Category Archives: Customer Service

WHOM DO YOUR ELECTED OFFICIALS REPRESENT??

Organics Admin
Follow Me!!

Organics Admin

COO at Aladay LLC
Organic Farmer, Property Preservation Specialist and Custom Glass & Wood Worker. Blogger extraordinaire...
Organics Admin
Follow Me!!

Latest posts by Organics Admin (see all)

Is President Barack Obama in Monsanto’s Pocket???

obama-356133_1280

In 2007 Then Presidential hopeful Barack Obama announced to the world that he would IMMEDIATELY institute food labeling. All Mr. Obama has done is appoint former Monsanto lawyers to our courts and agencies that are supposed to protect the American food supply.

Ladies and Gentleman I ask you; Do you truly understand our electoral process?  We as voters and “constituents” have the right to “recall” an elected official if they are not performing to our wishes. This is how we are supposed to act instead of coming together and conducting behaviors that would be considered “revolutionary“.

Am I a revolutionary because I say Mr. Obama is a liar? Are you a Revolutionary because you do not want Monsanto in our food supply???

90+% of the American people want food labeling. So why don’t we have proper food labeling??? Don’t you think it is time to demand that our elected officials start doing the job we hired them to do??? make no mistake Ladies and Gentleman, you have hired the elected officials in Washington DC that are selling us out to line their pockets with political influence from Monsanto. They are in Washington DC to represent us not BIG BUSINESS like MONSANTO.

Remember Ladies and Gentleman…Monsanto is just one of the companies that is a member og what has become known as the Big 6 Ag Companies. BASF, Bayer, Dupont, Dow Chemical Company, Monsanto, and Syngenta.

Do your elected officials have political contributions form any of those companies???? Something you may want to look into….

Also of note…Monsanto knew that their products were not “Substantially Equivalent” , as the internal emails state. The information in the emails is directly contrary to Micheal Taylor’s policy.

Here is a list of Politicians that are in Monsanto’s pocket.

Again I ask you good people.

WHOM DO YOUR ELECTED OFFICIALS REPRESENT?????

On July 23, the U.S. House of Representatives passed a bill which is intended to permanently prevent passage of any state or federal law mandating the labeling of GMOs in your food.

H.R. 1599 is now before the U.S. Senate Committee on Agriculture, Nutrition and Forestry. A Senate version of the bill is expected to be introduced soon.

WHOM DO YOUR ELECTED OFFICIALS REPRESENT??

Please ask President Obama to pledge that he will veto H.R. 1599or any similar bill that would preempt GMO labeling laws.

In respect to this video…President Obama…with all due respect…YOU’RE A LIAR~!!!!

 WHOM DO YOUR ELECTED OFFICIALS REPRESENT??

There are two excellent reasons he should do this.

First, President Obama promised labels on GMO foods, in a campaign speech he gave in 2007, in Iowa. He said, “Here’s what I’ll do as President . . . . We’ll let folks know whether their food has been genetically modified, because Americans should know what they’re buying.”

WHOM DO YOUR ELECTED OFFICIALS REPRESENT??

Second, on May 20, 2009, President Obama issued an Executive Order against passing federal laws that preempt state laws. In a memorandum to heads of executive departments and agencies, the President wrote that “preemption of State law by executive departments and agencies should be undertaken only with full consideration of the legitimate prerogatives of the States and with a sufficient legal basis for preemption.”

WHOM DO YOUR ELECTED OFFICIALS REPRESENT??

In other words, he said, don’t preempt state laws unless you are on sound legal ground. According to the latest legal analysis of H.R. 1599, and according to a recent ruling by a federal judge on Vermont’s GMO labeling law (Act 20), there is no constitutional basis for preempting state GMO labeling laws.

WHOM DO YOUR ELECTED OFFICIALS REPRESENT??

H.R. 1599 was introduced in the House by Rep. Mike Pompeo (R-Kan.). It’s called the “The Safe and Accurate Food Labeling Act,” a name created to intentionally deceive busy lawmakers into thinking this bill is good for consumers.

WHOM DO YOUR ELECTED OFFICIALS REPRESENT??

We call it the DARK (Deny Americans the Right to Know) Act, because that’s what it actually does. It gives Monsanto the legal right to deceive consumers about what’s in their food.

A recent report says that since 2013, Monsanto and Big Food have spent $143 million in lobbying expenditures that mentioned GMO labeling. And those 275 U.S. Representatives who voted for H.R. 1599? They took in $29.9 million in contributions from agribusiness and Big Food, in 2014 alone.

WHOM DO YOUR ELECTED OFFICIALS REPRESENT??

We need to pressure our Senators to reject H.R. 1599 and to support mandatory labeling laws. But we also need to hold President Obama accountable for his campaign promise and remind him of his Executive Order on Preemption.

Please ask President Obama to pledge to veto the DARK Act, or any bill that would preempt GMO labeling laws.

Here is a movie/documentary you should watch. This will help you understand the extent of Monsanto’s reach in our government.

WHOM DO YOUR ELECTED OFFICIALS REPRESENT??

One would have to  think that the judges in cases involving Monsanto are also paid for…IMHO…..

PLEASE USE THE SHARE BUTTON BELOW AND SHARE THIS TO YOUR SOCIAL MEDIA PLATFORMS…..

Written by Aaron Aveiro and Organic Consumer Organization

Photograph courtesy Organic Consumer Organization

Opinions expressed do not reflect those of Aladay LLC Ownership

Business 101…10 Ways Everyone Should Approach Cybersecurity in 2015

Organics Admin
Follow Me!!

Organics Admin

COO at Aladay LLC
Organic Farmer, Property Preservation Specialist and Custom Glass & Wood Worker. Blogger extraordinaire...
Organics Admin
Follow Me!!

Latest posts by Organics Admin (see all)

White Paper Courtesy Global Security…

Contact us today for your consultation.
Contact us today for your consultation.

 

The following White Paper is courtesy Global Security.

Global Security provides security solutions for business of every size around the world.

James Michael Stewart, CISSP, CEHv3-8, CHFIv3-8, Security+, Global Knowledge Instructor….

Introduction

Many security breaches over the last year have taught us new lessons (or clarified ones we should have already learned). This paper reviews these key issues and focuses attention on 10 responses that we all need to adopt in our approach to security in 2015. The security breaches of 2014 were more numerous than in any previous year. They ranged from nuisance hacks to identity theft to the attempt to extort a major motion picture organization. Many of these attacks were preventable, mostly because prior security breaches have demonstrated flaws, misconfigurations, and design mistakes that many other organizations continue to have. Too many fail to learn from the mistakes and losses of others. If we hope to get ahead of the onslaught of hacks and attacks in the future, we have to learn from others. Here are 10 key lessons we need to learn (or learn again) from compromises.

1. Email Is Not Private

Email has always been a plain text communication medium. However, many have forgotten that or have become confused about its security over time. Those who use a web browser to access their email often see an https as the prefix of the URL, meaning their connection to their email is secure. But that SSL/TLS-encrypted connection only provided protection for accessing and reading your messages, not when sending or receiving them. Likewise, email client users may have configured SSL/TLS connections to their email server at their ISP or office. This type of connection provides security for the sending and receiving of messages, but only between the client and your local email server. Messages sent to other recipients across the Internet and received from others are often sent in plain text.
Email messages sent and received across a public Internet link are likely sent in their original plain text form. Several email service providers, such as Google, Microsoft, and Yahoo, have announced that they are in the process of setting up encrypted email transmissions for messages between their own members and others that join in their initiative. However, it may be years before a majority of messages are encrypted for transit. And I would not ever make the assumption that all messages will be encrypted for the foreseeable future.
There are two approaches I want you to consider when dealing with email. First, minimize the transmission of information across email that could cause you problems (or heartache) if it was intercepted in transit, whether by your employer, family, government, or hackers. Seek out a more secure form of information transference, such as encrypted file exchange, text chat, or video conferencing, for those items of importance of value. Second, start using an email encryption utility yourself. This is currently a mechanism available mostly to users of standalone email clients, such as Thunderbird and Outlook, but may be available to web-based email through the use of browser plug-ins. S/MIME is an email encryption and digital signature solution that you might already be using at work, as it is a standard and integrated well with smart cards, Common Access Card (CAC), and Personal Identity Verification (PIV) devices. Another encryption mechanism to consider is that of PGP (commercial), GPG (GNU licensed), or OpenPGP (Open source). The primary drawback to client-based email encryption solutions is that your recipient must have a corresponding solution installed in order to decrypt your messages or verify your digitally signed messages. If you fail to encrypt your emails, there are others who are more than willing to read them without your knowledge or consent.

2. No Network Is Fully Secure

If you have attended any security training, I’m sure you were informed of the fact that security is never a completed project, it is always a journey whose destination changes often. There is no perfectly secure network and it is impossible to construct one. There are always means to breach security, whether through technical exploits, physical breaches, or social engineering. However, many organizations seem to act like their security is complete, that their network is unbreachable, and that their environment can be fully trusted. In 2014, hundreds of organizations realized that their networks were not perfect when hackers broke in to cause damage and steal confidential information.
All of us need to realize that the technology we use is rather young and it has not yet had the time to mature. We often strive to grab the latest and greatest gadget or upgrade to the newest release of a product. However, “new” means untested and thus its flaws and exploits are unknown. We are placing too much faith in the developers, manufactures, and programmers of our hardware and software. I’m not suggesting we run from technology and return to pen and paper, but I am suggesting that we take a more cautious approach to using technology to store and protect our most important information and assets.
We need to have more reliable backups as well as more backups. A backup is worthless if you cannot recover data from it. A single backup protects you only from data loss if the damaging event does not also destroy the backup. Everyone needs to follow the 3-2-1 rule of backups:
3) Always have three copies of your data—the original and two backups
2) Use two different types of media to store or host the backups (such as a hard drive and cloud storage)
1) Do not store both backups in the same physical/geographical location
We can also learn from this issue that no network is fully secure. We need to add additional layers of security to the existing infrastructure including storage encryption, using multi-factor authentication, tracking/auditing all access attempts, having stateful inspection firewalls, and monitoring it all with intrusion detection and prevention systems (IPDs).

3. Large Organizations Cannot Be Trusted

Just because a company has been successful and grown into a large corporation does not imply that it offers the best security to its customers. Often the priorities and obligations of a large organization are counter to the desires and interests of its individual customers. Never assume that you are a company’s top concern. Think twice about putting your most important or personal information online. Whether a social network, a cloud storage solution, or an e-commerce site, you are putting yourself at risk when you post private, sensitive, or valuable information online.
Always set your account information to private when that option is made available. Provide only the minimum amount of information in the creation of an online account, especially for new services you might not continue to use. Consider having a separate email address for use with new sites so you don’t expose your primary email address before you understand more about an online site or service. Have a credit card that is used only for online purchases and nothing else. Monitor this account for any questionable activity often, such as weekly or daily depending on your level of concern. Automation of your bill-pay, paycheck deposit, and retirement investing can be a huge time saver and assist in you actually saving money for retirement. However, you need to check on those systems regularly (e.g., monthly) to make sure the numbers are correct and the procedures are working as you defined them. If you find a mistake or an error quickly, it can be corrected with little consequence. But failing to notice a problem could cause you to lose your retirement savings or screw up your credit with unpaid bills. You must be an advocate for yourself.

4. Information on Social Networks Is False

As humans, we trust that which is familiar—whether it’s the last two miles on our drive home where we don’t pay as much attention or a co-worker that we ask to watch over our belongings while we step away. Hackers and media outlets know this and work hard to become as familiar to you as possible. This is why you hear and see the same advertisements too often in so many different mediums (print, radio, TV, online, etc.) and companies establish trademarks for their products. This same concern applies to many other aspects of our lives, both in the real world and online.
We all trust our friends, that’s why we call them friends and not enemies. However, when communicating with a friend through a social network, you are at risk of impersonation attacks. If an attacker can take over the account of a friend, then the communications from that account to you are no longer from your friend but from the attacker. Initially you won’t know this and are likely to be tricked into believing something false or downloading and installing something malicious. Be slow to believe information seen online, especially through social networks, even when related to someone you know and trust. If something seems odd or out of character, then contact that person through some other means (not the same social network site), to inquire about the concern.
There is also a wide range of people who enjoy crafting false information for the purpose of misleading everyone. Sometimes they want to stir up a group, sometimes they want to get a strong reaction, sometimes they want to sell a product, and sometimes they want to use the farce as a distraction. Online information sources, even news agencies, need to be filtered through a lens of skepticism. Take the time to investigate a claim, report, posting, or headline. Find out the source, consider opposing viewpoints and perspectives, and don’t believe it just because it was posted online.

5. Your Online Activities Are Being Tracked

Tracking is a fact of online activity. Most websites are free because advertisers pay them. This payment is not just for the privilege of showing you advertisements, but to track your activities and develop a dossier about your habits and interests. This type of tracking is big business and it is a huge part of your online activities. You may have become aware of several initiatives to reduce tracking, such as a Do Not Track flag set on your browser to inform websites of your wish to not have your activities monitored and sold off to third parties. There are other steps you can take to reduce the amount of tracking that targets you, these include:
 Use the incognito mode or private browsing mode of your web browser
 Disable third-party cookies
 Set your browser to delete all cookies at shutdown
 Use a browser plugin to control website content, such as NoScript for Firefox and ScriptSafe for Chrome
 Use a cookie tracker to become more aware of the amount of tracking taking place, such as Collusion for Chrome
 Use advertisement blockers and tracking blockers, such as AdBlock Plus, Do Not Track Plus, Ghostery, Disconnect, and Privacy Badger
 Install the HTTPS Everywhere plugin for Firefox and Chrome to force the request of encrypted web communications, as this will reduce the ease by which third parties can monitor and track your activities
These suggestions will greatly reduce the amount or level of tracking that targets you, however, they are insufficient to block all tracking. There are techniques, commonly labeled as super-cookies, which cannot be easily blocked. These techniques take an inventory of your web browser and related or accessible sub-systems in order to create a unique fingerprint of your system. Since they don’t deposit anything on your system, there is nothing to block. If your system remains configured relatively the same over time, then your unique fingerprint can be recognized each time you return to the site.
I think everyone should consider using some form of tracking blocking or filtering mechanism. But I do want to present an important alternative perspective regarding online tracking. If we as consumers of the Internet are able to successfully block all tracking (and subsequently all target advertisement), then many of the websites and online services that we currently use for free will have to start charging us for their use. It might be a worthwhile trade off to allow some level of anonymous bulk tracking for the purposes of targeting advertising so we can continue to use online content without having to pay more than our initial connection fee to our ISP.

6. Staying Anonymous Is a Challenge

News reports of hackers being apprehended often state that the offenders were using anonymization services, but they made some mistakes. Often those mistakes are failing to use their anonymization tool each and every time they connected to their attack target. When attackers forget to use their tools, they often leave behind a trail that can be followed by investigators—you need to be aware of as well.
I’m neither condoning attacking nor encouraging you to commit crimes or even act unethically, but there are valid reasons to be anonymous when using some Internet services. Whether needing to report a crime, seeking help due to an abusive relationship, or needing advice when involved in an embarrassing situation, there are some valid and ethical reasons for needing online anonymity. However, for the typical user, being anonymous is extremely difficult. This is mostly due to the fact that so many criminals use anonymization services to hide their identity while committing crimes, that law enforcement has spent considerable effort to breach the anonymity of those mechanisms.
However, if you find yourself in need of being anonymous (again, for a legitimate and ethical reason), here are some suggestions to keep you as anonymous as reasonably possible for the any non-criminal:
1. Don’t use your personal system for any communications that you need to be anonymous. Don’t use your smart phone, tablet, or the main OS on your primary computer.
2. Install a virtualization or hypervisor product, such as Virtual Box (which is a free product from Oracle), onto a computer. This can be your primary system or a second system you dedicate for this purpose.
3. Run a live or ISO version of Ubuntu in a virtual machine. Ubuntu is a simple-to-use version of Linux that any Windows user can operate. The live or ISO version of an OS will not save or retain any changes across reboots.
4. From Ubuntu, install and use the TOR anonymization service, see torproject.org for instructions
5. Use a different browser than the one included with the TOR tool. You will have to set the proxy setting for this alternate browser to use TOR, typically the address of 127.0.0.1 and port 9150.
6. Use the incognito or private browsing mode of the alternate browser.
7. While accessing the Internet, do not log onto any site for which you have an existing account.
8. If accounts are needed for certain services, do not use anything about yourself in the registration process. Set up a temporary email address (search on “temporary email”) and do not use your real name, real email address, real phone number, or any other identifying factors when setting up an account.
These steps are not convenient, but they will provide you relatively reliable anonymity while using online services. Be careful. While it may be easy to be anonymous, it is difficult to stay anonymous. Most of the time, anonymous users give themselves away by being infected by tracking tools, failing to use their proxy properly, forgetting to use the proxy, or accidentally outing themselves by providing personal information or logging into their normal online accounts.

7. Vendor Code May Have Backdoors

A backdoor is a means to gain access to a system that bypasses or avoids the frontdoor. The frontdoor is normal regular authentication using valid account credentials. Backdoors are mostly known as being planted by a hacker once they have compromised a system through some other means. However, we have learned that a number of widely used products and services happen to have backdoors in them that were planted by the vendors on purpose or by an unscrupulous member of their development team.
Early in 2014 it was discovered that Cisco, Linksys, and Netgear wireless access point devices (and possibly many others), which use components manufactured by Sercomm, could be accessed with full control just by connecting to port 32764. The firmware of these devices was later updated to require a knock packet before gaining access, but this only reduced the threat, it did not eliminate it.
A flaw in the widely available BASH shell on UNIX and Linux was discovered which allows a hacker to gain access to a command shell in order to run arbitrary commands on a system as the root. This issue was branded Shellshock and Bashdoor. The flaws have existed in the BASH code since September 1989. A patch is now available, but it will be years before a majority of deployed UNIX and Linux systems are properly updated to seal this hole.
Another example of vendor-supplied code having a backdoor was revealed in late 2013. D-Link wireless access points had a backdoor planted by programmers sometime during the firmware development. It granted an attacker the ability to access the management interface without providing authentication credentials just by setting the web browser’s user agent to “xmlset_roodkcableoj28840ybtide”. Updated firmware is now available, but it has not been universally installed.
The problem that vendor code may have backdoors is a difficult issue to address because these issues are often unknown issues until they are discovered and made public. I would recommend keeping a closer watch on security discussions and vulnerability postings. And be aware that the systems you trust and rely upon today, may be shown to be flawed and insecure tomorrow. Don’t place all of your trust in a single vendor or a single security protection. Having a heterogeneous environment and security designed with defense-in-depth in mind are essential to being prepared for the unknown.

8. Segmentation/Compartmentalization of Networks Is Essential

It is simpler to set up a private network as one internal group. A single collective of clients and servers is much easier to manage and it also much more convenient for accessing resources. However, this openness, freedom, and convenience is also a vulnerability. We must take on the perspective that our company’s security will fail at some point. When that happens, how easy have we made our environment for the discovery and access of our most valuable assets? Companies need to reconsider their network deployment. Segmentation or compartmentalization is key to limiting damage and access once malware has gained a foothold or when a remote access Trojan has allowed a remote hacker into your organization. Different departments, processing groups, or value/sensitivity leveled systems should be separated from one another in subnets with unique IP address assignments, enforced by firewalls, and monitored by IPDes.

9. Clarification of Incident Response

Many companies that experienced breaches in 2014 discovered that they were ill prepared to respond to the violations. This resulted in attacks lasting longer than necessary, allowing more systems to be compromised, making it more difficult to track down the perpetrators. This can be addressed by your organization by making the effort to clarify your incident response. You need to have a written policy, a trained team of responders, and perform regular drills and simulations. We must understand that we operate in a world where security breaches are inevitable. So, in addition to buttressing up our defenses to reduce the chance of compromise, we must also be prepared to deal with a compromise if and when it occurs. A well-managed incident response procedure is a good example of preparedness.

10. Respect the Reports and Alerts from Your Security Products

Many of the compromises we learned about in 2014 were detected long before the majority of the attacks or information leaks took place. The attacks were allowed to continue as the reports of these breaches were either overlooked or ignored. Details have surfaced that reveal the Sony attack of 2014 and the Target attack of 2013 were both detected months before the main offensive of the attacks took place. If the officers in those companies had respected the reports and alerts from their security products, a significant portion of the compromises they experiences could have been averted.
Yes, there are going to be false positives. But the proper way of addressing false positives is to respond to and investigate each and every alert. Then tune and adjust the detection system to avoid being triggered by the same false event. When millions of customers’ personally identifiable information (PII) and financial information, the reputation of the company, and millions of dollars are at risk, it is essential to respect the reports and alerts from your security products.

Conclusion

There are solid lessons to be learned from every mistake, accident, compromise, and attack. It is smart to learn from the failings of others rather than making the same mistakes and experiencing the same loss. Whether in our personal lives and online activities or related to a global corporation, we need to grow up and become much more mature in regards to our security management. We have to make these changes ourselves. So, keep an eye out for new compromises on the horizon, but don’t forget to learn from the security failures of both individuals and organizations.

Learn More

Learn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge through training.

Visit www.globalknowledge.com or call 1-800-COURSES (1-800-268-7737) to speak with a Global Knowledge training advisor.

About the Author

James Michael Stewart has been working with computers and technology for over thirty years. His work focuses on security, certification, and various operating systems. Recently, Michael has been teaching job skill and certification courses, such as CISSP, ethical hacking/penetration testing, computer forensics, and Security+. He is the primary author of CISSP Study Guide, 6th Edition; CompTIA Security+ Review Guide: SY0-401; Security+ Review Guide, 2nd Edition (SY0-301); CompTIA Security+ Training Kit (Exam SY0-301); and Network Security, Firewalls, and VPNs.
Michael has also contributed to many other security focused materials including exam preparation guides, practice exams, DVD video instruction, and courseware. In addition, Michael has co-authored numerous books on other security, certification, and administration topics. He has developed certification courseware and training materials as well as presented these materials in the classroom.
Michael holds a variety of certifications, including: CISSP, CEH, CHFI, and Security+. Michael graduated in 1992 from the University of Texas at Austin with a bachelor’s degree in philosophy. Despite his degree, his computer knowledge is self-acquired, based on seat-of-the-pants hands-on “street smarts” experience. You can reach Michael by email at michael@impactonline.com.

 

Property Preservation Companies

This is usually where I give a shameless self promotion and plug our services. However, this is not an area that I excel in. So, for those of you in the PPI there is a company that understand the unique needs of the PPI and  can assist with a risk assessment…Griffin Security Services.

 

Until Next Time

Happy Gardening…

 

Thank you to Global Security and James Michael Stewart and allowing the republication of this material.