The CDC claims the seasonal influenza vaccine will not give you the actual flu but can result in side effects that are consistent with being sick with the flu virus. These include fever, headache, difficulty breathing, hoarseness, hives, weakness, and facial swelling. Well, that kind of sounds like being sick with the flu.

I know the flu vaccine makes me sick. Sometimes really sick, sometimes just a little sick, but every time I get a flu vaccine I get “flu-like symptoms” to one degree or another. Call me sick or not, but I am certainly not healthy at that point.

And I am not the only one. Although the CDC adamantly claims the flu vaccine will not – cannot – make you sick with the flu, a large percentage of Americans feel otherwise. A 2018 poll conducted by the NORC at the University of Chicago found that 41% of Americans do not get a yearly flu vaccine. When asked why they do not get the vaccine, 36% explained they have suffered negative side-effects from previous flu-vaccines. Side effects including fever, headache, sore throat, and shortness of breath.

Guess what those symptoms are also consistent with? Covid-19. Yes, the early symptoms of a Covid-19 infection are the same you may face after being vaccinated for the seasonal flu.

People often attempt to promote themselves or bolster their credibility by claiming they do good deeds. I am always amused by people who do this by claiming to do things that we are all expected to do anyway. “Why would I steal that, I pay all my bills?” or “I’m just out working hard trying to make it, I take care of all my kids”. In some social settings, such acts do set the claimant apart from their neighbors and peers, but in reality, it is what they should be doing anyway. Every member of society is expected to do these basic social responsibilities. You should pay ALL of your bills and you should take care of ALL of your children.

The Git repository and DevOps platform GitLab received some very positive press this week for conducting a phishing simulation on their employees. The GitLab Red Team used the open-source phishing campaign software GoPhish to target a sample of fifty employees with an email offering a laptop computer upgrade. Not surprisingly a significant portion of the test subjects failed. Thirty-four percent of the tested subjects clicked the link and fifty-nine percent of those employees provided their credentials. That works out to be ten employees provided their GitLab corporate credentials to the “bad guys”.

One of the most rewarding things I do is teach a class at the local community college. I love teaching and sharing my knowledge. I do not like the overhead or drama that comes along with it (that should be a post itself) but I absolutely love leading a group of students to the better understanding and appreciation of the criminal justice system. Like everything so far in the year 2020, this semester was the best of times and the worst of times all at once.

The class started in the classroom and ended online. The last time we physically met on campus was for the mid-term exam, so the class ended up being an equal mix of fifty-percent on campus, and fifty-percent online. Actually, we met one more time online than on campus, so I’m considering it an online course thereby allowing me to tick the resume checkbox of “online teaching experience”.

Teaching a class at a community college is the proverbial box of chocolates, you never know what you are going to get. The students vary greatly in age, educational background, life experience, and economic status. But they are all there for the same reason, well most of them, to achieve learning which will lead to professional success. This class was one of the largest and most diverse I have instructed which allowed for the opportunity to push discussion and student interaction. The students challenged me with pointed questions that in turn lead to some fantastic classroom interaction. Until, at least, Covid-19 arrived and shut the campus down.

My agency recently conducted a “phish your own” campaign and the results were, as usual, disappointing. Or maybe shocking. I was unaware that the message was going to be sent, but as soon as it hit my inbox, I questioned my office mate if he had also received the message? Upon affirmative response I declared it a phishing simulation as there was no way the spam filter would not have caught it. The email had more red flags than a pre-hurricane beach. Yet, ridiculous as the email was, over twenty people still fell for it. In a real life situation that is twenty opportunities for the attackers to access our network.

So here are three four a few quick and easy ways for to spot a phishing message.

For those of us old enough to remember, the classic comedy show Monty Python's Flying Circus had a series of skits parodying the Spanish Inquisition. The catchphrase “No one expects the Spanish Inquisition” was declared to explain the surprise when the trio of inquisitors suddenly appeared. I always think of this exclamation when I read about a company being pawned by a malicious employee. No one expects the insider!

But the larger question is “why not?”. Why is everyone still so shocked when a business is exploited through the effort of a bad employee? At some point it must be expected; you are going to be attacked from the inside. And shame on you if you fail to take (any) proactive steps to prevent it.

The most recent sensational insider threat story comes from the digital game provider Roblox. Allegedly, an employee was paid to provide access to Roblox records, including the backend customer service panel and player accounts. Joseph Cox has written a full expose for Motherboard (Vice).

And Rat's... In policing we have a simple saying to explain the monotony of continuously mitigating the poor choices of society, “same stupid thing, different stupid people”. Much Like your favorite gif video from the subreddit r/holdmybeer, rope-swings and mini-bikes never end well. Criminals keep using the same tricks to victimize different people, and different people keep making poor choices to become victims. It’s a never-ending loop. The faces change, the poor choices don’t.

In the most recent illustration of this concept, a cybercrime group dusted off a 15-year-old attack tool to victimize a new crop of fresh-faced college and university students. Most of these students were still learning to read the first time this tool was released to victimize – fresh-faced and naive college students.

I cannot dismiss the similarities between the current COVID-19 threat to human life and the threat of damage from cyber actors that businesses face every day – and have since they plugged into the Internet. Of course, it must be understood the stakes are much higher when humanity is facing down a deadly virus as the ultimate end can be death, not the loss of money, data, or reputation.

In the debate of when to “re-open” our now closed lives and return to “normalcy”, the news reporters and pundits often lament on the aspect of risk. But they rarely get it right.

The user is the weakest link. Long live the user.

All of us involved in the information security domain knows that the end-user is the weakest link of the security framework. Empirical study and anecdotal experience back this up. The bad guys know this and exploit it to maximum benefit. The 2019 Verizon Database Breach report details that 94% of all cyber breaches start with an email. Yet as security professionals, we also realize that it isn’t fair and bad form to blame the end-user. Particularly if they haven’t been properly trained.

Of course, it is easy to blame the user. Oh, how easy it is. Who clicked the link, answered the phone, or fell for the ridiculous story and sent the wire transfer. And they have received training. Well, at least a 15-minute lecture or a 3-minute video.

The police are often called to address some issues of society simply because there is no one else to call. It isn't a threat, certainly not a crime, just something that is happening that should not be and at the moment there is no one else to fix the problem. There are dozens of examples. Some are good such as baby ducks stuck in a sewer drain in need of a quick rescue. And some bad, such as a lady who calls the police because she believes a man's diesel truck is emitting too much exhaust and is single-handedly killing the environment. Anyone who has been involved in policing for more than a year can provide endless examples of such calls for service. For better or worse the police dutifully respond and put on their best face, sometimes out of fear of discipline and sometimes simply out of amusement.

This brings us to the current situation. The 2020 COVID-19 pandemic. The police are being forced into a position they really would prefer to not be. No, not ad-hoc healthcare workers but enforcers of mandatory business closing and social distancing. Oh, and forced face mask usage.