Local:
Another “we don't need no stinking encryption” breach. Also
note that one of the first things we teach our Computer Security
students is how to bypass “password protection.” (Who write
these headlines? Did the laptop really cause the breach?)
Stolen
laptop causes security breach for DougCo schools
…
The district sent a letter to all of its employees recently stating
the stolen computer contained some workers' Social Security numbers
and bank account information.
The
district said the computer was password protected but were notifying
employees out of an "abundance of caution."
(Related)
One of many, many encryption options.
Bring-Your-Own-Encryption:
Is It the Right Choice for Your Enterprise?
Following
the recent issues surrounding encryption and encryption tools, some
organizations are turning to Bring-Your-Own-Encryption (BYOE), but
experts warn that there are some aspects that need to be take into
consideration before making the move.
To
learn more about the advantage, disadvantages and the challenges
posed by BYOE, SecurityWeek reached out to several experts in the
field.
BYOE
is a cloud computing security model that enables
organizations [NOT
indoviduals. Bob]
to use their own encryption software and manage their own encryption
keys.
This is done by deploying a virtualized instance of the encryption
software alongside applications hosted in the cloud to securely
encrypt data.
Did
you think you were immune?
1
in 6 Say Their Organization Had At Least 5 Significant Security
Incidents in Past Year: Survey
A
new report from ForeScout Technologies described a challenging world
for IT security - one where one in six IT pros say their organization
has had five or more significant security incidents in the past year.
The
research, titled the '2014 Cyber Defense Maturity Report', was
conducted by IDG Connect and features responses from 1,600 IT
information security decision makers in organizations with more than
500 employees across five industries in the U.S. and Europe.
…
Ninety-six
percent of the 1,600 respondents said their organizations had at
least one significant security event in the last 12 months, while 39
percent said there had been two or more. Though the majority of
those surveyed said they were aware that some of their security
measures were immature or ineffective, just 33 percent had high
confidence their organizations would improve those controls.
"The
top five sources of compromise recorded by survey respondents were
phishing attacks, compliance policy violations, unsanctioned
device use, unsanctioned application use
and [unauthorized] data access, with as much as 25 percent of
organizations across all vertical sectors experiencing five or more
instances of phishing specifically in the past 12 months,"
according to the report
(PDF).
This
should be obvious. Apparently, it isn't.
Why
Prompt Breach Notification Is Important
…
According to a 2014
Identity Fraud Report by Javelin, nearly 1 out of 3 data breach
victims in 2013 suffered identity fraud, compared with 1 in 9 in
2010. Obviously the connection between data breaches and fraud is
growing. But the good news is that consumer awareness of breaches –
and the potential for fraud on their accounts – is on the rise,
too. This is probably because so many people have been notified one
or more times about their personal data being compromised.
But
notification is a good thing because it often prompts consumers to
sign up for email or mobile alerts about their credit or checking
accounts or to put fraud alerts on their credit reports. This makes
data breach victims 15% less likely to suffer multiple fraud events
compared with all fraud victims (i.e., the fraud doesn’t
necessarily stem from a breach).
Tools
& Techniques. Security for every small business. Something like
this might work for lawyer-client communication... Just thinking...
Wireless
Live CD Alternative: ZeusGard
I’ve
long recommended that small business owners and others concerned
about malware-driven bank account takeovers consider adopting a “Live
CD” solution, which is a free and relatively easy way of
temporarily converting your Windows PC into a Linux operating system.
The trouble with many of these Live CD solutions is that they
require a CD player (something many laptops no longer have) — but
more importantly – they don’t play well with wireless access.
Today’s post looks at an alternative that addresses both of these
issues.
…
The device I’ll be looking at today is not free, nor is the the
tiny dongle that enables its ability to be used on a wireless
network.
…
The device, called ZeusGard, is a small, silver USB flash drive that
boots into a usable browser within about 30 seconds after starting
the machine. The non-writeable drive boots directly into the browser
(on top of Debian Linux), and if your system is hard-wired to your
router with an Ethernet connection, you should be good to go.
…
At $24.95
for the basic ZeusGard and $14.95
for the wireless adapter, this device is likely to be more
appealing to small businesses than the average Internet user.
Self-surveillance
– 'cause you don't know where you've been?
–
automatically records any walking, cycling, and running you do. You
can view the distance, duration, steps, and calories burned for each
activity. The app is
always on, so there’s no need to start and stop it.
Just keep your phone in your pocket or your bag. The app consumes
battery power, so nightly charging is recommended.
(Ditto)
–
With visits you can browse your location histories and explore your
trips and travels. The unique map timeline visualization shows the
places you have visited and how long you have stayed there. Add
photos from Flickr to your visits and share your journey with your
family and friends. Visits works with geo-tagged Flickr albums, data
from Openpaths and Google Location Histories.
The
“Right to be Forgotten” falls on hard times. I told you there
would be a market for this service.
What
Has Been Hidden From Google?
Hidden
From Google is a new effort to track search results being hidden
from Google as a result of the “right
to be forgotten.” There are currently only a handful of
examples of articles that have disappeared from Google search
results, but Afaq Tariq, who created Hidden From Google, is asking
for more tip-offs from eagle-eyed users.
As a
rather fitting irony, the original articles are once again appearing
in search results as a consequence of appearing on Hidden From
Google. And people’s attentions are more likely to be drawn to
them now than they were previously. The
Streisand Effect strikes yet again.
One
of those, “what's going on here” moments. Strangely, it looks
like Western Union (and other “currency exchanges?”) sell the
city stickers.
Clerk’s
Office Extends Deadline For City Stickers After Outages
…
Major outages with the city’s computer system led to long delays
at currency exchanges
throughout the city as Chicagoans raced to meet the original deadline
of midnight Tuesday.
Another
reason to move my students into the Cloud. (Does this mean Amazon
gets to arm their drones?)
The
partnership between the CIA and Amazon will revolutionize
intelligence
The
intelligence community is about to get the equivalent of an
adrenaline shot to the chest. This summer, a $600 million computing
cloud developed by Amazon Web Services for the Central Intelligence
Agency over the past year will begin servicing all 17 agencies that
make up the intelligence community. If the technology plays out as
officials envision, it will usher in a new era of cooperation and
coordination, allowing agencies to share information and services
much more easily and avoid the kind of intelligence gaps that
preceded the Sept. 11, 2001, terrorist attacks.
…
For the risk-averse intelligence community, the decision to go with
a commercial cloud vendor is a radical departure from business as
usual.
Another
opportunity for my Ethical Hackers.
Google
On Quest To Hire Elite Zero-Day Hackers
…
On
Tuesday Google said it would create a new, “well-staffed”
security team called Project
Zero
with the objective to significantly reduce the number of people
harmed by targeted attacks.
“You
should be able to use the web without fear that a criminal or
state-sponsored actor is exploiting software bugs to infect your
computer, steal secrets or monitor your communications,” Chris
Evans, Researcher Herder at Google wrote in a blog
post Tuesday. “Yet in sophisticated attacks, we see the use of
“zero-day” vulnerabilities to target, for example, human rights
activists or to conduct industrial espionage.”
This
needs to stop, Evans said.
…
Under Project Zero, Google says it will be committed to
transparency, explaining that every bug they find will be entered in
an external database.
Fun
for my JavaScript students?
–
is described as a “browser for the HTML5 era”. Everything in the
browser is a module, a web-app running in its own process. Construct
your own browsing experience by selecting the right modules for you.
The entire technological
stack is open-source. Modify existing modules and create
your owns to extend the behavior of Breach.
Al
may be Weird, but he's also a genius.
Weird
Al Details ‘Word Crimes’
Weird
Al’s latest song, Word Crimes, tackles the tricky subject
of bad grammar, particularly on the Internet. Word Crimes
is a cover of Blurred Lines by Robin Thicke, but the original
misogynistic lyrics have been replaced by examples of common
grammatical errors.
As a
grammar Nazi who has previously argued that typos
need to be eradicated, I love Weird Al for writing this song.
Let’s just hope people take notice of Word Crimes and stop
making the ridiculous mistakes he rallies against.
No comments:
Post a Comment