Oct 252014

Privacy is important for people.  Even if they do nothing wrong.  Privacy is no longer a social norm.  If you think that you are not bad person, it still should matter to you.  We all need the security of having our private life private.  Anything that we do could become scrutinized by someone, but would like to keep between certain people. Suppose my best friend tells me something about his health.  This is something he may not want me to put on Facebook, nor would I.  Why?  Because he told me in confidence.  But, in a surveillance society, everything said and everything known is scrutinized and governments can make assumptions about you because of this information.  Here is a great video about privacy and why it is important.

Oct 242014

The authors of Phishme ran some malware they received in a spam message.  They ran it on a virtual machine, so as not to infect any other machines.  This is what they found.  It ran a keylogger, took screenshots, and downloaded all the passwords on the browser; then it was emailed to the attacker  The author was able to find out the attackers email credentials.  It makes me smile watching this type of thing in action.  This type of malware, however, is written very likely by a  script kiddie, and is not a professional.  Sadly, a professional would not be so careless and would not make these kinds of mistakes.

Here are my originating articles:

Phishing email delivers keylogger malware, also takes screenshots

.NET keylogger: watching attackers watch you

Oct 232014

President Obama signed an Executive Order that Initiates the Federal Government to change over all Federal Credit and Debit Cards over to the MicroChips there by replacing the Magnetic strip which plagued Target in their security breach late last year.  Many retailers have already committed to this such as Target and Walmart .  This is great, but the banks and others need to follow suit to make this technology viable.  If the common consumer does not have access to this, it will be the old magnetic strip which is very susceptible to fraud.

FACT SHEET: Safeguarding Consumers’ Financial Security

Here is the Video of President Obama signing the Executive Order and explaining it.

Oct 222014

The cloud is a rather convenient place.  It houses all of our pictures after we take them.  It saves spreadsheets and presentations and any other useful files to be retrieved at a moment’s notice from any internet connected device.  However, is it really that secure?  This report from Bruce Schneier and another resource by Ouch!

Risks of Cloud Computing – Bruce Schneier

[gview file=”http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201409_en.pdf”]

Dr James Walden goes into some technical aspects on the server side in this presentation.

Oct 212014

This SSL 3.0 bug is not quite as dangerous as the Heartbleed.  However, it still can provide information unintended to be seen by the attacker.  POODLE, Padding Oracle On Downgraded Legacy Encryption, was discovered by a Google team and utilizes the compatibility mode of SSL 3.0 with an 18 year old outdated legacy encryption.  This allows communicating with a lesser encryption method, which is now completely outdated but allows an attacker to view a communication between the host and client.  This is only a medium threat, but still a threat.

Here is the article that I am referring to: POODLE exploits SSL 3.0 fallback

Here is a video describing how this actually works.

Oct 202014

Students are under surveillance 24/7.  After the shootings in so many schools from Columbine in 1999 to the Virginia Tech Shooting in 2007 to Sandy Hook Elementary and then the recent shooting at Reynolds High School makes us all worried about our children.  The result of this is tighter security controls within the schools themselves.   This is really necessary and I applaud the efforts; however, how far should we go.  Since the Columbine shootings, there has been a monumental change in the way students are monitored daily.  There is the massive amount of surveillance that has been imposed upon our children in schools.  This type of monitoring includes Physical security, Video Security, Social Media Surveillance, and Internet Censorship.  Some of these technologies even data mine students information.  This can cause other problems in the future making students more conditioned to the everyday invasion into their lives.  Even though  most of this may be necessary, what is next? Here is the full article for the specifics: Grooming Students for A Lifetime of Surveillance

Here is some information on Internet Surveillance: Warily, Schools Watch Students on the Internet

Here is some more information on Data Mining of Students: A day in the life of a data mined kid

Here is the audio of the Data Mining of Students

Here is some more information on Social Media Monitoring: California school district hires firm to monitor students’ social media

At some schools, ‘Big Brother’ is watching

Here is a Brochure from Cisco Systems on Physical Security in Schools this ties in with all the others:

[gview file=”http://www.cisco.com/web/strategy/docs/education/safetyBroch013108.pdf” profile=”3″]


Oct 192014

The cost of CyberCrime and CyberAttacks are costing companies great expenditures.  The cost of responding to those attacks is $12.7 million!  That is probably in line with the fact that Home Depot, Dairy Queen, Goodwill, Kmart, and Target have all been attacked in the last year.  That is a 176% increase in cyber attacks and a total of 138 successful attacks.  That isn’t even the scariest part.  The scary part is that it took an average of 170 days to find out that they were attacked and took forty-five more days to rectify the problem!  This was from a survey of only 59 companies…Here is the original article from Security Week.

Cost of Cyber Attacks Jumps for US Firms: Study

WordPress Appliance - Powered by TurnKey Linux