NDPCI Membership
NDPCI News
NDPCI Partners' Training Announcement
|
NOTICE We still have a few seats available for our IED - Package Inspection and Mailroom Procedures Course being presented in Orlando, Florida on March 20-21, 2012.
|
|
01/27/2012
Activists report 'terrifying massacre' in Syria BEIRUT (AP) – A "terrifying massacre" in the restive Syrian city of Homs has killed more than 30 people, including small children, in a barrage of mortar fire and attacks by armed forces loyal to President Bashar Assad, activists said Friday. Source: http://www.usatoday.com/news/world/story/2012-01-27/syria-homs-massacre/52813590/1 |
|
01/26/2012
Ahmadinejad says Iran is ready for nuclear talks TEHRAN, Iran – Iran is ready to revive talks with the world powers, President Mahmoud Ahmadinejad said Thursday, as toughening sanctions aim at forcing Tehran to sharply scale back its nuclear program.
Source: http://www.foxnews.com/world/2012/01/26/ahmadinejad-says-iran-is-ready-for-nuclear-talks/#ixzz1kZT5NuH4 |
Responder Zone
Subject Matter Expert Highlight
Theodore (Ted) Freeman III serves as the Assistant Chief of the Ancora (NJ) Fire Department. In this capacity, he commands the department’s training function, overseeing all individual and group training. Chief Freeman holds a diverse array of certifications including: New Jersey certified Level 2 Fire Instructor; Certified Fire Official and Fire Inspector; NFPA Certified Fire Protection Specialist; National Emergency Medical Technician; Tactical EMT; CPR instructor; Hazardous Materials Technician; and Certified Pharmacy Technician. In addition, Mr. Freeman is an FAA certified Advanced Ground Instructor, and is an FCC licensed radio operator (Commercial and Amateur).
Ted is a seasoned instructor, providing several courses throughout the State of New Jersey for emergency responders, focusing primarily on Incident Management and leadership. Ted also serves as a Lead Instructor for the National Sheriffs’ Association’s (NSA) First Responder Program, training First Responders around the nation to handle the first 10-15 minutes of large scale incidents. Ted also serves with the National Domestic Preparedness Coalition (NDPCI) as a Subject Matter Expert as well as an instructor for the Homeland Security Comprehensive Assessment Model (HLS-CAM™) and the Operational Value of Threat, Risk, and Vulnerability Assessment (OpVALTRVA™) programs.
Prior to his current assignment, Ted worked as an Investigator for the State of New Jersey and served as a Patrolman with the Manasquan NJ, Police Department.
Ted served in the intelligence field in both the U.S Naval Reserve and the New Jersey National Guard.
Following in the footsteps of his father and grandfather, Ted also serves as a volunteer firefighter in his hometown, where he has held various leadership roles over 20 years of service. Ted holds a Bachelor degree in both Human Services and History. A lifelong learner, Ted is currently working on a degree in Health Sciences.
NDPCI Tip
How do I know that this web address is safe?
• This simple little question opens up a veritable Pandora's box when it comes to URLS, and understanding what is and is not safe to click on. The concepts are actually very simple, but the complexity in how those concepts can be combined is staggering. Particularly if someone is attempting to deceive you. I'll try to make some sense of it all. • "URL" is short for Uniform Resource Locator. The most common one we know of is the web address - something like "http://ask-leo.com /how_do_i_know_that_this_web_address_is_safe.html". There are three primary components to a URL; let's start by looking at what those are. We'll use this URL as our example for discussion: http://www.somerandomservice.com - Server. This identifies the protocol (http - the language of web pages) and the server to contact. www.somerandomservice.com identifies a specific server on the internet from which what follows will be requested. folder/page.html - Page. The page specifies exactly what it is you are requesting from the server. Typically it's a web page - perhaps within a folder on that server, but it might be a program to run on the server or a file to be downloaded. parameter1=value2¶meter2=value2 - Parameters. -Parameters are information that is being supplied to the page. Since "pages" can often be small (or large) computer programs, information from the parameters part of a URL can be given to those programs to as items for them to act on. URL Safety Rule #1: The Server specification ends at the first "/" that occurs after the "http://" start of the URL, and thePage specification ends at the first question mark after that. This rule is important to understanding whether a URL is valid, bogus or misleading. I'll restate the first part of that rule to focus on what we care about: The server being contacted begins after the "http://" and ends at the next "/". Or, in this URL, the part that's highlighted: That's the part that matters, because that's the part that tells yourbrowser what server to connect to. Everything else is secondary. Important, yes, but not nearly as important. Let's look at one of the ways that phishing attempts often try to fool you. Check out this URL: It might be tempting to look at that quickly and say "oh, that ends in paypal.com, therefore it's Paypal!" No it's not. Look again: Actually that URL loads a page called "www.paypal.com" (a valid page name) from the serverwww.somerandomservice.com. Now, my example is probably pretty lame, as "www.somerandomservice.com" is big and obvious at the front of that URL. But scammers use all sorts of variations on this theme to make it look like you're going to some place trusted, when you're not if you don't look closely. For this we need to pick apart the way server names are created and used. URL's are created from right to left, and the individual components are separated by a period. Consider "www.somerandomservice.com". In general, fully qualified domain names like "www.somerandomservice.com" identify a server on the internet. "photos.somerandomserver.com" would typically be a different server, though it doesn't have to be. The choice between using something like "photos.somerandomserver.com" versus "somerandomserver.com/photos" is purely one of site design and has no security implications. That's just how the person building the website chose to do it. There are geeky pros and cons to each, but for you as a typical web user it doesn't really matter. What does matter is how subdomains can be abused. For example, it's perfectly possible for this to be a valid domain: http://www.paypal.com.somerandomservice.com Once again, with only a quick glance, you might think it was actually paypal.com since it started with "http://www.paypal.com". In that example "www.paypal.com." is just a subdomain created by the owner of "somerandomservice.com". Here's a worse example: Once again, it's designed to fool you into looking like paypal.com, but in fact it's not - especially if your browser happens to only show you the first part of the URL in your status bar since it's so long. And once again, scammers often use many different variations on this technique to trick you. This was brought up by a comment on this article (thanks Ken!), and is important enough to warrant an update. Characters in URLs can be "encoded" with a special representation that acts the same as the character it encodes. The format is a percent sign followed by a two digit hexadecimal number (individual digits will be 0-9 or A-F). A space character, for example, is %20, and you'll actually see that in legitimate URLs from time to time since a an actual space character cannot be used. %2F is the slash character "/". So this rule: The server being contacted begins after the "http://" and ends at the next "/". Still applies, but %2F could be seen in place of "/". More correctly: The server being contacted begins after the "http:", "/" or "%2F", "/" or "%2F" and ends at the next "/" or "%2F". It gets ugly, but the thing to remember is just this: %2F is exactly the same as "/". Here's an example of how it might be abused: http://www.somerandomservice.com%2Fwww.paypal.com/ That is NOT Paypal. Replace the %2F with "/" and you'll see instead: http://www.somerandomservice.com/www.paypal.com/ Clearly it goes to somerandomservice.com. As Ken points out in his comment, any URL with a % notation in the server portion is suspect. % notation after the server portion (in the page or more commonly the parameters) is typically OK. All of the above is unrelated to what we normally think of as a "secure" website: namely the use of https (note the "s") as the protocol. Https does two important things: It encrypts the data flowing between your computer and the server. It validates that the server you connect to is, in fact, the server you requested. Note that https doesn't validate you're connecting to the server you think you are, it validates that you're connecting to the server you requested. Those are two different things. For example, let's say you fall for one of my lame examples above and click on a link like this: https://www.paypal.com.somerandomservice.com That's an https connection. It is very possible - not even all that hard actually - for the owner of somerandomservice.com to purchase and install a completely valid https certificate for www.paypal.com.somerandomservice.com. Thus when you click on that link your browser will confirm that you are indeed connecting to what you asked for: www.paypal.com.somerandomservice.com. That might not be what you thinkyou asked for, if you fell for a scammers trick, but that's all that https can validate for you: you got what you asked for. It's unfortunate that something that's fairly simple is actually quite complex once you assume that people will attempt to deceive you. I'll sum it up with this: Pay close attention to the domain name, that's everything between "http://" and the next "/", in any URL you are about to click on. Remember that domain names build from the right, so if it ends in, for example, ".paypal.com" you can be assured that it's a domain or sub-domain owned by paypal.com.
by Leo A. Notenboom, ©
Security when clicking onto a web site confounds me. Some sites put the section of the site you are wanting ahead of the web address. Example http://photos.kodak.com and some put the section after example http;//kodak.com/photos. These examples are just made up but I hope you understand what I'm saying. How do I know if I'm on the secure website I'm supposed to be on? At times I see other addresses flashing by on the toolbar that are not the site I clicked on before the actual site appears. I've never see anyone bringing up some of this query.The Three Basic URL Components
http://www.somerandomservice.com/folder/page.html?parameter1=value2¶meter2=value2
What Matters is the Server - Part 1
http://www.somerandomservice.com/folder/page.html?parameter1=value2¶meter2=value2
http://www.somerandomservice.com/www.paypal.com
http://www.somerandomservice.com/www.paypal.com
What Matters is the Server - Part 2
A Slash is a Slash is a ... %2F?
You Said Secure Website
Staying Safe
New Technology
Cell-All: Super Smartphones Sniff Out Suspicious Substances
Years ago, if you wanted to take a picture, you needed a dedicated camera. You needed to buy batteries for it, keep it charged, learn its controls, and lug it around. Today, chances are your cell phone is called a “smartphone” and came with a three-to-five megapixel lens built-in—not to mention an MP3 player, GPS, or even a bar code scanner.
This Swiss Army knife trend represents the natural progression of technology—as chips become smaller and more advanced, cell phones continue to absorb new functions. Yet, in the future, these new functions may not only make our lives easier, they could also protect us—and maybe even save our lives.
The Cell-All initiative may be one such savior. Spearheaded by the Department of Homeland Security’s Science and Technology Directorate (S&T), Cell-All aims to equip your cell phone with a sensor capable of detecting deadly chemicals at minimal cost—to the manufacturer (a buck a sensor) and to your phone’s battery life. “Our goal is to create a lightweight, cost-effective, power-efficient solution,” says Stephen Dennis, Cell-All’s program manager.
How would this wizardry work? Just as antivirus software bides its time in the background and springs to life when it spies suspicious activity, so Cell-All regularly sniffs the surrounding air for certain volatile chemical compounds.
When a threat is sensed, a virtual ah-choo! ensues in one of two ways. For personal safety issues such as a chlorine gas leak, a warning is sounded; the user can choose a vibration, noise, text message, or phone call. For catastrophes such as a sarin gas attack, details—including time, location, and the compound—are phoned home to an emergency operations center.
While the first warning is beamed to individuals—a grandmother taking a siesta or a teenager hiking through the woods—the second warning works best with crowds. And that’s where the genius of Cell-All lies—in crowdsourcing human safety.
Currently, if a person suspects that something is amiss, he might dial 9-1-1, though behavioral science tells us that it’s easier to do nothing. If he does do something, it may be at a risk to his own life. And as is often the case when someone phones in an emergency, the caller may be frantic and difficult to understand, diminishing the quality of information that’s relayed to first responders. An even worse scenario: the person may not even be aware of the danger, like the South Carolina woman who last year drove into a colorless, odorless, and poisonous ammonia cloud.
In contrast, anywhere a chemical threat breaks out—a mall, a bus, subway, or office—Cell-All will alert the authorities automatically. Detection, identification, and notification all take place in less than 60 seconds. Because the data are delivered digitally, Cell-All reduces the chance of human error. And by activating alerts from many people at once, Cell-All cleverly avoids the longstanding problem of false positives. The end result: emergency responders can get to the scene sooner and cover a larger area—essentially anywhere people are—casting a wider net than stationary sensors can.
But what about your privacy? Does this always-on surveillance mean that the government can track your precise whereabouts whenever it wants? To the contrary, Cell-All will operate only on an opt-in basis and will transmit data anonymously. “Privacy is as important as technology,” avers Dennis. “After all, for Cell-All to succeed, people must be comfortable enough to turn it on in the first place.”
For years, the idea of a handheld weapons of mass destruction detector has engaged engineers. In 2007, S&T called upon the private sector to develop concepts of operations. Today, thanks to increasingly successful prototype demonstrations, the Directorate is actively funding the next step in R&D—a proof of principle—to see if the concept is workable.
To this end, three teams from Qualcomm, the National Aeronautics and Space Administration (NASA), and Rhevision Technology are perfecting their specific area of expertise. Qualcomm engineers specialize in miniaturization and know how to shepherd a product to market. Scientists from the Center for Nanotechnology at NASA’s Ames Research Center have experience with chemical sensing on low-powered platforms, such as the International Space Station. And technologists from Rhevision have developed an artificial nose—a piece of porous silicon that changes colors in the presence of certain molecules, which can be read spectrographically.
Similarly, S&T is pursuing what’s known as cooperative research and development agreements with four cell phone manufacturers: Qualcomm, LG, Apple, and Samsung. These written agreements, which bring together a private company and a government agency for a specific project, often accelerate the commercialization of technology developed for government purposes. As a result, Dennis hopes to have 40 prototypes in about a year, the first of which will sniff out carbon monoxide and fire.
To be sure, Cell-All’s commercialization may take several years. Yet the goal seems imminently achievable: Just as Bill Gates once envisioned a computer on every desk in every home, so Stephen Dennis envisions a chemical sensor in every cell phone in every pocket, purse, or belt holster. If it’s not already the case, our smartphones may soon be smarter than we are.
Cell-All: Super Smartphones Sniff Out Suspicious Substances
|
January January Is National Blood Donor Month ! - January has been recognized as National Blood Donor Month for over forty years (since 1970). Blood is traditionally in short supply during the winter months due to holiday travel schedules, inclement weather and illness and January in particular is a difficult month for blood center blood donations. FEMA |
NDPCI Support The National Domestic Preparedness Coalition is a 501C (3) non-profit organization, established to help our Nation’s Emergency Responders prevent, prepare for and protect their communities. |
Did You Know?
|  |
The popular trend towards flavored coffees originated in the United States during the 1970’s.