While there have been a lot of news-worthy events in the past couple of years involving corporate breaches, one thing has not changed. Users are still considered the greatest obstacle to information security. Whether it is phishing, opening infected attachments, or “just being stupid and lazy”.
Our focus in this article will be on the “stupid and lazy” part of this equation. We will take a quick look at the way users tackle mobile app permissions in the android market place otherwise known as Google Play. A cursory look at some apps on Google Play and the permissions required by these apps, and the ratings given by users, even to apps with seemingly over-reaching or meaningless permissions, explains a lot about why security will continue to be a problem for a very long time.
It appears that the draw of the almighty dollar has pulled CNET to the dark side. CNET is a popular technology news site with a download portal called Download.com where many users go to download software that are free, shareware and open source. The site built a reputation a while back as a dependable location for hosting software that was devoid of malicious content – trojan horses, adware, virus etc.
So 
As more companies with national security interests come forward with admission of breaches related to the hacking of RSA’s SecurID technology, one wonders if it is time for RSA to break its stubborn refusal to tell the public what exactly was stolen or when the breach actually occurred. At this stage, it is not just enough to tell the public that it had been hit by a phishing email exploiting a zero-day vulnerability in Adobe Reader.
The recent rash of exposures about successful attacks against information security vendors may come as no surprise to a lot of people in the information security world who probably see or hear about it frequently, but it will surely come as “shocking” to most “ordinary” folks.
Tax season is in high gear and with it comes the need to be extra vigilant on how tax records are handled. After all, your tax records “has everything” that can be considered as Personally Identifiable Information (PII). PII refers to information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.