TLS and SSL…What’s the deal?

You may have heard about TLS, TLS 1.2, TLS 1.3 or SSL Certificates, etc. What are they? Well, first off, we need to know what TLS and SSL stand for, then we can dive deeper.

TLS stands for Transport Layer Security. TLS is a security protocol that will provide security and encryption between web sites or applications and the servers and browsers that are being used to look at the site. It can also be used in other applications such as email, instant messengers or even VoIP (voice over IP) phone calls.

That’s all well and good but what exactly is it?

Well, TLS is an encryption protocol. The first version of it (TLS 1.0) came about back in 1999 by the Internet Engineering Task Force (IETF). More on them later. The latest version of TLS by the way is TLS 1.3 however; there are a lot of companies out there that don’t quite support that version as of yet. The most common version is TLS 1.2 and you should see at the very least that version on a lot of sites out on the internet.

#WarOnPineapple

Ok, you’re wondering what the hell a war on pineapple means. Especially on a security site. Well, there’s a war going on. People are either FOR pineapple on pizza or they’re AGAINST it.

Now, while you’re trying to figure out if pineapple belongs on pizza or not, let me just give you some information and where this is coming from. The #WarOnPineapple actually comes from the Cybersecurity and Infrastructure Security Agency (CISA). They are a branch of the Department of Homeland Security and was stood up approximately a year ago. Recently they held their 2nd annual cybersecurity symposium and I was lucky enough to get to attend. There were an amazing number of people there from state, local and federal government including the Secretary of Defense Dr. Mark T Esper. There were a large number of incredible speakers and I think I learned more at that conference than all the other ones I have attended combined.

Alright, now down to the #WarOnPineapple.

It’s actually an easy and quick way to show or rather explain how to understand foreign influence in something in 5 steps. And it’s actually pretty easy to follow. Let me break it down for you.

  1. Target a divisive issue
    • Find something that’s a hot topic, such as pineapple on pizza. Or in the case of a political arena a hot political race such as presidential.
  2. Move social media accounts into place
    • Use well established ‘fake’ media accounts. Change the name of an account and re-use it. Use established pre-made accounts that have built a following. Managing multiple accounts is not uncommon for one individual to do.
  3. Amplify and distort the conversation
    • Using trolling and bad or ‘misinformation’ is what is called for here. Anything that is going to make the individuals discussing it get into a more than usual discussion works. aka “If you don’t like pineapple on your pizza you’re un-American”.
  4. Getting picked up by mainstream media
    • Creating controversy and getting a topic so heated that it starts to trend and become something huge enough to be picked up by mainstream media. This gives the trolls validation and it is exactly how they help to push their agendas.
  5. Moving the conversation into the real word
    • Now comes the part where they really work it. They bring it to the real word with rallies, events, funding requests, anything to help get them to the forefront and cause more issues.

So there you have it. This is what the #WarOnPineapple has to do with cyber security and more importantly, it has to do with election security. Think about what happened in 2016. How information came from everywhere and nowhere. How it seemed like overnight things developed. All the controversy that was going on for all sides of the parties. Now think how big things have gotten and will get in 2020 with the next election. I almost hate to have social media accounts with the amount of mud slinging going around right now. And it’s only going to get worse.

You can however help prevent a new #WarOnPineapple. Head on over to the CISA Website to learn more about what they do, who they are and how you can help keep things secure. For more information on the #WarOnPineapple head on over to their sited dedicated to it. Just click on the link and find out more.

For your convenience I have included the pdf that they are providing and that is where I picked up the list above. I did not create the list myself, just reworded and presented it in a paragraph form that was easy and quick to read.

CISA The War On Pineapple: Understanding Foreign Interference in 5 Steps.Download

Now, back to that pizza. Does pineapple belong or not?

Let me know in the comments below.

Introduce Yourself

Hello, according to the default text I’m supposed to introduce myself and create excitement, or to get you personally interested in my site or some such idea…

Well, here’s a few things about me and why I’m doing this.

My name is Norm, I am ISACA certified as a CISM or Certified Information System Manager. It’s similar to the CISSP in security circles. No, unfortunately I don’t yet have my CISSP but eventually. I’m also certified by CompTIA in A+ and Security + as well as a host of other DoD/Army minor certifications dealing with Information Security.

In order to keep up the certifications from ISACA and CompTIA there are a certain number of hours of continuing educational activities and learning that I must do. Some of them are writing posts about the field, doing instructions, writing books, etc. so this is another way to get free credits towards re-certification.

I’ll be writing about just about anything in security from hardware, software, hacking, black hat, white hat, reviewing software, hardware, etc. This also includes any of the Cybersecurity conferences I go to, books I read, so on and so forth.

A little background…I’ve always been a computer geek, I got my first computer way back when the Commodore 64 first came out. From there it was the Tandy TRS80, Tandy 1000 and on and on up to the machines I’ve built and bought. But the real start to my career began around 20 years ago. Working for AT&T as a help desk technician, which led to becoming interested in networking and eventually led me to get into Cisco, routing, switching, then more into servers, etc. I’ve built my fair share of computers and installed almost every version of Linux that came out. I’ve worked on the RISC 6000 machines when I was with IBM and it all led me to working as a contractor for the United States Army. I spent 16 years working for them in the Information Assurance field. This is where most of my certifications and original security training came from. I’ve since branched out and did a lot of learning on my own. Books, training classes, conferences, blogs, YouTube videos, and just generally playing around till I learned something.

No, I don’t work for the Army any more and I’m currently contracted working as an Information Security Officer. Sorry boys and girls, not letting it slip where I work, it’s just something I don’t do. I will not talk about my current place of employment. It’s just easier that way.

I’d love to hear from anyone out there and I’d love to hear if I’ve helped so please get in touch and let me know who you are, what you need help with or if I’ve helped you.

Now, don’t expect multiple posts a day or even one post a day. I’ll be putting in some thought on what I’m writing about so it’s accurate and informative. But I promise I’ll be posting at least once a week and potentially even some videos.

I will say that I’ve got a few friends that may also be interested so I’ll host their stuff here as well. My son is also starting down the dark path of computers and computer security so expect a few things either from him or about him.

Anyhow, that’s about it for now. And welcome to Norm on Security.