I like hacking news. Not because it trumpets vulnerabilities, but because it keeps people on their toes and holds all of us to common-sense standards. If we hear about someone waltzing onto the White House lawn, don’t we all think a little harder about how we keep people off our business campus? You bet.
And when we hear about how apps and systems and even text messages are enabling thieves to collect data and then use that data for bigger breaches – it should scare us. Thankfully it does. I didn’t want you to lose sight of that, so I did a little googling and found this little roundup of hacking articles on Tech News World for you to read.
It’s summer, it’s hot, people don’t want to plow through long articles. The tl;dr notation is appearing with regularity on lots of Facebook status updates these days so you know people don’t want to dig too deep. So, this roundup is just about 12 shorties for you to peruse and then we’ll get back to longer pieces next month.
If you have suggestions for a security corner piece you’d like me to write, leave a comment on this post or hit me up on Twitter. I’m a big fan of doing interviews, too. So if you’re a security pro who wants to step into the spotlight for a moment, also give me a shout. You’ll need skype and a good microphone and Internet connection.
I love hearing about new security methodology and solutions, so do the same thing. Leave a comment or tweet at me. Thanks and enjoy the beach!
In the news today is a story about how the the Winnipeg Airport had a security breach the other day and more than 400 flights were affected. It’s just the latest of a series of breaches affecting airports around the world and disrupting air travel.
From the story, the spokesperson named Talbot indicated the breach wasn’t anything major and was cleared up fairly quickly.
Because that breach was discovered in the holding area, those passengers were evacuated so that airport security personnel could conduct a sweep.
“As far as a breach goes, it was minor,” said an airport official who declined to give his name and referred all further questions to Talbot.
One passenger told reporters that at least 20 RCMP officers wearing body armour were inside the security area checking people over suspiciously before they were evacuated. However, no one was arrested, Talbot said.
It makes me wonder if events like this are going to continue to happen and subsequently the response to these events might change. In fact, if these breaches keep happening security might start to expect stuff like this to happen. The probability, I see, is that if these happen all the time the response might start to taper off. Folks will take these less seriously in the interest of keeping planes, commerce and travel happening.
That would be a bad thing, I think. What’s your take?
One of my other professional hats is the Chief Content Officer at a real estate brokerage. In this role, I list property and help buyers find homes in Massachusetts. The fun part is that home security and methodology often carries across boundaries so I can make a security point using examples that come to me when doing home visits.
To that end, one of the biggest ways to protect your home is through insurance. But nobody wants to overpay for insurance or get too little coverage in case of a weather incident. Up here in the Northeast, the two biggest insurance expenses are flood insurance and hurricane insurance. While flood insurance is a real thing – and often really expensive, hurricane insurance isn’t really a specific type of insurance…it’s just an adjustment to overall homeowners insurance in areas where hurricanes have been shown to wreak havoc.
One way – but an inexact one – is to watch the forecast for the coming season and make plans for the storms the experts think will come ashore.
Ultimately, if you’re going to protect yourself and your property you need to be as informed as possible. It’s the same methodology IT professionals use when keeping data and facilities safe. Here’s wishing you an uneventful 2015 and a year that doesn’t cost you more than you can afford.
The Summer season of travel is upon us. Lots of folks are headed out to have amazing adventures here in the United States and within other countries all over the world. They’re bringing family, friends, loved ones and they’re also carting along the digital keys to their castles at home.
Don’t sit there and imagine the janitor’s keyring with 185 keys rattling around on it. The access I’m referencing is the online passage to accounts, data and financial history that could be very valuable to a thief. In fact, armed with one way to get into someone’s bank or investment accounts, thieves are often able to find more ways to wage war and attack victims’ personal information.
That’s got to stop. Essentially, the best way to keep your data, credit cards, passwords, home and other belongings safe is to be smart. Take only one or two credit cards with you when you travel. Bring a printed copy of all your cards, IDs and information in case there’s an issue and you need to notify credit card companies. Email a copy of this same information to yourself and to someone at home who can forward it to you in case you need it.
It sounds like common sense, but lots of travel guides discuss the best way to keep your self and your stuff safe. It’s by not carrying more than you need; keeping your wits about you; not going out into bad areas; and having a plan in case you do lose your belongings.
Have fun this Summer. See some great places, have some amazing adventures, and don’t lose your money or valuables.
If you have travel safety tips, please share them here. Thanks!
A few moments ago the journalists on ESPN announced that Tom Brady – quarterback for the New England Patriots – has been suspended for the first four games of the 2016 NFL season. This is a result of the #Deflategate investigation and the penalties handed out by the league. Added to the penalties were the loss of two draft picks – a first rounder in 2016 and a fourth rounder in 2017. Further, the team has been fined $1Million.
What’s this mean to anyone dealing with security issues? Actually a lot. In fact, if the NFL had been better at protecting the tools of the game, this situation might not have occurred at all. If the powers that control the game and regulate the pressure of the footballs used in the games was watched closer, one of the icons of the game wouldn’t have even had the chance to cheat to gain an advantage.
But that’s the big issue. In competition – as in business – companies and players are always looking for a competitive advantage. In this case, it seems that Tom Brady was trying to get an advantage by letting a little air out of the footballs that his team was using during the season. What this does – a softer football – is offer the quarterback an easier ball to handle and running backs and receivers a much easier ball to catch and carry.
In fact, it was said on ESPN tonight that a deflated football is almost impossible to lose control of. Which means fumbles are eliminated and any football fan knows how big a factor fumbles and takeaways are in whether a team wins or loses.
So, let’s talk about this as an analogy to business processes. How can we learn from this?
Essentially, we need to have better security at all levels. From front-line security and reception (akin to the ball boys and equipment managers), we need to ensure that only properly provisioned and approved personnel get onsite and have access to company data.
Then our inside staff – IT and technology personnel – should follow up and keep systems and facilities as safe as possible. This is similar to what the referees did when they found underinflated footballs in possession of the New England Patriots.
Ultimately, the stigma that will follow Tom Brady and the New England Patriots may leave an asterisk on all their successes – because nobody can truly know if they were deflating footballs as far back as their first Super Bowl win. And this type of stigma might manifest itself as loss of business when it comes to technology companies.
The lesson to be learned? Don’t be like Tom Brady when you look for a competitive advantage. Cheating is wrong, integrity is right, and we should all focus on security as much as possible. What’s your take?
How are you going to make your company more secure?
If you were in charge of the NFL, how would you punish cheaters and those who didn’t keep the game secure and clean?
In a plot twist worthy of Back to the Future, X-Men and Mission Impossible, a recent NCIS New Orleans show dealt with data encryption and smuggling and kidnapping. That’s not the coolest part. All of it was done using some real terminology and tools – not just movie magic or TV smoke and mirrors.
Yes, this is the second recent post that’s come from my love for TV mystery or cop shows. Yes, it does tie directly to data and information security. No, I don’t know why TV gets such a bad rap from parents all over the world. But back to data security and encryption.
In the episode they were following a theme that has been brought up before and explained away poorly. They were using images and the data embedded in images to give bad guys a handle on where drugs and other illegal substances would be exchanged. On other shows, it hasn’t quite worked because the way the decryption was shown was clunky. Now it actually makes sense.
But it makes me a little concerned. If the folks on TV can dumb down security challenges like image data encryption to the point that even I can understand it, is it an indicator that data thieves and other technology criminals will be upping their game soon? It’s akin to the media playing up incidents on the news which then results in copycat crimes of the same nature occurring.
Do you think the tech they’re showing us on cable is detailed enough to spur a whole generation of cyber criminals into action? Or should I take my worries elsewhere and just keep writing about how to keep facilities and data safe in the enterprise?
The television show Sherlock got me thinking about automotive security. While lots of folks are moving to cars with keyless entry and key fobs in their pocket and not in the dash, are thieves finding easier technological ways to boost your car?
According to an article in BBC News, computers are being used more to steal high-end cars.
I bring up the Sherlock show because on the show – SPOILER ALERT – Sherlock is friends with a former car thief and helps provide him an alibi in a recent episode by stealing about 20 Ferraris and Lamborghinis. The discussion turns to automotive security and it seems that even the most high-tech systems are easy to breach.
The article concurs. Here’s a snippet…
The thieves are able to bypass security using equipment intended only for mechanics, the Society of Motor Manufacturers and Traders (SMMT) said.
Manufacturers are trying to stay ahead of the thieves by updating software.
It has been reported that some London-based owners of Range Rovers have been denied insurance over the issue.
The warnings echoed those made by the US National Insurance Crime Bureau (NICB), which earlier this year said it had seen a “spike” in car thefts involving equipment to spoof keyless entry.
What are drivers to do? Likely just hope their car doesn’t get chosen. Since the early 2000s, keys with chips in them have been used to thwart thieves. But now that actual keys aren’t needed, who knows what’s next on the road to vehicle security?
If you recall, last year, Miss Teen USA, Cassidy Wolf’s, computer was hacked and the hacker then attempted to “sextort” her by threatening to post nude photographs of her on various social media sites. The hacker employed the notorious Blackshades RAT malware on her laptop to do his dirty work. Here’s a clip of her CNN interview:
Most all laptops, tablets, phones and other mobile devices these days have built in cameras. All Apple iMac computers have them.
What can you do to prevent being spied upon? Here’s my short list of five preventive measures.
- Cover the camera when you aren’t using it. A sticky note or a piece of masking tape works just fine.
- Turn your device off when you aren’t using it. Not only will the camera not work, you’ll save a little on your energy bill.
- Close the lid. I keep my MacBook Pro closed when I’m not using it. A hacker will see only black if they have any access to it.
- Run good anti-malware software and keep it updated along with all your applications and your firmware as well. Scan for malware regularly.
- Don’t use your computer when you’re naked. (I had to through that one in there…lol)
From Last Week Tonight with John Oliver: Government Surveillance (HBO)
You won’t believe what they talk about! Not for work or if any kids are around…
So, I was working away trying to recover some lost data for one of my students when my cell phone rang. It came up “Unknown” on the caller ID. I normally don’t answer calls I can’t identify, but I was irritated and frustrated and I answered it in hopes I’d have someone to launch a tirade against (I have been on every “Do Not Call” list with every phone number I’ve ever had, but it’s a useless regulation, since no telemarketing firm ever honors it. I usually give them an ear full and threaten all sorts of legal mayhem, but it rarely does any good).
“Hello, this is Ken.”
“Hello, Ken, I am calling about your computer.” (Heavy Indian/Pakistani accent)
“What?” (Pretending not to understand)
(A bit agitated, now) “We have been receiving many errors from your computer.”
I play along for a second, “Really? What kind of errors?”
“You have many system errors and viruses on your computer.”
“Oh, really? How are you getting these errors?”
“We monitor all computers for errors. We want to help you fix your computer.”
At this point, I lost my desire to play games “Look buddy, I’m a computer security expert and you are full of s… and a con artist.”
Before I even finished the sentence, I began hearing a stream of “F… you, F… you.” I told him if he called again, I would trace it and he hung up with one last expletive from me, this time.
In hindsight, I probably should have played along, let him into one of my spare laptops and recorded the session and his IP address so I could report it properly, but I was just too preoccupied with other matters.
If I get another call like this, I’ll do that. I just didn’t think it would ever happen to me.