Archive - November 2000
Environmentally Conscious Security: Painting Information Security Green
Historically, ecological concerns have been significant drivers for change. Topics ranging from global warming to protecting various species carry a strong emotional appeal, thus, motivating business and personal change with the ultimate goal of protecting the environment. These environmental initiatives have been termed “green initiatives” and they impact IT in the form of “green computing.” The popularity of the green computing initiatives stems not only from environmental concerns but also from a financial concern. A primary goal of many green computing initiatives is to reduce power consumption as this has a direct impact on the bottom line.
A Certified Lack of Confidence: The Threat of Rogue Certificate Authorities
For more than a decade, computer generated digital certificates have made it possible to authenticate the identity of computer systems, data, and web sites by connecting a public key with an identity such as an owner’s name. The process relies on trust. “Secure” websites utilize such a certificate to validate their identity. This digital certificate is usually procured from a company that will verify the identity of the company administrating the site. The digital certificate issued to them will be validated by a trusted root certificate authority or by a server that is trusted by the trusted root. This chain of certificates is called a certificate hierarchy. A small group of trusted certificate authorities is installed on computers within the operating system. These authorities include such names as Equifax, VeriSign and Thawte. So what happens when the system breaks down?
Risk Homeostasis: Is Risk Reduction a Pipe Dream?
How often do you speed? What is your investment strategy? Answers to questions like these could provide insight into an individual’s level of acceptable risk. We embrace or avoid risk, consciously and unconsciously, based on the level of risk someone is willing to accept. This level of risk acceptance is applicable to the use of computers as well. With the constant influx of new threats and the implementation of security controls, the level of risk felt by employees can fluctuate causing an increase or decrease in risk-taking behavior.
Is Your TV a Security Risk? Embedded Devices May be the Next Target.
The latest televisions and Blu-ray players are being shipped with more than high definition video and audio. Internet access and a host of new applications are being built in to run directly on these devices. A popular built-in feature is wireless access which enables the user to avoid plugging in an Ethernet cable. Accessing the internet and your favorite apps directly from your TV is convenient. However, what security risk does this pose?
Vulnerability at the Highest Level: Corporate Boards
Imagine a boardroom a generation ago. Smoke fills the air and sidebar discussions thrive while the board members wait for the presentation to begin. Manila packets filled with research, financials and other sensitive information are distributed around the table. The meeting progresses; a decision might be made, and afterwards the packets would be collected in their entirety and destroyed lest they end up falling into the wrong hands, compromising company research or spilling sensitive secrets.
So what happens today where technology is so prevalent? In a recent August-September 2011 study, Thomson Reuters conducted a survey of general counsel and corporate secretaries to understand how company information is secured when provided to corporate board members. The survey titled “Better board governance: Communication, security and technology in a global landscape of change” looked at a global cross section of companies from a variety of industries. These companies ranged in size from under $500 million to over $10 billion. The results indicated a lack of secure procedures for corporate board information management.
Gone Phishing: Understanding Email Scam Tactics
Scams exist. That is the simple truth, there are honest people and then there are others who try to cheat. Email and the technology age facilitate scamming through email. Often these emails promise jobs or an irresistible offer, but sometimes they are more subtle then that. This article analyzes the types of email phishing traipsing around the World Wide Web so that, armed with the knowledge of email phishing attacks, you can avoid them in the future.
New Hacking Evidence fresh from the source
Previously, we have discussed the dangers of hacking and measures to take against an attack in the LulzSec blogs. Now we will delve into a different aspect of the wide world of hackers. We will not, however, look at a specific company or conglomerate that hacked different entities and organizations. Instead, we will observe the findings of McAfee after they accessed a server that was used for attacks since 2006. Operation Shady RAT, RAT being short for Remote Access Tool, has introduced new evidence on the targets, motivations, and frequency of hacking that are summarized below.
iPad in the Enterprise: What is the Risk?
“Thinner. Lighter. Faster. Facetime. ” That is the catchphrase from the Apple page dedicated to the iPad. While Apple is known for its pithy titles for their amazing products, there is one thing that is oft ignored, but always important, and that is security. More and more people are adopting the iPad and some are using it to access business data but how can they do that securely? This article outlines the risk of using the iPad in the enterprise and some dos and don’ts for iPad security.
Consider this office scenario surrounding the iPad. The iPad 2 is just released and an executive is interested in one. Soon, with the help of a few tech savvy people in the office, he is connecting to the corporate network and accessing company data and systems. The thought of security never entered his mind. What can be done to protect this company from data loss?
LulzSec Information Security Case Study Volume 3 – Sony
Eric Vanderburg
Thank you for staying tuned in to our third case study and final installment of our four part series on the Lulz Security hacks. Our first entry on the LulzSec hacks gave a broad overview of the group and what they did and how it made people aware of hacking. We then embarked on three case studies beginning with PBS and then Infragard that outlined the attacks and corporate response and lessons learned. This entry will focus on what happened to Sony. Keeping true to form, we will look at the security of the company attacked, the hack done by LulzSec, and the company’s response to that attack.
