In the past few days, we learned that Global Payments Inc, a middle-man credit checking company, suffered a breach of its systems starting in January of this year. It has been speculated that up to 10 million card holders might be at risk.
Even with the growing trend of these types of attacks, your personal security both online and offline is still heavily dependent upon your own behavior. The sites you visit, your personal account management and password policies, and the data you post online can all help or undermine your personal security.
There has been quite a bit of noise about the Girls Around You app, and similar smartphone applications that make it far too easy for a stalker or potential attacker to consolidate information about who you are and where you go. This is information that people are storing about themselves, thinking that it is being stored securely.
People are still the biggest threat to their own security and privacy. Employee actions are still the most likely vector by which an attacker will gain access to the network of their employer. Please don’t fall for the silly notion that you must give up your privacy in order to get access to free goods and services. Your privacy is worth more than that, as you will quickly find out if you lose it.
Here’s an overview of the key steps that you should implement to improve your security profile before it bites you by way of financial loss or identity theft.
- Manage your accounts and passwords carefully
- Don’t use the same account/password combination for every single resource.
- Use strong passwords.
- Avoid sites and services that don’t support strong passwords.
- Use a password manager such as LastPass or something off-line to keep track of your passwords
- If a site support two-factor authentication, use it!
- Never give your password in response to an email request.
- Don’t share passwords with others!
- Don’t click on strange links
- Not even from friends!
- If a link seems strange or out of place, reach out to the person and verify that they sent it.
- If you see an email from your bank, visit it directly.
- Be careful what information you put out on the web
- You have control of what you put out there – right up until you put it out there.
- Look at the permissions requested by the apps you put on your smartphone. Reject apps that are asking for things that seem excessive.
- If you give up your name, full birthdate, address and employer to every website that asks, you make it so much easier for identity thieves to get the last few elements they need.
- Parents! Know what your children are doing online.
- Constantly review your privacy on social networks
- Your goal (privacy) is in direct opposition to their goal (access to your info for financial benefit)
- Privacy policies and privacy mechanisms change rapidly. Make sure they still provide the protection you care about.
- Check your privacy by looking at your profiles from different machines where you are not logged on, or logged on as a different user.
- Perform regular internet searches on your name to see what turns up Parents! Know what your children are doing online.
- Manage your banking carefully
- When you do online banking, have that as your only open browser window.
- Call your bank if you see anything wrong with your statement or receive a strange email.
- Select a bank that is diligent about tracking fraudulent activity in real time.
- Use Credit Cards rather than Debit Cards for online purchases, as there is more legal protection for you, and less direct access to your bank account.
I will look to elaborate on these over the next week or so, but these should be a good start. Don’t rely on others to make you secure – you hold the keys.
Technorati Tags: Social Media,Privacy,Security,Information Security,Personal,services,manager,LastPass,authentication,passwords
If you haven’t already heard of Carrier IQ, you need to do some serious web searching, as they are swiftly becoming the new name in technology misuse on a massive scale.
Over 6 years ago, Sony installed a rootkit with their music software in the name of Digital Rights Management. On some level, they have never recovered from the consumer backlash that followed, and many were supremely gratified to see them suffer one of the most extensive network break-ins on record earlier this year.
Well, the folks at Carrier IQ (CIQ) have greatly expanded on Sony’s misuse of technology, and the implications are only now being assessed. It will be interesting to see how extensive the backlash becomes over the next few weeks and months, and if it has a chilling effect on the sale of smartphone – particularly Android-based phones.
The Story
The issue is essentially this: Carrier IQ has created a special tracking application that is hidden on various phones – intentionally hidden. Ostensibly, it can be used for diagnostics capabilities and to help carriers monitor network activity and issues. However, when you read exactly what the software is configured to do, you will see that it goes WAY beyond any of these potentially noble or innocent goals, and heads right on into the land of breach of privacy.
Too bad for them, it’s easier to get exposed in the 21st century when you’re caught doing bad or dumb things…
Take a look at the following except from a recent CNET article.
In the nearly 20-minute video clip, Eckhart shows how software developed by mobile-device tracker Carrier IQ logs each keystroke and then sends them off to locations unknown. In addition, when Eckhart tried placing a call, Carrier IQ's software recorded each number before the call was even made.
That’s right. The software, which you cannot remove or uninstall without loading a custom ROM onto your phone – not a task for your average consumer – tracks all keystrokes, your location, and the contents of your messages and sends them to remote locations. These remote locations are most likely Carrier IQ itself, since it bills itself as a service for providing diagnostics info for carriers like Sprint and others.
Check out the following links that detail the issue, including videos from the researcher that exposed the whole raw deal.
Ask Yourself the Following:
-- It’s not so hard to see why they made such a vigorous effort to stop Timothy Eckhart from publishing his security research, now is it?
-- Why is Carrier IQ capturing this level of data when it is not nearly necessary for diagnosing user problems on mobile networks?
-- How long have they been storing this data, and who have they shared it with?
-- How can we trust them (or the carriers) not to misuse this information for their own benefit (and our detriment)?
-- Even if we believe that CIQ is as clean as the driven snow, given the poor security practices of so many organizations as exposed earlier this year, how can we be confident that some organization or organizations is not now attempting to break into their network in order to access this massive treasure trove of personal information?
For all we know, they’ve already been broken into, and 2012 will be the year of identity theft of a scale scarcely imaginable right now.
The Bottom Line
Be very, very careful… Your phone knows where you’ve been, who you’ve been talking to, and whether you’ve been naughty or nice. We are steadily throwing away our privacy and security through misuse of social networking and communications channels, and now throw apathy in technology usage.
As we become increasingly reliant on technology, we open up ourselves to these kinds of problems from capitalistic organizations. Many are worried that their governments might do these types of things to track them, but in the Western Hemisphere, the government need not do anything but wait around and serve subpoenas to companies that have gone out and done all the heavy lifting for them.
Our desire for convenience and ease makes it very easy for us to be taken advantage of by any enterprising company. And, worse yet, it’s not even a company that you have a direct relationship with – it is an organization that is working on behalf of your carrier and/or phone maker.
Don’t think that this is the only company doing something like this. You’d better believe that there are others who have yet to get caught. And they’re not going to stop until something significant is done to them legally or economically.
I enjoy technology like the next person. Actually, I probably enjoy it to a much greater degree than a large percentage of the populace, but I have found over the years that as time passes, we are experiencing far fewer of the much publicized benefits of technology, while suffering far more of its not-so-frequently-mentioned drawbacks and liabilities.
This is far more serious than most people realize. I'll bet we've only skimmed the surface of this issue, and that the ongoing fallout could have serious ramifications for the carriers, handset makers and even Google. I wonder if this will result in far more people rooting their phones, or a slow but steady abandonment of the Android platform for something like Windows Phone 7, which does not have this particular issue.
In the meantime, I have some devices at home to check…
It is not every day that one gets an opportunity to put together a wish list of technology solutions that could be used to drive a modern, highly productive workplace.
So, let’s begin our If Money Were No Object quest…
Every office has desktops and notebooks, and they’ll continue to be useful for quite some time. To make them even more useful, we’d equip all of our systems with solid state drives (SSDs) and hybrid drives using SSD technology, such as those from OCZ Technologies. The reduction in boot times and application load times will more than pay for the technology over the life of these drives.
Now, let’s move on to other computing devices, such as smart phones and tablets. Imagine the impact our sales and marketing team could have on clients with a few of these ASUS Eee Pad Transformer tablets. They could get all the benefits of a highly portable tablet, combined with keyboard that doubles as a docking station. These are good for employees who do more content consumption than content creation. The android platform is currently my favorite mobile platform as it provides a variety of applications for corporate connectivity, including virtual private networks (VPN), remote desktop (RDP) clients for our Windows systems, and corporate email integration.
It’s now time for us to pay attention to security and device management. Solutions from SmithMicro Software, MaaS360, and NetQin will allow us to seamlessly and securely manage our fleet of smartphones and tablets. I’ll give the nod to MaaS360, as it provides the broadest support for mobile platforms such as iOS, Android, BlackBerry and Windows Phone. It even includes support of the Windows and OS X laptop platforms, resulting in comprehensive protection for all things mobile.
Next, let’s look at implementing an antivirus/antimalware solution on our mobile devices so we can keep our corporate data safe. Vendors like F-Secure and BullGuard offer virus and spyware protection for the major mobile platforms, in the event that we don’t like the solutions from MaaS360 or NetQin.
As you may have noticed, we’ve managed to push a lot of our server-side functionality into the cloud, so there’s not as much need for backing up local servers at our office. On the mobile front, however, we will have lots of important data that needs to be backed up securely. So we’d turn to i365, Asigra or Druva for our mobile backup solution, and Whisper Systems for disk encryption.
Security is great, but we’re in business to get things done, and that means a robust office application suite such as Microsoft’s Office 365, Google Apps, or Zoho’s Collaboration Apps. These cloud-based suites will enable our teams to share data wherever they happen to be. To further aid in employee collaboration, we’d equip our organization with online file synchronization tools from Box.Net and DropBox for Teams. I really do love DropBox, but Box.Net has clear advantages when it comes to integration with other business tools, such as NetSuite for our Financials, Customer Relationship Management (CRM) and Enterprise Resource Planning (ERP).
Although primarily used in the education market, interactive white-boards are a valuable technology for training session and technical architecture sessions. Great for presentations to customers and for all sorts of corporate planning, these go a long way towards reducing paper consumption in the office.
We would also want to keep our employees highly connected using a Unified Communications (UC) solution from Mitel, Microsoft or Avaya. Whether they are in or out of the office, our employees will be easily reachable by voice, email and instant messenger, and be able to easily setup conference calls with other staff members or clients or business partners. Speaking of communication, we need to ensure that we keep track of our critical email messages, and this means policy based email security (as opposed to trying to get our employees to remember which emails get encrypted and which don’t need it). ZixCorp and ProofPoint make this very easy to do. This will ensure that our vital corporate data is transmitted securely to business partners and clients without a whole lot of effort from our staff.
So far, we’ve kept most of our office infrastructure in the cloud, but we’ll still have a few servers left, if only to manage our local network access. These server instances will be virtualized using Microsoft’s Hyper-V, Citrix Xen Server or VMWare vSphere, giving us. This gives us great disaster recovery capabilities, and lots of flexibility with server configuration for regularly changing business needs.
Rounding out our wish list, will be enterprise management and security tools from N-able to enable remote control of any workstation or laptop in order to assist employees for technical support; data loss prevention from VerdaSys so that confidential data doesn’t “accidentally” leave the network; network access control solutions from Bradford Networks to ensure that our organization’s security policies are enforced at the network and systems level; and finally, server and network monitoring from Zyrion for both our in-house systems and our cloud-based infrastructure.
We’ve managed to cover mobile technology, cloud computing, communications and security while moving our business forward. Now, wasn’t that fun?
NOTE: This is the expanded edition of a document which was originally published here, on IT Insider Online.
It might seem that way because of how ubiquitous it is, but technology is not really easy. Lots of time has been spent trying to hide the core complexity so that every day users can better experience and manage high-end technology, but at the end of the day, the complexity remains somewhere.
We’re almost at the end of 2011, and the two things that stand out to me from a technology standpoint are:
- The magnitude of information security issues that were surfaced this year
- The magnitude of infrastructure and service outages that were manifested this year
And don’t think that there’s no relationship between them.
This week alone, we’ve seen some really rough days for the technologists, public relations team, and senior executives and RIM and Apple. Google and Microsoft, among others, have also had some issues with their infrastructure over the past few months.
While it might seem like to good time to make fun of the companies involved, or mock them for poor leadership, or suggest that these examples underscore the unworthiness of hosted computing (and cloud computing in particular), it might be more prudent to take a step back and recognize that technology is hard. Seriously.
And it’s not getting any easier. Even when very smart people in large IT teams with sizable budgets and a decent amount of time for planning are involved. And trust me when I say that there is *never* enough planning time allocated for these sorts of things. Technology failures are not always about greed and cutting of corners.
The full scope of complexity of any moderately sized data center is not properly appreciated. And, while things mostly work as they should ~80% of the time, there are occasional issues about ~19% of the time which are either addressed by redundancy of equipment or the quick work of the technology team. Because the minor issues and so-so problems are handled reasonably well, folks start to feel that they have a solid grasp of everything.
And they do – right up until that a special 1% scenario hits. At that point, there are lots of people working furiously to address problems that defy explanation while the whole world watches and says, “What’s wrong with these morons! This should never have happened!”
Sure, there’s always something that can be done better, but the pressures of budget, time and workload often conspire against the best of intentions, because it really isn’t easy, and not everything can be tested in advance.
It’s always important, as a technology professional, to develop and routinely implement a solid methodology for operation that will allow you to be most effective in good times as well as bad. Mistakes will happen, but with a good process and lots of practice, your execution need not suffer, and you need not succumb to the complexity that is out there (and growing).
Since May of this year, we have started a little “Green Grocer” project (as my neighbor likes to call it). It started out from four (4) seedling plants that we received at Family Camp – two tomato plants and two pepper plants. Since then, we’ve added some oregano, basil, parsley, mint and a set of late plants – cucumbers, squash, okra, and swiss chard.
It has been an absolute blast over the past 3 months, figuring out how to grow all this stuff, and we have gotten lots of assistance and advice from neighbors, friends and others. While there is a lot of work that goes into a garden, there’s a lot of value that comes out. It is definitely a rewarding experience.
My children are definitely enthused about the whole thing and have been very helpful with watering, pruning, and – of course – harvesting. We had a chance to eat some of the tomatoes already this week, and are looking forward to many more. And, the cucumbers are attempting a coup in the garden. Our fault for not realizing just how dominant and overbearing those plants try to be. (It didn’t help that an extra one sprung up beyond the two that we planted deliberately.)
Because of the overall positive experience, we’re making more extensive plans for next year (well, more extensive for everything but the virulent cucumbers). Our summer has definitely been more productive on account of this garden, and we have already enjoyed eating the fruits of our labors, as well as the work necessary to get everything going and growing just right.
Lots of lessons learned, and lots of fun, too.
We started with just potted plants, and moved on to a 3’ x 5’ area. Start with what you can, where you can. Just make sure there is ample sunlight. I promise you, you won’t regret it…