If I said to you that a hurricane hackers group was created because of hurricane Sandy you would mostly like reply with "say what?!?!" Well it's true and it's made up of a group of hackers (called CrisisCampers) that got together in Boston, cities on the West Coast and even in New Zealand to attend a workshop where they "designed and coded projects to help local communities prepare for and cope with crisis. (Mack, 2012)" One of the projects they started working on will categorize images for building damage and they also started a document that will try to keep track of all recovery data in one place.
The workshops took place this weekend and were free to the public. They wanted volunteers to show up in-person and asked that if you were/are involved in the on-ground recovery efforts that you sign up for the e-mail loop so that you can help coordinate information with the CrisisCampers. Another group was started by MIT's Media Lab (Hurricane Hackers) that is closely related to this group. They've been helping to coordinate relief efforts via Twitter.
I personally think utilizing technology this way will be extremely beneficial in helping disaster relief efforts run more smoothly in the future. Also, it is another notch to add to the long list of technology-related accomplishments. There's always a great sense of pride and good will when volunteers team up and put their minds together to create something beneficial for all out of the goodness of their hearts. Although a bit of a stretch for some, one could say that coding is a bit of an art form. Look at what types of things you can create (web pages, video games, computer platforms), all from coding.
Our nation relies so much on technology that if anything were to ever cause a massive strike to it that it would be massively devastating. People are so used to using technology to do things that, a lot of times, they forget how to do things the "old-fashioned" way. Now, more than ever, we need to beef up our Information Security personnel in all aspects. That way we at least have a running shot at potentially combating Info Sec hackers.
Reference:
http://news.cnet.com/8301-17938_105-57544230-1/superstorm-sandy-hurricane-hackers-gather-to-help/
Sunday, November 4, 2012
Sunday, October 28, 2012
Lack of Enthusiasm for Windows 8?
I'm sure everyone has heard about the new release of Windows 8 by now. After reading a couple articles it's clear that a lot of companies are not thrilled at all with the idea of upgrading to Windows 8 with many calling it the "Windows Vista of 2012. (Smith, 2012.)" Since Microsoft will no longer support XP as of April 2014, more copies than ever are flying off the shelves of Windows 7 instead of the brand new Windows 8. The website cites many reasons for this.
One of the main reasons is that users are not comfortable switching up to a whole new User Interface. There is always a resistance with change and with computers there seems to be an even bigger force. Computers and networking are the life of the company and to have to re-learn to use something that was already functioning just fine is a tough pill to swallow for most.
Another reason is cost. Most companies don't have the money to shell out for a new platform when the benefits aren't overly pronounced. Some are even completely against Microsoft altogether, preferring Linux to it. Some of the reason for this is that if there is an issue in the system file and you need help making a patch you can put your patch out there and ask other Linux users for advice on how to make your patch better.
I think I may only be one of the few when I say that I generally find change exciting. I hate doing the same boring things everyday. Although, learning the idiosyncrasies of a new platform is often times frustrating and annoying, I find that having a new screen to look at and navigate keeps thing interesting for me. It seems that most people generally fall on the other side of the spectrum but I generally embrace change.
I know my company has already stated that they will adopt the new Windows 8 platform but probably won't do so until at least next year. This gives time to really test out the system and give users a bit of a "break" before unleashing in onto the "forces."
Reference:
Smith, G. (2012, July 19). Windows 8 in the enterprise: Why it pros say no. Retrieved from http://www.techrepublic.com/blog/window-on-windows/windows-8-in-the-enterprise-why-it-pros-say-no/6372?tag=main;carousel
One of the main reasons is that users are not comfortable switching up to a whole new User Interface. There is always a resistance with change and with computers there seems to be an even bigger force. Computers and networking are the life of the company and to have to re-learn to use something that was already functioning just fine is a tough pill to swallow for most.
Another reason is cost. Most companies don't have the money to shell out for a new platform when the benefits aren't overly pronounced. Some are even completely against Microsoft altogether, preferring Linux to it. Some of the reason for this is that if there is an issue in the system file and you need help making a patch you can put your patch out there and ask other Linux users for advice on how to make your patch better.
I think I may only be one of the few when I say that I generally find change exciting. I hate doing the same boring things everyday. Although, learning the idiosyncrasies of a new platform is often times frustrating and annoying, I find that having a new screen to look at and navigate keeps thing interesting for me. It seems that most people generally fall on the other side of the spectrum but I generally embrace change.
I know my company has already stated that they will adopt the new Windows 8 platform but probably won't do so until at least next year. This gives time to really test out the system and give users a bit of a "break" before unleashing in onto the "forces."
Reference:
Smith, G. (2012, July 19). Windows 8 in the enterprise: Why it pros say no. Retrieved from http://www.techrepublic.com/blog/window-on-windows/windows-8-in-the-enterprise-why-it-pros-say-no/6372?tag=main;carousel
Sunday, October 21, 2012
Risk Management and Cyber Security
"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." --Sun Tzu
These wise words were written by someone who is deemed as a visionary for his time. He was a military general and strategist and many of his thoughts are compiled in the book entitled Art of War. It just so happens that much of his knowledge can be shared by the Information Security world as well conventional warfare world because the defense strategy and warplay seem to fall a long the same lines.
To ensure a company is safe it must first compile a list of assets and vulnerabilities. This is where the "know yourself" philosophy comes into play. Once you list all of your assets and vulnerabiliities it gives you a clearer picture of what you are working with and what still needs to be done. Then a plan of action needs to be implemented and evaluated to protect your assets. The same is true of creating a list for your enemy, which is where the "know your enemy" line comes into play.
I found an interesting article about how small business's don't think they need a security plan.The article states that there was a survey conducted of which "Seventy-seven percent of small- and medium-sized businesses believe that their companies are safe from cyberthreats and yet 83 percent of them have no formal cybersecurity plan. (Cooper)" I think this number is alarming. I'm not sure what makes SMB's think they can get away without having security. Perhaps it's that they falsely think that attackers are only interested in attacking big corporations. Either way it's high time that security is made a priority instead of an option in all business's. A business is someone's livelihood. When it falls, so does the individual. No one company is immune to cyber warfare.
References:
Cooper, C. (n.d.). Retrieved from http://news.cnet.com/8301-1009_3-57533453-83/small-biz-survey-no-cybersecurity-plans-no-worries-what/
Whitman, M. E., & Mattord, H. J. (2011). Management of information security. (3rd ed.). Course Technology Ptr.
These wise words were written by someone who is deemed as a visionary for his time. He was a military general and strategist and many of his thoughts are compiled in the book entitled Art of War. It just so happens that much of his knowledge can be shared by the Information Security world as well conventional warfare world because the defense strategy and warplay seem to fall a long the same lines.
To ensure a company is safe it must first compile a list of assets and vulnerabilities. This is where the "know yourself" philosophy comes into play. Once you list all of your assets and vulnerabiliities it gives you a clearer picture of what you are working with and what still needs to be done. Then a plan of action needs to be implemented and evaluated to protect your assets. The same is true of creating a list for your enemy, which is where the "know your enemy" line comes into play.
I found an interesting article about how small business's don't think they need a security plan.The article states that there was a survey conducted of which "Seventy-seven percent of small- and medium-sized businesses believe that their companies are safe from cyberthreats and yet 83 percent of them have no formal cybersecurity plan. (Cooper)" I think this number is alarming. I'm not sure what makes SMB's think they can get away without having security. Perhaps it's that they falsely think that attackers are only interested in attacking big corporations. Either way it's high time that security is made a priority instead of an option in all business's. A business is someone's livelihood. When it falls, so does the individual. No one company is immune to cyber warfare.
References:
Cooper, C. (n.d.). Retrieved from http://news.cnet.com/8301-1009_3-57533453-83/small-biz-survey-no-cybersecurity-plans-no-worries-what/
Whitman, M. E., & Mattord, H. J. (2011). Management of information security. (3rd ed.). Course Technology Ptr.
Sunday, October 14, 2012
Is Skype truly safe for confidential use??
The question was brought up last week in class by a student about whether Skype is safe to use in a business sense. It seemed obvious to me that Skype shouldn’t be deemed safe for business/confidential use because of all the attacks lately on the news about it but some students had a different thought. So when I seen a new article written about the privacy concerns of Skype I need I had to write a post about it.
This week an article on cnet.com reported that “a malicious worm is spreading through Skype instant message threatens to take control of a victim’s machine and hold its contents for ransom.(Musil, 2012)” Basically there is a zip file with a link and some verbiage attached to it like “lol is this your new profile pic? (Musil, 2012)” When a user clicks on that link a worm installs and creates a backdoor and the attacker takes control and installs a ransomware application. The user gets a message on their screen saying they need to pay $__ amount of dollars or risk having their filed deleted. It also tries give off the impression that they are working along with the government claiming that the PC has been used to download illegal material (mp3’s, pornography etc.).
Skype is still investigating the incidents and suggest that you should never click on a suspicious link even if it looks like it’s from someone you know. They recommend updating to the newest Skype version and also upgrading your computer antivirus. This kind of stuff can happen to any software. But this just is one more piece of evidence to prove that Skype should not be used for confidential information no matter whether you use its videoconferencing or its instant messaging features.
References:
Musil, S. (2012, October 8). Worm spreading on skype im installsransomware. . Retrieved fromhttp://news.cnet.com/8301-1009_3-57528353-83/worm-spreading-on-skype-im-installs-ransomware/
This week an article on cnet.com reported that “a malicious worm is spreading through Skype instant message threatens to take control of a victim’s machine and hold its contents for ransom.(Musil, 2012)” Basically there is a zip file with a link and some verbiage attached to it like “lol is this your new profile pic? (Musil, 2012)” When a user clicks on that link a worm installs and creates a backdoor and the attacker takes control and installs a ransomware application. The user gets a message on their screen saying they need to pay $__ amount of dollars or risk having their filed deleted. It also tries give off the impression that they are working along with the government claiming that the PC has been used to download illegal material (mp3’s, pornography etc.).
Skype is still investigating the incidents and suggest that you should never click on a suspicious link even if it looks like it’s from someone you know. They recommend updating to the newest Skype version and also upgrading your computer antivirus. This kind of stuff can happen to any software. But this just is one more piece of evidence to prove that Skype should not be used for confidential information no matter whether you use its videoconferencing or its instant messaging features.
References:
Musil, S. (2012, October 8). Worm spreading on skype im installsransomware. . Retrieved fromhttp://news.cnet.com/8301-1009_3-57528353-83/worm-spreading-on-skype-im-installs-ransomware/
Sunday, October 7, 2012
My interest in social networking..
By now you've probably made the connection that social media and gadgets are some of my favorite things to blog about. With social media it isn't so much that I absolutely love it and can't get enough of it, it's that I find the way it works/how people connect to be fascinating. With gadgets, I like to play with new pieces of advanced technology so I take a special interest in them. With that being said, today I'm following up on an article I wrote a couple weeks ago on how Twitter is getting a new security team.
When I first heard the news of a new Twitter security team, I immediately felt bit relieved that finally a social media site was starting to take the security of their users seriously. Unfortunately this feeling subsided a bit after hearing the news about another hack on users accounts. The occurrence happened this past week and it involved hackers breaking into Twitter users accounts with desirable handles such as "@blanket" and stealing their account from them in order to try to sell the handle to make money. There is a loophole in Twitter's password reset process allowing this brute force attack to take place. Twitter limits the log-in's by IP address only instead of by account so this allows a hacker with multiple IP address's to try multiple times to gain access to ones account. Once they steal your account they try to sell your handle to the highest bidder. After several attempts for one specific user to get help from Twitter they finally gave him his account back, data in tact.
Now, I don't expect Twitter to solve every issue that could come their way but I did expect that breaches like this would be handled better. For instance, they could employ the password reset that blocks a single account from being accessed incorrectly more than a certain amount of times instead of by IP address. While no company is perfect, since it was in the news about Twitter getting a new security team the other day I expected a bit more.
Reference:
Terdiman, D. (2012, Oct 1). Security hole exposes twitter accounts to hacking, victim claims. Retrieved from http://news.cnet.com/8301-1009_3-57522601-83/security-hole-exposes-twitter-accounts-to-hacking-victim-claims/
When I first heard the news of a new Twitter security team, I immediately felt bit relieved that finally a social media site was starting to take the security of their users seriously. Unfortunately this feeling subsided a bit after hearing the news about another hack on users accounts. The occurrence happened this past week and it involved hackers breaking into Twitter users accounts with desirable handles such as "@blanket" and stealing their account from them in order to try to sell the handle to make money. There is a loophole in Twitter's password reset process allowing this brute force attack to take place. Twitter limits the log-in's by IP address only instead of by account so this allows a hacker with multiple IP address's to try multiple times to gain access to ones account. Once they steal your account they try to sell your handle to the highest bidder. After several attempts for one specific user to get help from Twitter they finally gave him his account back, data in tact.
Now, I don't expect Twitter to solve every issue that could come their way but I did expect that breaches like this would be handled better. For instance, they could employ the password reset that blocks a single account from being accessed incorrectly more than a certain amount of times instead of by IP address. While no company is perfect, since it was in the news about Twitter getting a new security team the other day I expected a bit more.
Reference:
Terdiman, D. (2012, Oct 1). Security hole exposes twitter accounts to hacking, victim claims. Retrieved from http://news.cnet.com/8301-1009_3-57522601-83/security-hole-exposes-twitter-accounts-to-hacking-victim-claims/
Sunday, September 30, 2012
Samsung dialer remote-wipe vulnerability
Just as the new iPhone had a vulnerability, so too does a range of Samsung smartphones. Late last week it was discovered that some Samsung phones could be remotely wiped clean with the Dialer app. Right now, it is unclear why exactly someone would want to employ this type of assault on Samsung phone users because there is no monetary benefit. It has been studied that hackers normally do their "hacking" for financial gain. However, there is no monetary gain in simply wiping the personal information out of someone's phone. Samsung sent an over-the-air patch out to try to clear the issue up but it's not clear if all Samsung phones will have the patch available to them.
Lookout Mobile Security, a popular mobile phone antivirus, has issued a free fix that will scan telephone links before they open and tell you if they are malicious. This should help the majority of Samsung phone users with security of their phone. Lookout is the only antivirus company to produce a patch for this sort of breach.
As I said in my last post, it's inevitable when a new phone rolls out for there to be security breaches within them. It's great that companies like Lookout are taking a proactive approach to protecting consumers information. However, far more should be done by everyone to combat the huge problem of mobile cyber security. It seems like companies don't take this type of breach seriously since it only involves dumping of the users data, no attacks on their money etc. A simple breach like this is practically an open door for more attacks to be studied and implemented based off of the breach example. For instance, once they learn they can gain access to your personal infomation through the Dialer app they can then use the information to try to figure out how to steal from people through this approach.
I've feel like we've hit the time where we've created enough technology/gadgets to keep us happy for a long time. Now, we need to work on keeping these items secure and also learn how to maintain them. Most of us aren't even aware of the full range of capabilities of the teachnology we have surrounding us.
Lookout Mobile Security, a popular mobile phone antivirus, has issued a free fix that will scan telephone links before they open and tell you if they are malicious. This should help the majority of Samsung phone users with security of their phone. Lookout is the only antivirus company to produce a patch for this sort of breach.
As I said in my last post, it's inevitable when a new phone rolls out for there to be security breaches within them. It's great that companies like Lookout are taking a proactive approach to protecting consumers information. However, far more should be done by everyone to combat the huge problem of mobile cyber security. It seems like companies don't take this type of breach seriously since it only involves dumping of the users data, no attacks on their money etc. A simple breach like this is practically an open door for more attacks to be studied and implemented based off of the breach example. For instance, once they learn they can gain access to your personal infomation through the Dialer app they can then use the information to try to figure out how to steal from people through this approach.
I've feel like we've hit the time where we've created enough technology/gadgets to keep us happy for a long time. Now, we need to work on keeping these items secure and also learn how to maintain them. Most of us aren't even aware of the full range of capabilities of the teachnology we have surrounding us.
Sunday, September 23, 2012
New Apple iOS 6 quirks..
It's inevitable...anytime a new phone is released whether Apple or Android, there are bound to be a few "bugs" to shake out. Apple recently released it's new version of the iPhone running iOS 6, gleaming a huge profit. However, there are a few bugs that must be fixed first.
The first of all deals with the social media sites Facebook and Twitter. It has been reported that other people can send Facebook message and tweets from your new iPhone even if the phone is locked. This is because Apple has enabled Siri voice command to interact with Twitter and Facebook even when your phone is locked. The simple fix for this is to go through your settings to "disable" Siri from being activated in the passcode state.
The second thing that has many people anxious is a fix for it's new Apple Maps program. Since Apple has decided to drop Google off of their preloaded apps lineup as well as the Apple Store since they haven't been "playing nice" now that Google has teamed up with Android. Then they decided to create their own new program called Apple Maps. Unfortunately for many, the Apple Maps program is said to have very basic maps with little detail and GPS guidance that is off kilter. To get around this for now, you can bookmark the much more detailed and exact Google Maps in your browser and can get to it anytime you have access to phone service.
There are many quirks that most phones endure the following days after launch and there is no doubt in my mind that the latter of these two issues will be addressed in the coming months. It has been reported that Apple made this risk because they wanted to get away from Google and make their own version of maps, even if it wasn't anywhere near ready yet. Polls have shown that despite these minor hiccups, Apple has done exceeding well in their sales.
References
Cooper, C. (2012, sept 22). ios 6 maps was no big surprise to apple. Retrieved from http://news.cnet.com/8301-13579_3-57517967-37/ios-6-map-mess-was-no-big-surprise-to-apple/
Mills, E. (2012, SEP 20). ios 6 allows tweets, facebook posts from locked device. Retrieved from http://news.cnet.com/8301-1009_3-57517364-83/ios-6-allows-tweets-facebook-posts-from-locked-device/
The first of all deals with the social media sites Facebook and Twitter. It has been reported that other people can send Facebook message and tweets from your new iPhone even if the phone is locked. This is because Apple has enabled Siri voice command to interact with Twitter and Facebook even when your phone is locked. The simple fix for this is to go through your settings to "disable" Siri from being activated in the passcode state.
The second thing that has many people anxious is a fix for it's new Apple Maps program. Since Apple has decided to drop Google off of their preloaded apps lineup as well as the Apple Store since they haven't been "playing nice" now that Google has teamed up with Android. Then they decided to create their own new program called Apple Maps. Unfortunately for many, the Apple Maps program is said to have very basic maps with little detail and GPS guidance that is off kilter. To get around this for now, you can bookmark the much more detailed and exact Google Maps in your browser and can get to it anytime you have access to phone service.
There are many quirks that most phones endure the following days after launch and there is no doubt in my mind that the latter of these two issues will be addressed in the coming months. It has been reported that Apple made this risk because they wanted to get away from Google and make their own version of maps, even if it wasn't anywhere near ready yet. Polls have shown that despite these minor hiccups, Apple has done exceeding well in their sales.
References
Cooper, C. (2012, sept 22). ios 6 maps was no big surprise to apple. Retrieved from http://news.cnet.com/8301-13579_3-57517967-37/ios-6-map-mess-was-no-big-surprise-to-apple/
Mills, E. (2012, SEP 20). ios 6 allows tweets, facebook posts from locked device. Retrieved from http://news.cnet.com/8301-1009_3-57517364-83/ios-6-allows-tweets-facebook-posts-from-locked-device/
Sunday, September 16, 2012
Twitter and New Security "Dream Team?"
You heard it right...Twitter has been working hard on what some are referring to as a "security dream team." This is a pretty important step for a social media site to actually say that they care about the security of theirselves and users information (to an extent at least). With many social media sites practically "giving" away their users information to anyone who asks for it, Twitter is trying to take a different approach. They recently hired Charlie Miller, "famous for his hacks on the iPhone and MacBook Air, finding hols in iOS and devising ways to hijak Android phone with NFS. (Mills, 2012)"
So now, not only the President but also social media sites are starting to take their cyber data seriously. I think since the Web 2.0 boom, when these technologies literally appeared out of thin air, no one really gave a second thought/had time to think about what implications this new technology would have against safeguarding cyber data. Now that these technologies have been around for a while and quite a few malicious attacks have been made, we are discovering that we really need to step up the way we protect information that is private and important to our lives. It's good to see that some social media sites are starting to implement security features, although not by leaps and bounds. Baby steps are a sign of change.
Reference:
Mills, E. (2012, 09 14). Twitter hires security expert charlie miller. Retrieved from http://news.cnet.com/8301-1009_3-57511803-83/twitter-hires-security-expert-charlie-miller/
So now, not only the President but also social media sites are starting to take their cyber data seriously. I think since the Web 2.0 boom, when these technologies literally appeared out of thin air, no one really gave a second thought/had time to think about what implications this new technology would have against safeguarding cyber data. Now that these technologies have been around for a while and quite a few malicious attacks have been made, we are discovering that we really need to step up the way we protect information that is private and important to our lives. It's good to see that some social media sites are starting to implement security features, although not by leaps and bounds. Baby steps are a sign of change.
Reference:
Mills, E. (2012, 09 14). Twitter hires security expert charlie miller. Retrieved from http://news.cnet.com/8301-1009_3-57511803-83/twitter-hires-security-expert-charlie-miller/
Friday, September 7, 2012
President Takes Cybersecurity Seriously...
Recently President Obama has considered an overhaul of the current system that protects the nations cyber information. It is currently outdated (created in 2003) and leaves a lot of "wiggle room" for a cyber attacker to swoop in and steal or harm the integrity of government information that is shared between the private sectors. Year after year Congress has debated what to do concerning the matter but have not come to any sustainable conclusions. Mr. Obama states is ready to take on Congress unless something is agreed upon.
This sends a strong message that the President highly values the presence of cybersecurity ideals. Think about what a wide-spread online attack to information would do to this country. Since we rely so heavily on computers and transacting business online it would completely devastate the whole country. We would essentially be boxed out from the rest of the world with little interaction.
Reference:
This sends a strong message that the President highly values the presence of cybersecurity ideals. Think about what a wide-spread online attack to information would do to this country. Since we rely so heavily on computers and transacting business online it would completely devastate the whole country. We would essentially be boxed out from the rest of the world with little interaction.
Reference:
Kincaid, M. (2012, August 31). Cybersecurity news roundup: Obama administration considers cyber options. Retrieved from http://www.clearancejobs.com/defense-news/848/cybersecurity-news-round-up-obama-administration-considers-cyber-options
Thursday, August 30, 2012
Another major data breech
It seems all too familiar when we hear about breeches in data. When our data falls into the wrong hands it is subject to loss of integrity and of course confidentiality. Recently, "Team GhostShell" has launched a massive attack against banks and politicians in some sort of protest, gaining access to more than one million personal accounts. They vow that this is only the beggining of their attacks too, with more attacks being planned for later in the year. It appears as though SQL injection was the favored method of attack.
What this article proves is that CyberSecurity is absolutely essential in today's world and that more focus needs to be placed in this area in order to catch up with the ever-increasing world of cyber technology. Right now, I believe that the level of technology far outweighs the level of security to protect the technology. It's like leaving your home unlocked and expecting no one to take anything. Of course, that was a bit of a dramatic scenario but I think the point has been made. What kinds of ways do all of you propose that we better safeguard information than we are currently doing?
Resource:
What this article proves is that CyberSecurity is absolutely essential in today's world and that more focus needs to be placed in this area in order to catch up with the ever-increasing world of cyber technology. Right now, I believe that the level of technology far outweighs the level of security to protect the technology. It's like leaving your home unlocked and expecting no one to take anything. Of course, that was a bit of a dramatic scenario but I think the point has been made. What kinds of ways do all of you propose that we better safeguard information than we are currently doing?
Resource:
Mills, E. (2012, August 28). Hackers vow 'hellfire' in latest major data leak. Retrieved from http://news.cnet.com/8301-1009_3-57501931-83/hackers-vow-hellfire-in-latest-major-data-leak/
Subscribe to:
Posts (Atom)