Tag Archives: Security

Solving Extreme Poverty

Posted on by
6

The video presentation Solving Extreme Poverty and Homelessness in the USA can be seen on YouTube:

Commentary on Quora can be accessed here: https://qr.ae/pG5f5w

PDF of all slides in the presentation:

Solving-Extreme-Poverty-2021-07-26Download

Presentation Text:

Solving Extreme Poverty and Homelessness in the USA

This presentation describes a potential solution from a big picture perspective. These ideas are being presented as a starting point for discussions on poverty and homelessness. I am inviting fellow poverty survivors – people with lived experience surviving poverty, particularly homelessness – to participate in this discussion. If you have never experience poverty directly, your support is appreciated but please be respectful and allow people with lived experience take the lead in this conversation.

Big Picture, Big Steps

Three (3) different plans with overlapping goals implemented simultaneously. This presentation covers the objectives of all three plans and then looks at the five-year plan in more detail.

5-Year Plan

The 5-year plan.

The objective is to meet the immediate needs of people currently surviving extreme poverty or homelessness, those in danger of slipping into poverty and people escaping catastrophic events, 

To this end, the 5-year plan focuses on providing emergency support to those surviving poverty, universal support to everyone and the establishment of emergency facilities and basic infrastructure to support providing for a large population a catastrophic event.

50-Year Plan

The 50-year plan.

The objective is to address the root causes of social inequality, financial inequality, global warming and environmental destruction.

This requires digging deep into complicated issues like systemic racism, global warming, environmental destruction and crumbling infrastructure.

500-Year Plan

The objective is to address long-term problems through multigenerational planning.

The 500-year plan lays the groundwork for making changes while fostering a culture of identifying and evaluating potential risks and consequences across many generations.

5 Year Plan

Now for a more detailed look at the five-year plan.

On its own, this is an ambitious band-aid for out-of-control homelessness and poverty in the United States, designed to keeps people alive while facilitating a transition into the 50-year plan.

Emergency Support

Emergency support is a lifeboat, not a final destination.  It consists of an expansion of both the resources available and the number of people eligible, while simplifying the process for accessing necessary resources.

Government Benefits

Food, housing, transportation and childcare make up the most basic benefits already available. They also address some of the most basic necessities.

Modifying the existing program is simple:

1) increase the amount of all resources made available to each person,

2) increase the annual income requirements to include the middle class,

3) simplify access – For example: automatically enrolling everyone whose tax returns indicate eligibility, and

4) Expand benefits to cover more key issues faced by people surviving poverty, such as student loan forgiveness and free legal assistance

Universal Support

As the title implies, these resources would be immediately available to everyone.

Universal Basic Income (UBI)

Universal Basic Income or UBI checks providing a reliable monthly payment to everyone over a certain age, regardless of income, living status or participation in other government assistance programs. Cash in hand goes a long way towards establishing nationwide financial stability and ensuring the basic needs of the population are met.

Universal Health Care

Five (5) years of Universal health care, covering all aspects of mental and physical health care at no cost to the patient, including medical programs normally addressed outside of hospitals, like dental, eye and chiropractic care.

Universal Photo IDs

The universal ID would be designed to be entirely free of charge, reasonably easy to create, centrally managed and regularly updated. To that end, a new ID could be based on anything from standard identification documentation to information provided by the individual verbally or select biometric data types.

The objective is to get everyone into the official universal photo ID system, including people who already have other forms of government ID, thereby making it commonly available and useful.

This may require connecting it to a specific purpose, such as voter identification, a centralized medical records system, or the universal medical benefits program.

Emergency Facilities

Emergency facilities are distinctly different from existing resources available to people during a crisis. They are designed to provide refuge to a very large population of people, pets and property during anything from a personal emergency to a catastrophic event or a mass evacuation.

Facility Formats

The resources currently available have three (3) possible formats: 1) a cold site, 2) a warm site, and 3) a hot site.

Cold Site

A cold site takes time and effort to set up and may require additional supplies to get up and running. Examples include bomb shelters, remote summer cabins or an RV only used for vacations.

Warm Site

A warm site is used on a limited basis or has a primary purpose that makes it reasonably easy to modify quickly. Either way it is partially up and running and mostly operational. Examples include schools, community centers, churches and stadiums.

Hot Site

A hot site is fully functioning and continually operating. Examples include hospitals, hotels and homeless shelters. Unfortunately, currently operating hot sites are not equipped to handle a large-scale emergency.

Homeless shelters struggle to meet the needs of people surviving poverty on an average day.

Hospitals and hotels are neither designed nor equipped to handle a large population for an extended time.

Emergency Facilities are hot sites specifically designed to handle the worst-case-scenario by meeting the long-term needs of an extremely large population during a crisis – whether that crisis affects a single person or involves a mass-evacuation.

Basic Requirements

Emergency facilities provide a place to live, a place to die, the resources necessary to live, and the ability to access at least one facility from anywhere in any state in the country.

Handicap Accessible

They are 100% handicap accessible because an evacuation event requires fast and simple processes. Able bodied people can used handicapped accessible housing without modification or difficulty. The same cannot be said about people who are handicapped or injured being placed in standard non-accessible housing.

A facility that is 100% handicapped accessible can provide housing and basic resources to anyone at any time – without delay. Simple. Fast. Efficient.

Known Population

The facilities, supplies and the public transportation connecting them MUST be designed to meet the needs of 150% of the total known population of the entire state.

That number includes the housed, unhoused, and temporary residents.

Why 150%? First, it’s an emergency facility. During an evacuation, everyone is moved out of the danger zone and into a safe place no questions asked – there MUST NEVER be a moment when people are stopped and evaluated for access.

Second, if the entire population is evacuated to these facilities at the same time and the total population count is off by 10%-25% or more, then there’s still plenty of room for everyone, including emergency transfers from other facilities.

Emergency Transfer

Which brings us to Emergency transfers. These are pre-established plans for moving people to different emergency facilities when the local facility is compromised, destroyed or at capacity.

To illustrate, try to imagine the states of California, Oregon and Washington on a map. All three states share an ocean coastline and problems with regular natural disasters, such as earthquakes, wildfires, floods and drought.

In this fictitious scenario…California has three (3) emergency facilities, Oregon has one (1) and Washington State has two (2). A wildfire rips through Oregon, forcing the evacuation of a large portion of its population to the emergency facility. This works until the fire changes course and starts heading for the facility itself

Despite planning, prevention and firefighting efforts, the fire gets dangerously close, and the Oregon facility must be evacuated. Per the plans already in place, the entire displaced population is sent to emergency facilities in California and Washington State via specially designed public transportation, such as a high-speed rail.

When transfers arrive, they are immediately provided living arrangements and access to all resources. Housing and assistance continue for as long as each person or family needs.

When the Oregon facility re-opens, those who remain at the emergency transfer locations are given the option of being transferred back to Oregon. Transfers are always free of charge and, outside of an emergency evacuation, they are voluntary.

Medical

An emergency facility requires comprehensive medical resources. Because this is a continuously operating facility, those resources are available – free of charge – to anyone who needs them 24 hours a day 7 days a week.

Nursing Homes and Hospice Care

A mass evacuation event is going to generate serious injuries, some of them fatal and others requiring long-term care. Evacuations also include nursing home residents and hospice patients in other regions of the state. Therefore, the emergency facility must be prepared to handle the needs of these patients.

Homelessness among the elderly is becoming more and more common. Serious illness often causes financial ruin that leaves individuals and families at the mercy of the welfare system and homeless shelters. Therefore, facilities must be prepared to continuously accommodate the needs of people dealing with a family or personal crisis.

Political

Catastrophic events do not adhere to a political calendar. Citizens evacuated to an emergency facility still have the right to vote in all elections – local and national. Voting options must, by necessity, be made available to all citizens residing at a facility for any length of time.

Communications

Basic communication resources include reliable high speed internet connections and universal cell phone towers designed to allow the entire population the ability to contact family and friends, or to remotely connect to work and school.

This facilitates communication between individuals, families and government agencies during a disaster. It also helps to encourage people to leave an area in anticipation of a known pending disaster, like a hurricane.

Education and More

Getting back to normal after a disaster takes time. Most likely, people forced to rely on an emergency facility will live there for several months or even years. Life continues.

Children must be educated, and college students need to finish school.

There are religious events and cultural holidays to observe.

Athletes and arm-chair warriors alike need to continue their training.

Opportunities to participate in both sports and the arts relieves stress, builds community and helps people continue living their lives. Which, in turn, helps people recover from a traumatic experience and get their lives back on track.

Legal System

Laws and policies governing emergency facilities must be consistent across the entire network to ensure that a flood of people traveling between facilities during an emergency transfer can complete the move as smoothly as possible. The fewer details people are trying to figure out during an emergency, the better.

Community and Culture

Many people will stay at a facility temporarily. Some will take a job and settle down permanently. There will be students who come seeking a free education and individuals who simply choose to remain long-term – these are all good things.

Anticipating the establishment of a permanent community and actively working to foster a culture that is conducive to the unique nature of life at an emergency facility will help ensure smooth operation over the long-term.

Big Picture, Big Steps

That’s the basic overview of the primary components of the five-year plan à Emergency support, universal support and emergency facilities.

Solving Extreme Poverty and Homelessness in the USA

Thank you for listening!

Controlled Killers

Quote

Posted on by
Reply

Berezovo had been life-trained in security work, particularly that having to do with Soviet security problems in North America, where this killer would operate. If a normally conditioned Anglo-Saxon could be taught to kill and kill, then to have no memory of having killed, or even of having had the thought of killing, he could feel no guilt. If he could feel no guilt he could not fall into the trap of betraying fear of being caught. If he could not feel guilt or the fear of being caught he would remain an outwardly normal, productive, sober, and respectful member of his community so that, as Berezovo saw it, this killer was very close to being police-proof and the method by which he was created must be very, very carefully controlled in its application to other men within the Soviet Union. Specifically, within Moscow. More specifically within the Kremlin.

The Manchurian Candidate by Richard Condon

Nonpublic Personal Information (NPI)

Posted on by
Reply

Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. § 6801-6809 (2002). Available at: https://www.law.cornell.edu/uscode/text/15/6809

(4)Nonpublic personal information
(A)The term “nonpublic personal information” means personally identifiable financial information—
(i)provided by a consumer to a financial institution;
(ii)resulting from any transaction with the consumer or any service performed for the consumer; or
(iii)otherwise obtained by the financial institution.
(B)Such term does not include publicly available information, as such term is defined by the regulations prescribed under section 6804 of this title.
(C)Notwithstanding subparagraph (B), such term—
(i)shall include any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any nonpublic personal information other than publicly available information; but
(ii)shall not include any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived without using any nonpublic personal information.

(GLBA, 15 U.S.C. § 6809(4)(B))

 

Phishing: Setting Traps

Posted on by
Reply

Lay traps: When you’ve mastered the basics above, consider setting traps for phishers, scammers and unscrupulous marketers. Some email providers — most notably Gmail — make this especially easy. When you sign up at a site that requires an email address, think of a word or phrase that represents that site for you, and then add that with a “+” sign just to the left of the “@” sign in your email address. For example, if I were signing up at example.com, I might give my email address as krebsonsecurity+example@gmail.com. Then, I simply go back to Gmail and create a folder called “Example,” along with a new filter that sends any email addressed to that variation of my address to the Example folder. That way, if anyone other than the company I gave this custom address to starts spamming or phishing it, that may be a clue that example.com shared my address with others (or that it got hacked, too!). I should note two caveats here. First, although this functionality is part of the email standard, not all email providers will recognize address variations like these. Also, many commercial Web sites freak out if they see anything other than numerals or letters, and may not permit the inclusion of a “+” sign in the email address field.

After Epsilon: Avoiding Phishing Scams & Malware, Krebs on Security, by Brian Krebs, 04/06/2011

Unintentional Insider Threat (UIT)

Posted on by
Reply

An unintentional insider threat is (1) a current or former employee, contractor, or business partner (2) who has or had authorized access to an organization’s network system, or data and who, (3) through action or inaction without malicious intent, (4) unwittingly causes harm or substantially increases the probability of future serious harm to the confidentiality, integrity, or availability.

Unintentional Insider Threat and Social Engineering, Insider Threat Blog, Carnegie Mellon University (CMU) Security Engineering Institute (SEI), by David Mundie, 03/31/2014

Spear Phishing: Effective Because it’s Believable

Posted on by
Reply

Quote 1:

Spear phishing is targeted. The attackers did their research, usually through social engineering. They might already know your name or your hometown, your bank, or your place of employment—information easily accessed via social media profiles and postings. That bit of personalized information adds a lot of credibility to the email.

Spear-phishing emails work because they’re believable.

Quote 2:

Spear-phishing attacks are not trivial or conducted by random hackers. They are targeted at a specific person, often times by a specific group. Many publicly documented advanced persistent threat (APT) attack groups, including Operation Aurora and the recently publicized FIN4 group, used spear-phishing attacks to achieve their goals.

-Best Defense Against Spear Phishing, FIreEye

Quote 1:

Phishing emails are exploratory attacks in which criminals attempt to obtain victims’ sensitive data, such as personally identifiable information (PII) or network access credentials. These attacks open the door for further infiltration into any network the victim can access. Phishing typically involves both social engineering and technical trickery to deceive victims into opening attached files, clicking on embedded links and revealing sensitive information.

Spear phishing is more targeted. Cyber criminals who use spear-phishing tactics segment their victims, personalize the emails and impersonate specific senders. Their goal is to trick targets into clicking a link, opening an attachment or taking an unauthorized action. A phishing campaign may blanket an entire database of email addresses, but spear phishing targets specific individuals within specific organizations with a specific mission. By mining social networks for personal information about targets, an attacker can write emails that are extremely accurate and compelling. Once the target clicks on a link or opens an attachment, the attacker establishes a foothold in the network, enabling them to complete their illicit mission.

Quote 2:

A spear-phishing attack can display one or more of the following characteristics:

  • Blended or multi-vector threat. Spear phishing uses a blend of email spoofing, dynamic URLs and drive-by downloads to bypass traditional defenses.
  • Use of zero-day vulnerabilities. Advanced spearphishing attacks leverage zero-day vulnerabilities in browsers, plug-ins and desktop applications to compromise systems.
  • Multi-stage attack. The spear-phishing email is the first stage of a blended attack that involves further stages of malware outbound communications, binary downloads and data exfiltration.
  • Well-crafted email forgeries. Spear-phishing email threats usually target individuals, so they don’t bear much resemblance to the high-volume, broadcast spam that floods the Internet.

White Paper: Spear-Phishing Attacks, FIreEye

Poverty and The Law of Compounding Exploitation

Posted on by
Reply

As a security professional within a corporate environment, I am tasked with identifying and mitigating vulnerabilities or threats. Information Security (InfoSec) effectively comes down to this: 1) know what you have (valuables), where it’s located and who has access to it, 2) identify potential vulnerabilities/weaknesses coming from both inside and outside the company (or DMZ), and 3) eliminate/reduce all vulnerabilities and weaknesses to the fullest extent possible, while carefully monitoring those that you choose to allow to remain unaddressed (there are many reasons for making this decision).

Take this process and apply it to a community of people. For the sake of argument:

  • Make 10% of that population homeless.
  • Create an economic structure wherein people are constantly flowing in and out of homelessness. The population keeps changing.
  • The total % of people who are homeless increases, slowly, over time.
  • 25% of the people who experience homelessness spend the rest of their lives living with a mental or physical illness (disability?) acquired as a direct result of being homeless.
  • 75% of the people experiencing homelessness, at any point in time, are children.
  • The protection afforded to housed people is not provided to homeless, making them perfect targets for criminals, predators and ‘recruiters’ of all kinds.
  • Surviving homelessness requires surviving violence.

If this community has 100,000 people, then a minimum of 10,000 people are being forced to live underground at any given moment in time. 7500 of these individuals are children whose education is being interrupted and/or negatively impacted by the experience. There are also a minimum of 2500 people who are dealing with illnesses and disabilities as a direct result of being forced to live underground while surviving extreme poverty.

Those 7500 children and 2500 permanently injured/disabled adults (we’ll assume they are all adults) are (re)entering society with training, experience, perspective and skills that may or may not positively contribute to the safety, security and positive function of society.

As a security professional, I shake my head in disgust because those 7500 unknowns (at this point, they are not officially threats) were completely avoidable. I did not have to be concerned about them at all. It is a situation that could (should) be eliminated through housing, access to basic resources/necessities, respectful and effective assistance from police forces and safe, quality, reliable and free education.

Now, let’s introduce some known threats.

All of these threats could consist of a grand total of 10,000 people due to overlap (read: the highest number listed above), but it also could consist of a total threat base of 16,200 people – assuming no overlap. So my known threat base ranges from 10,000 to 16,000 people in the total population. Assuming %s remain consistent and all known threats are adults, then it can be assumed 250–400 experienced homelessness at some point.

I’m guessing that you are looking at that relatively low number of homeless predators and wondering: how does this illustrate compounding vulnerability exploitation? Allow me to illustrate…

Compounding force #1: One vulnerability leads to a strengthening of a threat which, in turn, creates another vulnerability.

10,000 perpetrators/threats (10% of the total population) are committing crimes against 10,000 vulnerable (homeless) people (10% of the total population) either by preference or as a form of practice. The homeless are not provided police protection and they cannot defend themselves due to extreme poverty and social stigma. Therefore, a potential criminal who has not crossed the line into full-blown criminal activity, is provided a ‘sandbox’ where these behaviors can be acted out and perfected before perpetrating them against people who ‘matter.’

Compounding force #2: The purposeful allowance of an exploitation, and the refusal to take proper action in response, increases both the threat and the vulnerability.

The widespread acceptance surrounding the degradation, marginalization and violent treatment of poverty survivors (homeless people in particular), creates a pervading social construct (culture) that is less able (unable?) to identify and address these same behaviors perpetrated against the general population. The community has become ‘numb’ to criminal activity and lost a significant (important) portion of it’s willingness and/or ability to properly address these actions.

The culture of a community/environment must be such that threats can be identified and addressed, promptly, properly and effectively. If the culture is negatively affected in one circumstance, allowing a known threat/criminal act to go unaddressed (unpunished), then that same threat will not only continue, but will grow stronger and begin to expand (aggressively).

Compounding force #3: Threats that are mitigated ad-hoc and separate from the whole often generate more vulnerabilities and create new categories of threats.

The widespread refusal to treat poverty survivors (homeless in particular) with the basic respect due to any human being, combined with an aggressively enforced caste system that forces people into permanent association with a ‘lesser-than’ category, directly and negatively affects all poverty survivor’s ability to improve their lives both financially and socially. They are placed between the proverbial ‘rock and a hard place.’

Desperation and lack of options can force people to find creative solutions (this is good), but it can also push them into making alliances and decisions that place them into the community threat category (this is bad).

The homeless are the absolute bottom, they are not the entire community of poverty survivors. Those who are surviving poverty while remaining housed (however tenuous that situation may be) will see what is happening to those trying to survive homelessness. The actions taken against the homeless will directly and profoundly effect the decisions made by those who are ‘merely poor.’

The two communities combined are placed in a state of desperation, trying to improve their situation. This makes them all particularly vulnerable to everything from relatively light criminal activity (e.g.: shoplifting) to criminal association (e.g.: joining a gang or a criminal network) and radicalization (e.g.: joining terrorist organizations like the KKK or ISIL and participating in hate crimes or terrorist attacks).

By isolating and ignoring the safety and welfare of one segment of the community, the threat level is increased for another segment of the community. Due to the ostracism and marginalization of poverty survivors, the actions taken by poverty survivors, in reaction to their situation, are separate from the actions taken by the police and similar organizations in protections of the community as a whole. This disconnect creates an increased number of threats seeking to exploit vulnerabilities found throughout the community.

Compounding force #4: The creation of exploitable vulnerabilities increases with the acceptance of those exploitations.

When the only thing separating those vulnerable to degradation, vicious social behavior and open violence is financial standing, moving a targeted individual into a state of absolute vulnerability hinges on destroying their financial standing.

In other words, everyone is vulnerable, because anyone can have a financial crisis at any moment.

It’s easy to assume that you are immune to such experiences. But it is even easier to examine the life and habits of any individual or family and identify that ways in which they could go from housed and financially secure to living out of shelter – in a stunningly short period of time.

For criminals and predators, this is an important loophole. It permanently establishes a vulnerability within every single household, that can be exploited to reduce or eliminate a threat to criminal operations. Because the vulnerability is entirely financial, exploiting it presents minimal risk to criminals and predators. After all, arranging for a family member for come down with a mysterious illness that requires a lengthy hospital stay, or simply ensuring the primary breadwinner looses his or her job, is relatively easy.

Conclusion

There is no such thing as an isolated threat. Every ecology or environment (e.g.: computer systems, the environment, human social networks, towns and cities, etc.) operates within the push-and-pull of threats-vs-vulnerabilities. Every threat has the potential to grow strong and every vulnerability has the potential to grow larger. Both have the ability to spread to other systems, ecological environments, communities, etc.

Dividing the world into absolute, unchanging, categories of US and THEM is a dangerous habit. A truly effective system of threat identification and mitigation recognizes that there is no them – there is only us.

Securing Credit and Identity After the Equifax Breach

Posted on by
Reply

Step 1: Read this article –>How I Learned to Stop Worrying and Embrace the Security Freeze

Step 2: Place a freeze on social security numbers of all family members. Note: A freeze cannot be placed on minors through online portals. Most agencies offer snail-mail options for minors.

Step 3: Place all account IDs, passwords and PIN numbers in a safe place! Applying for credit in the future will require contacting the agency and removing the freeze, temporarily or permanently.

Link

Has anyone succeeded in erasing someone’s memory? by Gagan Bir Singh https://www.quora.com/Has-anyone-succeeded-in-erasing-someones-memory/answer/Gagan-Bir-Singh?share=d15154d6&srid=zRYF

The possibilities for abuse are massive and terrifying.

Business Law: Intellectual Property Theft

Quote

Posted on by
Reply

Amazon.com

 

“Put as much in writing as possible and save that documentation. By creating a paper trail, you’ll have proof of your concept if it does go to court. Keep a log of every discussion you have where details of your business are disclosed. This log could come in handy if you find one of those conversations go somewhere.”

7 Simple Ways You Can Protect Your Idea From Theft, Forbes.com, by Drew Hendricks

Amazon.com

“To make sure your next million dollar idea isn’t stolen or copied, we enlisted the help of specialists in “idea security” to find out how you can avoid becoming a hard luck story…Rather than trying to avoid attention, flag ideas as your own even at an early stage. “Use the right symbols in your media and marketing material alerts,” recommends David Bloom, head of Safeguard iP, a specialist Intellectual Property (IP) insurance broker. Patent and design numbers can be added later…”

5 ways to stop your ideas being stolen, CNN.Com, by Kieron Monks

Amazon.com

“Turn to the U.S. Patent and Trademark Office for help. Fortunately, patents aren’t the only tools available to protect our ideas. First, file a provisional patent application. You can do this yourself online or use a template such as Invent + Patent System or Patent Wizard to help you. The USPTO also has call centers available with staff members on hand to answer questions and offer guidance.”

How to Protect Your Business Idea Without a Patent, Entrepreneur.com, by Stephen Key

“Tortious interference with business occurs when another person directly interferes with a business’s ability to operate. This offense usually involves other offenses, such as defamation. However, if a person steals your idea and then actively works to prevent you from bringing your idea to fruition, this could constitute tortious interference.”

What Is the Legal Term for Stealing a Business Idea?, AZCentral.com, by Van Thompson

“I say do what you can. Do the legal end when it’s practical, but don’t trust it. Don’t think it solves the problem.

You’ll never get a legitimate investor to sign one of those documents before you pitch. If an investor signs off on a non-disclosure, she’s just ruled out a whole class of business she can never invest in without risking legal action. They just don’t do it.

And, I think lots of people who you might want as team members would be put off with the idea of signing a legal document before talking about it. I would.”

How to Really Protect Your Business Idea, BPlans.com, by Tim Berry