent between 2009 and 2011 reports, although 2010 report indicates huge increase
  • VAST majority of breaches are avoidable through simple controls
  • Insider attacks are down, as are business partner breaches
  • Third parties are disclosing breaches before first parties


Action Items: 

  • Know your assets
    • Accurate, comprehensive, and authoritative inventory is encouraged
    • Not just servers and endpoints, but identity assets as well
    • Pre-requisite to next item:
  • Monitor your logs
    • Consider Event Collaboration & Correlation tools (not necessarily a product or a service, this can be a series of well-crafted scripts); note that the return presented by a product will be extremely limited, based upon organizational structure.  From my limited perspective, I see that most enterprise organizations should have comprehensive identity and asset inventory systems to get the most out of vendor SIEM products.  Even with SIM/SEM, individuals need to review their relevant logs frequently
  • Invest in simple, easily monitored, controls (such as account usage policies, password complexity and refresh requirements, etc)
    • If they are already in place, audit your controls for effectiveness; more importantly, adjust accordingly
  • Continue to raise enterprise awareness against breach indicators, consider random employee awareness drills
  • Continue to raise enterprise awareness against physical security threats, enforce physical security policies (for example, laptops must be locked and docked within the office)
  • Secure your endpoints, aggregate event logs, AV logs, etc. from workstations to a common environment for review

Grab the full report here

TwitterDiggLinkedInFacebookRedditTechnorati FavoritesPingSlashdotShare


Defcon 201 North New Jersey (DC201) Chapter Goes Live!

by Jason Stultz on October 16, 2010

No Gravatar

It is my pleasure to announce the go-live of the Defcon (DC201) New Jersey Chapter. After quite a bit of planning, we are excited to hold our inaugural meeting in Paramus on Thursday, December 2, 2010! For more details, such as the time and location, please check the website – http://www.dc201.org/ – we plan will post additional details as they become available.

From dc201.org:
DefCon Group 201 (DC201) is a meeting for hackers, industry professionals, technophiles, and anyone with an interest in technology and its continuously changing role in today’s world. Lectures, panels, and other presentations are of a highly technical nature and are geared towards giving attendees both in-depth knowledge of theory as well as practical skills that can be put to use in real-world scenarios.

TwitterDiggLinkedInFacebookRedditTechnorati FavoritesPingSlashdotShare


Google Boards The Multi-Factor Bandwagon

by Jason Stultz on September 22, 2010

No Gravatar

Recently, Google announced that they have made “strong” authentication available to Google Apps users by way of a downloadable soft token. As per the announcement, this service will cost nothing to enable. While Google Apps had already supported multi-factor authentication via SmartCards and Tokens, this migration to software tokens accounts for a significant convenience boost. No more keyfobs or SmartCards means potentially more willing customers…

While I support the jump towards convience, I am still a bit concerned. SmartPhones are, and continue to be, the target of malicious users; every day naive, non-technical users unknowingly install rootkits(read:jailbreak) on their mobile devices and remove intrinsic security functionality. Typically, these “jailbreak” type exploits render the system open, with default access credentials, and ready for compromise at any moment. For example, many of the iPhone Jailbreak tools create an SSH listener with “alpine” as the root password. Knowing this, it shouldn’t be too difficult to compromise a few thousand smartphones; I wonder how many of those folks are using soft tokens.

A key fob is just that, and will typically not be particularly vulnerable to such an attack.

One possible control for corporations would involve requiring SmartPhones (that require the soft token to be installed) to comply with accepted software build requirements prior to and after being permitted to install the token application. Even this can prove difficult to manage.

What do you see as an effective means to control soft token distribution? Beyond that, what do you see as a strong SmartPhone security policy (without eliminating them entirely)?

The token software is currently available for BlackBerry and Android phones, and is projected to be available for the iPhone in the near future.

PCMag Commentary on The Announcement
Another Interesting Article Regarding Soft Tokens

TwitterDiggLinkedInFacebookRedditTechnorati FavoritesPingSlashdotShare


What Really Grinds My Gears — Developer Education Rant

August 15, 2010

After spending a few million dollars on secure development education, you may still have issues. Continue reading to see why.

TwitterDiggLinkedInFacebookRedditTechnorati FavoritesPingSlashdotShare
Read the full article →

Verizon and USSS Release 2010 Data Breach Report

July 29, 2010

Verizon & the US Secret Service collaborated to compile the 2010 Data Breach Report. Read on to see what this means for corporations and IT Security.

TwitterDiggLinkedInFacebookRedditTechnorati FavoritesPingSlashdotShare
Read the full article →

Default Web Pages – and Why You Should Eliminate Them

July 8, 2010

Default web pages are bad, especially when you don’t even know they exist. Here’s why.

TwitterDiggLinkedInFacebookRedditTechnorati FavoritesPingSlashdotShare
Read the full article →