Archive for July, 2010
Have you ever seen “Runaway”? It’s a 1984 flick staring Tom Selleck as a police officer who specializes in malfunctioning robots. There’s a famous scene where he’s being chased and attacked by these electronic spidery spybots.
This scene is actually playing out right under your nose. Think of your data as Tom Selleck and the spidery spybots as … well, spybots.
“The quiet threat: Cyber spies are already in your systems.”
Bob Violino poses the question in a recent article on InfoWorld.com: “Is your company’s data under surveillance by foreign spybots looking for any competitive advantages or weaknesses they can exploit?”
Violino states that “this might sound far-fetched, but such electronic espionage is real. It’s an insidious security threat that’s a lot more common than you probably realize,” he goes on to say that “a growing number of companies are being spied upon electronically by sources from other countries, most notably China. What makes these attacks so troublesome is that their techniques are often undetectable by the usual security tools. Electronic spies try to get into systems without causing disruptions, so they can quietly gather information over a period of time.”
Sounds like an article you should check out, and sounds like a job for Sgt. Jack R. Ramsay.
Sad tweet from a band I follow called OK GO:
Sendable is a fantastic way to instantly send ginormous music and video files…. and it’s much faster, cheaper, easier, and safer than USBs.
The next time “London’s Calling,” give Sendable a try.
“Facebook helpfully informs you that “[a]nyone can opt out of appearing here by changing their Search privacy settings” — but that doesn’t help much anymore considering I already have them all (and you will too, when you download the torrent). Suckers!”
Ron Bowes | SkullSecurity.org
It seems lately that when it comes to Facebook I’m noticing two big problems:
(1) My friend Robin is obsessed with Farmville, and every 5 minutes with the updates.
(2) Facebook has no respect for people’s privacy, and 100 million Facebook users information has published online.
Let’s discuss the latter.
Ron Bowes used code to scan the 500 million Facebook profiles for information not hidden by privacy settings. He collected the personal information of 100 million, and posted the information online.
“Once I have the name and URL of a user, I can view, by default, their picture, friends, information about them, and some other details,” Bowes goes on to say that “If the user has set their privacy higher, at the very least I can view their name and picture. So, if any searchable user has friends that are non-searchable, those friends just opted into being searched, like it or not! Oops ”
Check out this article on MSNBC.com for the full story.
Also, there’s some interesting results from a survey by the University of Michigan and Foresee Results, where it’s revealed that Facebook has scored extremely low in the area of customer satisfaction.
According to the study, and this article on Epic.org, Facebook winds up “in the bottom 5% of all measured private sector companies and in the same range as airlines and cable companies.” Epic’s report states that the low scores can be contributed to “privacy concerns, frequent changes to the website, and commercialization and advertising.”
Both articles are interesting reads. Now, if anyone has any advice or thoughts on how to deal with Robin, that’d be greatly appreciated.
I spent my morning reading through the 2010 Data Breach Investigations Report that was just published by the Verizon RISK Team and the United States Secret Service. This is an amazingly insightful report with lots of information to digest. If the topic of data breaches interests you, I highly recommend finding time to read through it.
Data breaches are expensive. According to the Ponemon Institute’s 2009 Cost of a Data Breach study, the average cost of each compromised record is $204.
Here are 5 quick recommendations that I’d like you to consider:
- Recognize your data: Before you can protect confidential, sensitive and important data you must first go through an exercise of identifying where it lives, who has access to it, how it’s handled, what systems it touches, and make sure any and all interactions with the data is fully visible and auditable.
- Take proactive precautions: The majority of breaches were deemed “avoidable” if the company had followed some security basics. Only 4 percent of breaches required difficult and expensive protective measures. Enforce policies that control access and handling of critical data.
- Watch for ‘minor’ policy violations: The study finds a correlation between seemingly minor policy violations and more serious abuse. This suggests that organizations should investigate all policy violations. Based on case data, the presence of illegal content on user systems or other inappropriate behavior is a reasonable indicator of a future breach. Actively searching for such indicators may prove even more effective.
- Monitor and filter outbound traffic: At some point during the sequence of events in many breaches, something (data, communications, connections) goes out externally via an organization’s network that, if prevented, could break the chain and stop the breach. By monitoring, understanding and controlling outbound traffic, an organization can greatly increase its chances of mitigating malicious activity.
- If a breach has been identified, don’t keep it to yourself: Standard procedure for data breach recovery should be to quickly identify the severity of the breach… And affected individuals have a right to know that sensitive information about them has accidently been compromised.
I’m going to end this blog post by asking you to estimate how many pieces of sensitive files and data your company has…. Now multiply that by $204. I’m sure you’ll agree that the ROI on the time and resources spent to protect company data are well worth the investment.
No, you don’t have to “Dream On“, but you do have to “Walk This Way” and enter for your chance to rock out with the Bad Boys of Boston … and before you ask, no – you don’t have to be that corny, I’m just “Living On The Edge!”
All you need to do is tell us why you LOVE WS_FTP, and you can win two VIP tickets to see Aerosmith and the J. Geils Band at Fenway Park in Boston on August 14th!
Create, Upload and Win – 3 easy steps to enter into this contest.
1. Create: A short video (less than 2 minutes), explain why you love WS_FTP & why you want to rock out with Aerosmith. Anything goes, so get creative!
2. Upload: Upload your video to the Ipswitch WS_FTP Facebook page by August 9, 2010 to enable us to view your video.
3. Win: One winner will be announced on August 11, 2010! The Aerosmith concert is scheduled for August 14, 2010 at Fenway Park in Boston.
Best of luck to you! Rock on!