Storing Phone Extensions in Gmail/Google Apps/Android

Appending a semi-colon (;) and an extension to any phone number in the Google address book allows one to be prompted to complete the dialing with the remaining digits. This is a great help rather than trying to store a series of commas (,) or letter p’s or w’s.

Since the prompt is a yes/no, it’s useful to dial the company line and break to the main operator by selecting ‘no’ when prompted.



New Offline Gmail Additions Welcome

Google’s Offline Chrome extension is a wonderful addition for any Google Apps user application with this latest update.

Key points for me:

  • All attachments within a user-selected period (1-week, 2-week, month) are downloaded for offline access/use
  • The performance is notably faster, more responsive
  • Better support for multiple-signin (imo)
Install the Gmail offline app from the Chrome Web Store.

Stuck Windows Public Networks

Windows 7 offers three types of networks as managed within the Network and Sharing Center: Home, Work, Public. Each type allows for customization of security policies such as what services are allowed through the Windows Firewall.

While the Home and Work types are relatively straight forward, what is Public is not always so. Sure, I have a string of thirty Starbucks and other Wifi hotspots that are obviously Public (as I set them to be upon connection), but you may encounter Public networks defined within your system that you were never given the choice to select in which category it fell. This special case of Public in fact is a network to which you connect that does not have a defined default gateway attribute. Microsoft further decided that these “unknown” Public networks cannot be made “known” with a reassignment to another class such as Work. So what’s the best way to handle this situation should you encounter it?

There is no single answer to the best means of addressing this Windows quirk, but there are common sense approaches that will allow consistent and predictable results. I outline the here one such avenue.

One of my typical use cases is creating special networks for my clientele. For example, in the graphic above I needed to demonstrate accessing a public static NAT through a next-generation firewall from a system within the same zone and interface upon which the “public” server resided. As the demonstration system is running virtual servers which are multi-homed, firewalled with true Internet access via another interface, adding a generic default gateway is never an option. So how can you have your cake and eat it too?

The answer is simple, add a weighted gateway to the interface then assign the connection to the zone in which you want it. :-)

IPsec has nothing to do with intrusion prevention…

…per se.

The Internet Protocol Security (IPsec) suite secures (the “sec”) Internet Protocol (the “IP”) communications by authenticating and encrypting each IP packet in a session.  Medial capitals do not apply so “sec” is all lowercase. I assume instances where the incorrect spelling of IPSec has been used are due to:

  1. The desire to create a more powerful or imposing word (IPSec being “bigger”).
  2. Confusion as to whether a relation exists between IPsec and IPS (’tis a suite after all).
  3. Human propensity to camel- or Pascal-casing even where acronym confusion can occur.

I admit the third can be the source of great amusement at times but not here.

I hope my tongue-in-cheek summary serves as a meme for any future communications and papers.  So, update your spellcheckers and let the smaller truth live on.


Google Certificate Obtained by Hackers

Trust No One

Ouch.  SSL Forward Proxies are becoming more common place for legitimate reasons. With the use of proper certs from root CAs (or trusted CAs even within your firm’s/institution’s/organization’s systems), many forms of so-called trusted communications are nullified.

Even though the hackers could execute man-in-the-middle attacks against Google/Gmail users without the end-users knowledge causing godknowshowmuchharm, at least… umm, at least it’s only one cert and everyone’s alerted. That’s positive, right? And it’s not like any hacker wouldn’t show his whole hand either! *cough*

So, no wonder why people layer security or go with proprietary methods. I’ve been asked before why Skype’s encryption isn’t standards based. Consider their decision in light of exploits such as Google certificate being hijacked…

Here’s to hope that the known cert is revoked broadly and quickly so that Google/Gmail users can sigh an uncomfortable breath of relaxation… and that people learn to not trust anyone, even themselves when it matters. ;->



The joys of industrial control systems…

Data and control protection - lock and keyToo often people design for the “worst case” being mitigated by “physical security”. Security controls, admonitions and warnings get lost with change or time. War texting is scary enough for most people: How many people buying “smart cars” knew a real risk existed that could allow someone to control elements of their vehicle?

Well, SCADA systems risks are seriously not given enough thought. Imagine what would happen if your favorite manufacturers, food processing plants, prisons, and water treatment plants were manipulated, secrets stolen and were the source of complex distributed attacks? Think of the risk to life alone and not even all the loss of money…

Thankfully people like Dillon Beresford are out there to help! Sometimes simple public awareness is enough to drive industry to better practices. Our Department of Homeland Security I’m sure has its hands full scoring risks with disclosures such as Mr Beresford’s.

Of course, there are firms that can be valuable to mitigate or, when possible, eliminate such risks. If you work for a company with control systems, contact your IT department and encourage them to reach out to their trusted experts or authorities. There are things that can be done even with system components that may not be patchable.