Saturday, May 29, 2010

Cybersecurity


Are you sitting down? Ok, here goes:

"The news is filled with scary stories about the insecurity of the computer and telecommunication systems on which our nation's prosperity depends: malicious software planted in electricity-grid computers; rampant state-sponsored and criminal cyber-espionage and theft; and the possibility of cyberattacks on banking and transportation systems. Exactly one year ago, President Obama declared our "digital infrastructure" to be a "national security asset" and pledged to make it "secure, trustworthy and resilient."

His administration has made little progress toward this goal, however, largely because cybersecurity is seen as a tax on short-term economic growth."

Have I got your attention now?!

The New York Times story, linked here, is another distressing alarm that we need to focus on the risks of computing and especially networked communications (i.e. the Internet).

Here are the reasons we are so vulnerable according to the Times:

" ... vulnerabilities include software with too many bugs; the use of commercial off-the-shelf software produced in a global supply chain in which malicious code can be embedded by stealth; inadequate cooperation about security threats and effective security practices among firms and between firms and government; and computer malfeasance by botnets (large clusters of zombie computers, controlled by third parties, that can be used for cyberattacks)."
Let me add another problem. Carelessness and complete clueless behavior by people.

As you know, we are working very hard on training employees who manage sensitive data so that at least operator error" and sloppiness in handling information and computers is not heaped on top of the list of meta "big time" - threats enumerated above.

We are working very closely with our friends in government and with Iowa private business and NGO's, nonprofits, community organizations and others to create a security education and certification system. Our colleagues in Computer Science and Engineering are working on the hardware/software end of this problem as part of the national Information Security (INFAS) initiative.

Stay tuned please.

.

.




Saturday, May 22, 2010

Defend Yourself From Online Attacks - It's way too hard for amateurs


The New York Times had a good article on the latest defensive techniques to reduce risks of online threats. Click here. The basics:

1. Protect the Browser
The most direct line of attack is the browser, said Vincent Weafer, vice president of Symantec Security Response. Online criminals can use programming flaws in browsers to get malware onto PCs in “drive-by” downloads without users ever noticing.

2. Get Adobe Updates
Most consumers are familiar with Adobe Reader, for PDF files, and Adobe’s Flash Player. In the last year, a virtual epidemic of attacks has exploited their flaws; almost half of all attacks now come hidden in PDF files, Mr. Weafer said. “No matter what browser you’re using,” he said, “you’re using the PDF Reader, you’re using the Adobe Flash Player.”

3. Beware Malicious Ads
An increasingly popular way to get attacks onto Web sites people trust is to slip them into advertisements, usually by duping small-time ad networks. Malvertising, as this practice is known, can exploit software vulnerabilities or dispatch deceptive pop-up messages.

4. Poisoned Search Results
Online criminals are also trying to manipulate search engines into placing malicious sites toward the top of results pages for popular keywords. According to a recent Google study, 60 percent of malicious sites that embed hot keywords try to distribute scareware to the computers of visitors.

5. Antisocial Media
Attackers also use e-mail, instant messaging, blog comments and social networks like Facebook and Twitter to induce people to visit their sites. It’s best to accept “friend” requests only from people you know, and to guard your passwords. Phishers are trying to filch login information so they can infiltrate accounts, impersonate you to try to scam others out of money and gather personal information about you and your friends.

These are good tips and I recommend the full Times article because it is very informative. However, all of this stuff is the equivalent of us saying "there is a big crime spree out there with robberies, rapes, arson, carjackings, kidnappings, ransom, and physical attacks so here is what we want YOU as an individual to do: 1. Get and carry a gun; 2. Don't ever go out at night; 3. Put steel bars and steel doors on your home; 4. Wear a bullet proof vest; 5. Drive an armored limousine."

Really!

Isn't the response to this out of control crime spree to add cops, beef up law enforcement, toughen the laws, and improve the security for the entire community? Individual defense is kinda like telling people in London during WW II to build a bomb shelter for their home instead of taking out the Nazis! See my London Hitler image at start of blog!
.
.
.

Friday, May 14, 2010

Sleuthing Your Own Employees


Are you sure your very own employees are not divulging non-public information on social networking sites such as Facebook, Twitter, MySpace or LinkedIn? There are certainly potential issues relating to the appropriateness of social networking while on-the-job (addressed in an earlier article on this blog), but more and more employers have a presence on these trendy sites and in many instances, encourage it. However, there may need to be protections for your business from your very own employees according to a Blogger News Network, April 6, 2010 article on the topic. (http://www.bloggernews.net/124226)
Really -- who needs thieves, when our own employees can be duped by users of crafty social networking sites to share logins and passwords to our company network. The above-referenced article describes one test of such a fact pattern which found nearly half of all the employees tested fell for the demands of a well-crafted, illegitimate duplicate site of their employer’s.
It’s nevertheless hard to put too much blame on the vulnerable employees – the duplicate site looked like very credible outreach from their HR department. And a recent Time Magazine article reported 70% of US HR officers reported utilizing social networking sites to screen employees. (“Social Networking Sites Can Lead to Legal Pitfalls,” http://www.bizjournals.com/dayton/stories/2010/04/05/focus3.html?b=1270440000^3132331) This begs the point that internal policies for any workplace can only help give guidance in this situation.
Because we can’t expect the social networking sites to do our sleuthing for us! As the Blogger News Network story suggests, employers ought best appoint a site administrator to oversee work-related online employee interfacing for the time being. And the best legal defense remains the best offensive strategy and taking extra measures to protect access to company websites and having a corporate policy/training on the topic just makes sense.
Sue B Martines, J.D.

Labels: , , , , , , , , ,

Obama Hacked

Here is the news that always sets me back on my heels and makes me sweat!

Nine employees at an Iowa education contractor illegally accessed President Barack Obama's student loan records, prosecutors say.

The employees accessed Obama's student loan records at various times between March 2007 and July 2009, before and after he became president. They allegedly did so by illegally gaining access to a computer at a Coralville office where they worked, The Associated Press reported.

There is no indication as to why the workers were looking at Obama's records.

Indictments posted Wednesday said the accused "intentionally exceeded authorized access to a computer and thereby obtained information from a department and agency of the United States," ... for the whole story

Labels: , ,

Wednesday, May 05, 2010

Educate Girls and Reduce ID Theft Risk


Arguably , if you better educate anyone about risk, you reduce the potential harm. So why focus on girls? Pick the highest risk group, and generate exponentially greater potential payoff is why. One recent study found women to be 26 percent more likely to be victims of identity theft and fraud than men. (Javelin Strategy & Research’s, 2009 Identity Fraud Survey Report, http://www.mybackgroundcheck.com/blog/post/2009/02/Why-Women-Suffer-More-Identity-Theft-and-Fraud-than-Men.aspx.)
That same study attributes the results to women making purchases more frequently “in-person,” as opposed to online, than men, and to their being three times more likely to report being a victim than men!
In Greg Mortenson’s book Stones Into Schools (the sequel to #1 bestseller Three Cups of Tea), wherein it’s undertaken to build schools for girls in outlying parts of Afghanistan and Pakistan, it’s noted that the education of girls leads to increased income for not only the girls themselves but for their entire nation.
Knowing how identity theft can lead to losing the next most valuable asset after one’s health, it’s really not that far of a cry to see that focusing on girls’ education can not only improve basics like income level and health, but the ability to keep what is so hard gotten, like one’s identiy. Identity theft need not disproportionately impact women in any part of the globe when education can be a potential cure.
Sue B Martines, J.D.

Labels: , , , , , , , ,

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft - www.ftc.gov/idtheft