Security Breach seem to be in the news every day, from TJ Maxx, to RSA, Target, Neiman Marcus, CNN and a host of others. These breaches highlight the challenges most organizations (big and small) have in protecting their perimeters, especially when targeted by attackers who are highly motivated, and possibly funded by nation states and top criminal syndicates. It's often said that small to medium size businesses are what keep this country moving. Unfortunately, dealing with technology challenges including issues like a security breach, is usually constrained by budgetary needs.…
While there have been a lot of news-worthy events in the past couple of years involving corporate breaches, one thing has not changed. Users are still considered the greatest obstacle to information security. Whether it is phishing, opening infected attachments, or “just being stupid and lazy”.
Our focus in this article will be on the “stupid and lazy” part of this equation. We will take a quick look at the way users tackle mobile app permissions in the android market place otherwise known as Google Play. A cursory look at some apps on Google Play and the permissions required by these apps, and the ratings given by users, even to apps with seemingly over-reaching or meaningless permissions, explains a lot about why security will continue to be a problem for a very long time. (more…)
It appears that the draw of the almighty dollar has pulled CNET to the dark side. CNET is a popular technology news site with a download portal called Download.com where many users go to download software that are free, shareware and open source. The site built a reputation a while back as a dependable location for hosting software that was devoid of malicious content – trojan horses, adware, virus etc. (more…)
So the 50-day cruise is over and the guys at LulzSec are going back underground. That should worry some of us because if they did not want us to know what they were doing, I don’t think any sane person would argue that they could not have done so.
While the media has been abuzz about the exploits of Anonymous and LulzSec, the bigger question we should be asking is, are any of their exploits new or did they just give us a wake up call that there is no security, at least in the way we normally define it. What they have demonstrated is that security is a term we use to make ourselves feel good. (more…)
As more companies with national security interests come forward with admission of breaches related to the hacking of RSA’s SecurID technology, one wonders if it is time for RSA to break its stubborn refusal to tell the public what exactly was stolen or when the breach actually occurred. At this stage, it is not just enough to tell the public that it had been hit by a phishing email exploiting a zero-day vulnerability in Adobe Reader. (more…)
Most companies provide their senior executives with laptops or netbooks and tablets so they can be productive even when on the road. This is even more true of corporate executives who sometimes demand anytime, anywhere access to data residing on corporate servers. The big corporations can afford to spend millions of dollars on data protection hardware and software.
The same cannot be said of executives in small and medium-sized organizations, especially when it comes to loss of personal information, including credit card data, patient records or other financial information, stored by the company. Data breaches happen and information is lost every day due to small mistakes that could have been avoided. For small businesses, these events can be devastating. (more…)