Lack of Enthusiasm for Windows 8?

I'm sure everyone has heard about the new release of Windows 8 by now. After reading a couple articles it's clear that a lot of companies are not thrilled at all with the idea of upgrading to Windows 8 with many calling it the "Windows Vista of 2012. (Smith, 2012.)" Since Microsoft will no longer support XP as of April 2014, more copies than ever are flying off the shelves of Windows 7 instead of the brand new Windows 8. The website cites many reasons for this.

One of the main reasons is that users are not comfortable switching up to a whole new User Interface. There is always a resistance with change and with computers there seems to be an even bigger force. Computers and networking are the life of the company and to have to re-learn to use something that was already functioning just fine is a tough pill to swallow for most.

Another reason is cost. Most companies don't have the money to shell out for a new platform when the benefits aren't overly pronounced. Some are even completely against Microsoft altogether, preferring Linux to it. Some of the reason for this is that if there is an issue in the system file and you need help making a patch you can put your patch out there and ask other Linux users for advice on how to make your patch better.

I think I may only be one of the few when I say that I generally find change exciting. I hate doing the same boring things everyday. Although, learning the idiosyncrasies of a new platform is often times frustrating and annoying, I find that having a new screen to look at and navigate keeps thing interesting for me. It seems that most people generally fall on the other side of the spectrum but I generally embrace change.

I know my company has already stated that they will adopt the new Windows 8 platform but probably won't do so until at least next year. This gives time to really test out the system and give users a bit of a "break" before unleashing in onto the "forces."


Reference:
Smith, G. (2012, July 19). Windows 8 in the enterprise: Why it pros say no. Retrieved from http://www.techrepublic.com/blog/window-on-windows/windows-8-in-the-enterprise-why-it-pros-say-no/6372?tag=main;carousel

Risk Management and Cyber Security

"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." --Sun Tzu

These wise words were written by someone who is deemed as a visionary for his time. He was a military general and strategist and many of his thoughts are compiled in the book entitled Art of War.  It just so happens that much of his knowledge can be shared by the Information Security world as well conventional warfare world because the defense strategy and warplay seem to fall a long the same lines.

To ensure a company is safe it must first compile a list of assets and vulnerabilities. This is where the "know yourself" philosophy comes into play. Once you list all of your assets and vulnerabiliities it gives you a clearer picture of what you are working with and what still needs to be done. Then a plan of action needs to be implemented and evaluated to protect your assets. The same is true of creating a list for your enemy, which is where the "know your enemy" line comes into play.

I found an interesting article about how small business's don't think they need a security plan.The article states that there was a survey conducted of which "Seventy-seven percent of small- and medium-sized businesses believe that their companies are safe from cyberthreats and yet 83 percent of them have no formal cybersecurity plan. (Cooper)" I think this number is alarming. I'm not sure what makes SMB's think they can get away without having security. Perhaps it's that they falsely think that attackers are only interested in attacking big corporations. Either way it's high time that security is made a priority instead of an option in all business's. A business is someone's livelihood. When it falls, so does the individual. No one company is immune to cyber warfare.

References:

Cooper, C. (n.d.). Retrieved from http://news.cnet.com/8301-1009_3-57533453-83/small-biz-survey-no-cybersecurity-plans-no-worries-what/

Whitman, M. E., & Mattord, H. J. (2011). Management of information security. (3rd ed.). Course Technology Ptr.

Is Skype truly safe for confidential use??

The question was brought up last week in class by a student about whether Skype is safe to use in a business sense. It seemed obvious to me that Skype shouldn’t be deemed safe for business/confidential use because of all the attacks lately on the news about it but some students had a different thought. So when I seen a new article written about the privacy concerns of Skype I need I had to write a post about it.

This week an article on cnet.com reported that “a malicious worm is spreading through Skype instant message threatens to take control of a victim’s machine and hold its contents for ransom.(Musil,  2012)” Basically there is a zip file with a link and some verbiage attached to it like “lol is this your new profile pic? (Musil,  2012)” When a user clicks on that link a worm installs and creates a backdoor and the attacker takes control and installs a ransomware application. The user gets a message on their screen saying they need to pay $__ amount of dollars or risk having their filed deleted. It also tries give off the impression that they are working  along with the government claiming that the PC has been used to download illegal material (mp3’s, pornography etc.).

Skype is still investigating the incidents and suggest that you should never click on a suspicious link even if it looks like it’s from someone you know. They recommend updating to the newest Skype version and also upgrading your computer antivirus. This kind of stuff can happen to any software. But this just is one more piece of evidence to prove that Skype should not be used for confidential information no matter whether you use its videoconferencing or its instant messaging features.

 References:

Musil, S. (2012, October 8). Worm spreading on skype im installsransomware. . Retrieved fromhttp://news.cnet.com/8301-1009_3-57528353-83/worm-spreading-on-skype-im-installs-ransomware/

My interest in social networking..

By now you've probably made the connection that social media and gadgets are some of my favorite things to blog about. With social media it isn't so much that I absolutely love it and can't get enough of it, it's that I find the way it works/how people connect to be fascinating. With gadgets, I like to play with new pieces of advanced technology so I take a special interest in them. With that being said, today I'm following up on an article I wrote a couple weeks ago on how Twitter is getting a new security team.

When I first heard the news of a new Twitter security team, I immediately felt bit relieved that finally a social media site was starting to take the security of their users seriously. Unfortunately this feeling subsided a bit after hearing the news about another hack on users accounts. The occurrence happened this past week and it involved hackers breaking into Twitter users accounts with desirable handles such as "@blanket" and stealing their account from them in order to try to sell the handle to make money. There is a loophole in Twitter's password reset process allowing this brute force attack to take place. Twitter limits the log-in's by IP address only instead of by account so this allows a hacker with multiple IP address's to try multiple times to gain access to ones account. Once they steal your account they try to sell your handle to the highest bidder. After several attempts for one specific user to get help from Twitter they finally gave him his account back, data in tact.

Now, I don't expect Twitter to solve every issue that could come their way but I did expect that breaches like this would be handled better. For instance, they could employ the password reset that blocks a single account from being accessed incorrectly more than a certain amount of times instead of by IP address. While no company is perfect, since it was in the news about Twitter getting a new security team the other day I expected a bit more.

Reference:

Terdiman, D. (2012, Oct 1). Security hole exposes twitter accounts to hacking, victim claims. Retrieved from http://news.cnet.com/8301-1009_3-57522601-83/security-hole-exposes-twitter-accounts-to-hacking-victim-claims/