When it comes to mobile security, everyone is still a little bit in the dark. After all, everyone and their grandma has a Smartphone or tablet right now, but the general public’s information about the true threats to their devices is probably limited to computer viruses or bugs—little things that are automatically corrected with anti-virus software.
Tuesday, September 24, 2013
Mobile Device Security: More than Software
When it comes to mobile security, everyone is still a little bit in the dark. After all, everyone and their grandma has a Smartphone or tablet right now, but the general public’s information about the true threats to their devices is probably limited to computer viruses or bugs—little things that are automatically corrected with anti-virus software.
Wednesday, September 18, 2013
Confidential Data and Mobile Devices
According to a recent article at CIO.com, “more than half of employees admit to storing, sharing and
working on corporate documents on their personal devices—and this number is growing.”
This is concerning for a number of reasons, not the least of which is the fact that confidential work information is being stored on devices where far fewer security measures are available and that receive much less security attention.
This is concerning for a number of reasons, not the least of which is the fact that confidential work information is being stored on devices where far fewer security measures are available and that receive much less security attention.
Tuesday, September 17, 2013
Choose Your Vendors Wisely
Just a couple weeks ago, the New York Times and Twitter domains were hacked—and not through a DoS (Denial-of-Service) attack or network port sniffing.
The Syrian Electronic Army (SEA) is taking credit for the attack, and they carried it out through targeting phishing emails. They obtained usernames and passwords from employees of Melbourne IT, who is the registrar for NYTimes.com and Twitter.com and used that information to access the registrar system and make fraudulent changes to the DNS for NYT and Twitter, pointing their site to another server. And then, just to rub salt in the wound, they taunted everyone with their Syrian logo and a pretty sarcastic message – “Hacked by SEA, Your servers security is very weak.”
Now, in this case, it looks like nothing was stolen. Whatever their motive, the culprits seem more interested in belittling the company than in damaging the company or stealing identities (so far). But the lesson here is the same: be very aware of who you trust with your private information. Even if you secure your local data well, you may store information on servers or cloud services that are managed by untrustworthy people.
You cannot trust your secure information to companies that do not take security very seriously. If hackers can infiltrate your hosting company or your online cloud storage company or your domain registrar or even your photo storage service, then they are just as exposed as if you personally used poor security methods.
Read more here: http://gizmodo.com/sea-hacks-continue-with-takeover-of-nyt-twitter-regist-1214252446/1216857595
Wednesday, September 11, 2013
IRS Exposes Social Security Numbers
Well, this one’s a real comedy of errors. An audit on July 1 by independent transparency and public-domain group Public.Resource.org indicates that the IRS may have accidentally exposed some social security numbers.
Actually, it might have been as many as 2319 Social Security numbers...attached to highly sensitive non-profit political groups…which sat exposed on the Internet for 24 hours.
Here’s just one more example of how easy it is to let really sensitive information slip through the cracks. The IRS are professionals at keeping people’s most private financial information under wraps, and breaches even happen to them.
Actually, it might have been as many as 2319 Social Security numbers...attached to highly sensitive non-profit political groups…which sat exposed on the Internet for 24 hours.
Here’s just one more example of how easy it is to let really sensitive information slip through the cracks. The IRS are professionals at keeping people’s most private financial information under wraps, and breaches even happen to them.
California Releases First Data Breach Report
The State of California just released its first data-breach
report for 2012 last week. Some of the report’s key findings include:
- Reports of 131 data breaches affecting more than 500 Californians.
- The breaches exposed 2.5 million Californians’ personal data.
- More than half of the breaches (56 percent) involved Social Security numbers.
- The use of encryption could have protected 1.4 million Californians’ data.
That says to me that breaches are all about people—whether
they are social engineers or hackers intent on fraud, or regular hard-working
employees who aren’t adequately protecting the information they access.
In either case, it’s obvious that California can’t really
blame the computers. These breaches are a people problem, and can also be
solved with people—people who are adequately trained to ward off hackers and
social engineers and take steps to safeguard data or devices that contain
sensitive information.
California Attorney General Kamala D. Harris opened the
report by reminding readers of California’s strong consumer privacy laws and
required data breach notification. If our “strongest” state still has data
leaks to plug, then I wonder how the other 49 are faring.
Thursday, September 5, 2013
It's The Human Side of Security
Information security is everywhere these days. Just turn on the TV and flip channels for a minute or two. Or click around on some news websites. From government spying to rampant identity theft, this subject has got everyone up in arms—even when they don’t have the whole story.
It’s about time for someone to demystify information security and shine a light through that fog of threats and fears. And it's time for everyone to get a firmer grasp on personal, Internet, and information security threats.
Welcome to the Sight Training blog! We are determined to make the truth about information security accessible to everyone.
Be aware: we are not computer nerds, and this is not an IT blog for programmers. We are a team of professional security consultants, ethical hackers, and project managers with a background in security awareness and social engineering. The primary risk to businesses is no longer technical hacking, but slick, clever conmen and identity thieves who use regular people to get sensitive information. This is today’s threat, and you need to know how to defend against it.
Our consulting and white-hat social engineering experiences have given us unique insight into information privacy, security, and protection that we want to share with companies, managers, and employees in every sector. Each week, we’ll use this forum to cover the security information that really matters to you, day to day.
We hope to:
It's the human side of security.
SightTraining.com
It’s about time for someone to demystify information security and shine a light through that fog of threats and fears. And it's time for everyone to get a firmer grasp on personal, Internet, and information security threats.
Welcome to the Sight Training blog! We are determined to make the truth about information security accessible to everyone.
Who Are We?
Be aware: we are not computer nerds, and this is not an IT blog for programmers. We are a team of professional security consultants, ethical hackers, and project managers with a background in security awareness and social engineering. The primary risk to businesses is no longer technical hacking, but slick, clever conmen and identity thieves who use regular people to get sensitive information. This is today’s threat, and you need to know how to defend against it.
Our consulting and white-hat social engineering experiences have given us unique insight into information privacy, security, and protection that we want to share with companies, managers, and employees in every sector. Each week, we’ll use this forum to cover the security information that really matters to you, day to day.
We hope to:
- Provide practical ways to protect yourself, your organization, or the folks you employ.
- Use the security breaches that make the news as valuable lessons.
- Inform you about the latest security threats and tactics, and how they really impact businesses and individuals.
- Give you a place to share, ask questions, and provide insights from your own corporate experience.
It's the human side of security.
SightTraining.com
Subscribe to:
Posts (Atom)