Doug Bedell — March 4, 2015, 2:55 pm

‘White Hat’ Hacker Proved Cyber Security Risks

Ponemongraphic
Offices and other computer-equipped public spaces in corporate settings need protection against “visual hacking” from visitors or intruders with hostile intentions. Ponemon Institue recently sent a “white hat hacker” into eight U.S. companies disguised as a part-time worker “to try and hack sensitive or confidential information using only visual means.” It wasn’t all that hard.

“The information captured includes employee contact lists, customer information, corporate financials, employee access and logging information, and credentials or information about employes…In 88 percent of attempts,” Larry Ponemon on Information Week’s Dark Reading blog advises, “the white hat hacker was able to visually hack sensitive information from a worker’s computer screen or hard copy documents. With identity and access information or login credentials (really, the ‘keys to the kingdon’) in the hands of the bad guys, our corporate data is at serious risk for a much larger data breach.”

Privacy filters for computer screens are one of the means Ponemon mentions for protecting against such snooping attacks.

Doug Bedell — March 2, 2015, 12:24 pm

Regarding Computers, Schneier Warns, Our Security’s at Stake

imgres
Bruce Schneier explains why, regarding the Internet and the NSA’s proclivity for having it both ways, today’s choice is “security or surveillance.” “We can’t choose a world where the U.S. gets to spy but China doesn’t,” Schneier writes, “or even a world where governments get to spy and criminals don’t We need to choose, as a matter of policy, communications systems that are secure for all users, or ones that a vulnerable to all attackers. It’s security or surveillance.
“As long as criminals are breaking into corporate networks and stealing our data,” Schneier adds, “as long as totalitarian governments are spying on their citizens, as long as cyberterrorism and cyberwar remain a threat, and as long as the beneficial uses of computer technology outweigh the harmful uses, we have to choose security. Anything else is just too dangerous.”

Doug Bedell — February 25, 2015, 3:57 pm

Almost Here: A Tiny Explosives Detector that Works Like a Smoke Alarm

RFID-inline-ft-660x512
Detection of the presence of explosives could be falling to a device not much larger than a postage stamp. Wired reports that GE Global Research, is developing an explosive detector in the form of a “tiny RFID tag that activates only when it detects certain explosives or oxidizing agents. In effect, it could replace gigantic explosive scanners with something a couple inches across.” Its cost? Only about a nickel.

“Developed in partnership with the Technical Support Working Group (TSWG), an inter-agency task force dedicated to anti-terrorism,” Wired adds that “the new RFID tag (also called a sensing device) could dramatically drive down the cost of scanning for dangerous materials in places like cargo ports and airports.” It might be available “in the next few years”.

Doug Bedell — February 24, 2015, 12:25 pm

Security Has ‘False Economies,’ Too

money_trap
Here’s a post from Security Dreamer on a subtlety worth paying attention to: the difference between “finding the best deal” and “solving the problem most cost-effectively.” Going for the lowest price, in security as almost anywhere else, isn’t always smart. There’s a link to a whole webinar for the wary that discusses the differences.

(Graphics source: Getty Images)

Doug Bedell — February 20, 2015, 12:32 pm

Catching On To How $1 Billion Was Stolen From Banks

Highpants-cyber-crime-508x304
Government Security News has enough details on how hackers stole “up to $1 billion from about 100 international banks over the past two years” to alert other organizations on how to promote Internet security.

“On average,” says the report, “each bank robbery took between two and four months, from infecting the first computer at the bank’s corporate network to stealing the money.” In other words, computer security requires a constant state of cyber awareness.

Doug Bedell — February 18, 2015, 1:28 pm

For a Safer Internet

imgres
Technical folks recently observed Safer Internet Day. A post on the Safe & Savvy site notes that, while the Internet is a blessing, “There are so many ways we could screw it up.” Truly. It’s well worth monitoring the Internet’s fortunes and security developments there. Safe & Savvy offers a source for doing just that – Mikko Hypponen in Helsinki, Finland, on the F-Secure site. (The link is well down into the Safe & Savvy post.)

Doug Bedell — February 16, 2015, 10:08 am

Passwords Aren’t for Show, But Security

cq5dam.web.1024.768
Bruce Schneier is too nice a guy to say straight out that having a common password, like “Mustang,” is dumb. Ford Motor Co., too, is both touting its sports car, and warning that “Mustang” should be strengthened as a password and, like Schneier, offering suggestions on how to do that.

Which all comes down to noting that passwords aren’t for fun, but your computer security. We need to use passwords not that look good, or prompt pleasant memories, but are difficult-to-defeating for hackers to crack.

Doug Bedell — February 13, 2015, 12:05 pm

Cohesive Border Protection Depends Partly on Funding

BP agent
Here’s a post by Richard Gil Kerlikowski, Commissioner of U.S. Customs and Border Protection, on how budget uncertainty has been impacting border security, something that everybody wants. There must be a better way to sort our such matters politically, something else that lots of people want.

Doug Bedell — February 11, 2015, 4:11 pm

When a Business Suffers a Cyber Attack, Call Homeland Security

CI-AA050_SCHMID_P_20150205165900
Cybersecurity is becoming a steadily growing concern for all of us – businesses and individuals alike. It’s gone beyond the shield of anti-virus software alone. In a Wall Street Journal interview, Howard Schmidt, co-founder of Ridge-Schmidt Cyber LLC and a former presidential cybersecurity adviser, offers protective advice to all concerned, starting with who to call.

The U.S. Department of Homeland Security (DHS), he notes, is the place to call if a business is attacked. “DHS,” he says, “has a dedicated command center and everything else to deal with it. Not everything rises to that level, and most of the things that take place are crimes, so the FBI or Secret Service is involved. But DHS should be the point of contact…”

Doug Bedell — February 9, 2015, 10:17 am

Drones: A Feared Security Risk

dhs_drone-660x495
Drones aren’t toys only. Maybe you never thought that anyway, but, as this Wired post explains, government security planners have been mindful of the risks of drones for a long time.

Security officials are becoming so antsy about drones that DJI, a China-based maker of consumer drones, updated its drones’ firmware to create a 1.5 mile “no-fly zone” around the White House. That was after the recent incident in which a hobbyist lost control of his drone and it landed on the White House grounds.