Category

Articles

Category

Earlier this week I conducted a follow-up discussion with an industry colleague about global cyber attack activity, specifically related to Russia and the situation in Syria. It was a valuable conversation so I want to share my thoughts on the topics we debated.

Our dialog began with a simple query: will Russia escalate its cyber attacks against the United States in retaliation for the military response the U.S. took against Syria after Assad’s chemical weapons attack against its very own citizens?

This is an interesting question for a few reasons. The chief issue with this specific question, and with discussions surrounding this topic in general, is there is no agreed upon, clear definition of what exactly constitutes a cyber attack. There is no way to answer the question before defining the term cyber attack. So lets start there.

Is a cyber attack defined as the mere exploitation of a vulnerability, and subsequent acquisition of access to a target network? Does an actor need to perform some malicious activity after obtaining access before the compromise is considered an attack?

In the context of attacking the electric power industry, is attacking the power grid and causing an outage, like what transpired in Ukraine in December’s 2015 and 2016, the demarcation line between what is and is not a cyber attack? Is sending phishing emails with malicious attachments, ultimately leading to establishing a foothold into a network for potential use later, a cyber attack?

This is where the media, the security industry, governments, and certain professionals tend to disagree on terminology. I feel it is important to dissect the words to better understand the original question. In the above, I would argue the latter – a phishing campaign resulting in mere command-and-control capabilities on a network – is not a cyber attack. Is most definitely is a network breach. I argue it is considered network exploitation or offensive cyber operations, but not necessarily a cyber attack. Generally it is part of a much larger, potentially multi-faceted campaign, but just breaching a network is not a cyber attack.

Just like breaking into a vehicle does not assume intent to steal the car, remotely accessing a network is likely equivalent to breaking and entering or trespassing. There may be intent to steal intellectual properly, disrupt network operations, surveil, participate in a botnet, or a host of other activities potentially rising to the level of a cyber attack. But mere access to a network cannot assume the actors intent.

Now back to the original question about the possibility of Russia increasing cyber attacks against the United States in retaliation for the airstrikes in Syria.

I do not believe Russian cyber attacks will increase as a direct result of the U.S. military actions in Syria. While Russia is likely not pleased with the airstrikes, there is no specific strategic reason for a cyber response from Russia. United States critical infrastructure is already purported to have been attacked on multiple recent occasions by Russia, most recently by leveraging a major Cisco router vulnerability.

Russia has already demonstrated sophisticated cyber operations capability, with the potential to own deliberate targets in the United States. However, they have yet to establish malicious intent. For the moment they have simply conducted a show of force, signifying their strength. This is the military equivalent of sending an aircraft carrier with an airwing aboard, accompanied by a battle group, off the coast of Russia. It suggests power and superiority.

It is unlikely Russia will currently attempt any cyber attack leading to major damage or disruption. In the short term they will continue to pursue network access, especially strategic targets within critical infrastructure, but doubtful anything beyond.

On the one hand, Russia has a high degree of cyber sophistication. Hypothetically, the Putin regime may explore false flag operations against the United States, but if the attack were ever unequivocally attributed to Russia then it may not end well. Although in this era of crying fake news left and right, even indisputable evidence of a Russian plot may not be convincing.

On the other hand, Russia could directly attack the United States. The problem with this approach is the U.S. policy on response. A cyber attack does not necessitate an in-kind response. Just because an adversary uses the cyber domain to attack, the United States does not limit its response to the same domain.

Put another way, if the U.S. is the victim of a major nation state backed cyber attack, it will likely respond kinetically. The U.S. government has stated on multiple occasions it has the option to respond via military force if it determines a cyber attack is above an as-yet publicly defined damage threshold. Expect bombs to be dropped, missiles to be launched, or troops to be engaged if the U.S. feels its sovereignty has been attacked.

Putin is most certainly cognizant of this, and is leveraging the ambiguity cyberspace offers to continue conducting operations and demonstrating Russian nation state capability. These minor operations will continue in the short term, but I find it hard to believe an actual attack will occur in the near future. Russia most assuredly does not want a traditional conflict with the United States. Russia will continue to pick at the proverbial scab since there are no repercussions.

Expect to see Russian cyber exploitation remain in the news cycle for the foreseeable future. Awareness of this threat is an important factor in ensuring U.S. government agencies, critical infrastructure, and businesses are prepared for the possibility of an attack. Resilient, proactive defensive measures and situational awareness will go a long way in limiting risk and potential exposure for the inevitable attack that will unquestionably materialize at some strategic time in the future.

I have been an Evernote user almost since service inception. Throughout the years I have been on the roller-coaster ride of highs and lows, and lately have been fairly ambivalent about the service. It had never really done me wrong, but at the same time there was no single killer feature keeping me invested in the Evernote capabilities.

Late last year I signed up for a special premium subscription offer when Evernote was poised to add six months for free for those subscribing for one full year. So although I had no real need for premium capabilities, I figured why not – I can find a way to use all the exciting features – and hit the “pay now” button.

So here I am, six months into an eighteen-month subscription, and I do not find myself really enamored with, or tied to, any of those paid-only features. The following list is what comprises Evernote Premium, the first three of which are also part of the Evernote Plus middle tier:

  • Access notebooks offline
  • Forward emails into Evernote
  • Customer support via email
  • Customer support via live chat
  • Search for text in PDFs
  • Search for text in Office docs
  • Annotate PDFs
  • Scan and digitize business cards
  • Present notes in one click
  • Browse the history of your notes
  • See related notes and content

Looking at it today as I write this post, I see nothing compelling other than the following:

  • Search for text in PDFs (peripherally interesting)
  • Scan and digitize business cards (definitely)

Of these two features, I use and highly rely on the business card scanning via Evernote’s Scannable app. I love how simple yet effective it is at scanning business cards, finding the right data on the card (most of the time), and then allowing me to create contacts or connect via LinkedIn to people I meet.

In the many years I have used Evernote, I rarely ever had an occasion where I really needed to search for text within PDF files. It is just not something I value nor require.

A couple days ago Evernote announced some new pricing models and restrictions on free accounts. Since I am a premium subscriber, this has no effect on me currently. However, should I opt to allow my subscription to lapse, I immediately fall prey to those limitations, and this prospect does not make me feel comfortable.

At. All.

This got me thinking about my future, continued use of Evernote as my note-taking-and-storing app of choice.

I am first and foremost a Mac and iOS user. At work I occasionally do work from my corporate provided HP laptop. More often than not I find myself working from my personal Retina MacBook or corporate provided Retina MacBook Pro 15” 2013. So my usage requirements primarily revolve around the Apple ecosystem, although that does not mean I need to use their services. The important factor is ensuring whatever solution I stick with, it must be cross-platform – iOS, macOS, and web or Windows – so I can access my data no matter where I am or what device I am stuck using.

While I would not necessarily call these requirements, I find the following Evernote capabilities essential to my workflow. So any potential replacement solution should have at least one of these, but preferably most, if not all.

Web Clipping

One of the features I most use with Evernote is the web clipping capability via their web browser extensions. My favorite part of this feature is not the mere ability to save full web pages to Evernote, but to simplify the page, remove the unnecessary cruft, and save the important content for later consumption.

Business Card Scanning

As I previously mentioned, I live and die by Scannable. It is my most popular use for Evernote, outside of mere simple note taking. Is there really a valid replacement for this app for other Evernote-like apps?

Third-Party Access to API

Finally, I really enjoy how Evernote offers an accessible API. I have a number of IFTTT recipes that either save data to Evernote, or syndicate it out. AFAIK, no other solution offers this capability.

Folders and Tagging

While I do use Evernote’s built-in tagging system, I do not ever find myself browsing or searching via tags. As a result, tagging – for me – is just a nice-to-have addition. It is not a killer, must-have feature.

On the flipside, I thoroughly adore Evernote’s folder hierarchy. Folders can be nested within other folders, with notes inside those various folders, all for maximum compartmentalization and to simplify locating relevant data. This is one of Evernotes strong points. However, I do not find my use needing multiple nested folders, so long as there is some kind of basic folder structure in place.

Based on these thoughts, I came up with the following solutions:

  • Stick with Evernote
  • Migrate to Apple Notes
  • Migrate to Google Keep
  • Migrate to OneNote
  • Text-based Notes Saved to DropBox
Evernote. Sticking with this solution essentially means sticking with the status quo. It has worked flawlessly for me for years. If Evernote does start locking down the number of devices capable of accessing a single account, that could be problematic for me, and I do not want to be in a situation where my ability to get work done is dependent upon paying for a subscription.

Apple Notes. This is likely the smartest solution for my use case, primarily because I use Apple devices almost exclusively. However, Apple Notes has no ability to clip web pages stripped of excess cruft, is unable to scan business cards in the same manner as Scannable, nor does it have an API. The up-side of this is Notes does have a simplistic folder structure, but steers clear of the complexities tagging offers.

Google Keep. I used to be an avid user of Google products, and still do consume some of their offerings. However, I have tried to wean myself away from Google dependence because I disagree with their data mining position. Plus, Keep does not have a native macOS client, and is required to be accessed via the web.

Microsoft OneNote. This is likely the most true cross-platform application on the list. Overall, the UI is usable and the app is more than sufficient. However, I do not quite understand its syncing system, nor am I pleased with its folder hierarchy. Overall it is not a bad application, it is just that it does not seem to fit well with my thoughts on how note-taking applications function.

Text-Based w/Save to DropBox. Do I really need to go into how unwieldy and not user-friendly this solution is? While it is cross-platform, and allows for far more control over ones own data than the others, the lack of ease-of-use is off the charts. It is not worth the hassle to me.

Conclusion

As part of a test, this morning I exported all my Evernote notes and imported them into Apple Notes just to see how it would work. Export and import worked flawlessly and without any hitches. Although, I do notice some peculiarities with the imported PDF files, overall its not bad at all.

However, for some reason, I do not feel comfortable fully committing to Apple Notes quite yet. Already I miss the things I previously mentioned, and find myself yearning for those capabilities. So while I will continue to give Apple Notes a few more chances, I will also syndicate all my content on Evernote.

I really want to like Apple Notes since it has tight integration within macOS and iOS. This makes is highly attractive for those of us highly invested in the Apple ecosystem.

Just look at that facial expression. Does it instill confidence and give the impression this is a talented, intelligent individual who is extremely capable of running the United States of America?

I think the primary reason I dislike Donald Trump as a US presidential candidate is how he carries himself. It is not necessarily his racist beliefs in things like closing immigration to all muslims, or building a wall between US and Mexico. Rather, it is the arrogance he demonstrates when he mentions these fleeting thoughts.

The way he delivers these toxic ideas is worse than the thoughts themselves. His face is so easy to read when he is standing in front of the TV cameras, almost as if he has a sign hanging above him with an arrow pointing down at his head, and the words, “SMARTER THAN EVERYONE” written above.

Trump actually believes he is smarter than everyone, and therefore never is able to demonstrate any form of empathy or emotion. He has that same forever-entitled look on his face, falsely believing he is the smartest person in the room simply because he was born with a spoon in his ass mouth.

Does the United States really need a president leading the nation who is incapable of sympathy? While one of the leading traits a President needs is strength, they also need to have a soft side and show their ability to truly understand, and even feel, what the average person is feeling. Trump could give two shits, as long as he is increasing power, or amassing more net worth.

I have quite a bit more I can say but this is good for the time being.

This week is another random selection of interesting wallpaper found during my travels throughout /r/wallpaper on Reddit. Here are links to the originals:

This week I am really feeling either the Thailand Elephants or the Calgary Stampede. Enjoy these until next week.

I always love endlessly browsing wallpaper galleries in search of the next best image for my desktop, only to fall into despair because I am unable to make a decision on which fits best. In keeping with that idea, here are twelve breathtaking wallpapers to increase your excitement this week.

All the below links go directly to the full size images hosted at imgur.

All wallpapers were found while perusing the /r/wallpaper subreddit as part of my daily web surfing ritual.