Archive
Study: Employees engage in risky computing – SC Magazine US
Twice I was treated like a jerk when I wouldn’t let an employee enter in to our building without a badge. I told him to go to security and get temporary badge. Both times they tried to convince me they work there. They probably do, but I do not know them. My explanation to them was if anything happens, I am liable since I let them in; these guys have done it before. Some people let them in either because they know them or because they don’t care. Or most likely they don’t know the security threats out there by letting someone they don’t know in to the building. However security starts there not just when you log into a computer. Organizations need to make sure they educate their employees on security at all time – periodically.
I think corporations are making themselves at risk because they don’t spend time teaching their employees the impact of their action. It is the toughest thing to do in my company to be able to have an admin right to your computer. We don’t have a local IT group, everything is done remotely from head quarters. In order for one to have a right, there is too many red tapes one has to go through. So the chances of installing anything on your computer is limited.
In an organization the value of information is measured by its share-ability and scarceness. Employees have to understand that the information should be sharable within the organization so that the company can reach its goals with open communication through out; however, they also have to learn that information have to be scarce outside of the company otherwise it is worthless (Except of course the information company wants to release for marketing and other purposes)
Protecting the organization’s information does not only mean not letting people know what you know, but it also means that you have to make sure you don’t create a way for others to access this information.
Organizations are responsible for
– making sure the security policies and procedures are always adhered by enforcing the rules at all time
– Teaching employees regularly what the cost of their actions are. Many employees (especially those at the bottom end) don’t know the company’s security policy and procedures, and they do not think they are doing any harm by visiting some sites that pose security threat.
– Automating their security measures by installing software that monitors in coming and outgoing activities, installing firewalls that block certain web sites from being accessed by employees
– Making sure mobile employees are taking the right measures against security threats. One can easily look at what happened to TJMAX and others to understand what kind of threats are out there with wireless technology.
The main thing is TEACH YOUR EMPLOYEES AT ALL TIME AND AN ANY COST, and do it PERIODICALLY not just once.
New York Offers Drivers License with RFID Tag | Gadget Lab from Wired.com
Slowly but surely RFID is creeping up in our daily life…
On March 2007 issue of IEEE’s Spectrum magazine, Kenneth R. Foster and Jan Jaeger explain the advantages of RFID as follows…“an implantable RFID chip, which is durable and about the size of a grain of rice, can hold or link to information about the identity, physiological characteristics, health, nationality, and security clearances of the person it’s embedded in. The proximity of your hand could start your car or unlock your front door or let an emergency room physician know you are a diabetic even if you are unconscious. Once implanted, the chip and the information it contains are always with you—you’d never lose your keys again”
There are several disadvantages to RFID of course, but mainly security/privacy is the biggest issue. When RFID started to appear in the market, we read how great it is going to be to retail business. Inventories were going to be easier, shop lifting was going to be harder, and the list continued. We imagined in a year we were going to wait at the cash registers only for few seconds because our shopping carts were going to be scanned before we know it, yet no explanation was given about its security. How hard is it to hack into one of this chips that might be implanted in me? Can someone just walk by and scan your information? RFID’s can be read with RFID within certain range of chip. This makes them very risky.
Despite the privacy and security risks RFID brings, it was clear that manufacturers and government agencies are considering RFID for several applications. Its advantages are tremendous. There are several applications from shopping to airport security where RFID can play a big roll. Perhaps recognizing this, in May 2007
New York City’s move to offer RFID tag on driver license is just one of the proves that RFID are going to be part of our daily life.
New York Offers Drivers License with RFID Tag | Gadget Lab from Wired.com
McAfee: Brad Pitt fan sites may be bad for your computer
The consequences of celebrity craze …
“According to McAfee, when searching for “Brad Pitt,” “Brad Pitt downloads,” or Brad Pitt wallpaper, screen savers, and pictures, Internet users experience an 18 percent chance of stumbling upon sites containing malicious code. This includes drive-by malware that can infect your PC without asking you to download anything. Such social engineering, once reserved for e-mail, is now being used to populate search results with fake sites for these personalities”
Hadroon collidor hacked
As is, we don’t know exactly what the consequences of such large and expensive experiment is. It seems like it was not secured enough for hackers to hack into the system…
If the controller is hacked just after few days of its launch, how much trust can we put on the result of the study? how will we know data was never compromised? …
Researchers uncover new tool for building fake YouTube pages – SC Magazine US
To distribute malware using popular pages like youtube is yet another clever method implemented by this Internet crooks…
Researchers uncover new tool for building fake YouTube pages – SC Magazine US
Google launching its own navy? | The Register
Now this is ‘holistic view’ of contingency plan…
CIA, FBI push ‘Facebook for spies’ – CNN.com
This is great. ‘Social Networking sites’ for spies. I wonder what the security implication is. It sounds good to be able to share information with other intelligence agencies; however, what security risks does this present?
What Happened to electronic voting machines?
It is election year again; yet, the fear of repeating the infamous 2000 presidential race debacle still hovers on most peoples mind. In 2000 congress passed the Help America Vote act, which eliminated certain voting technologies and provided over 3 Billion dollars to have electronic voting machines available. The voting machines, if they work as intended, will make tallying the votes easier, (especially in large populated areas where counting votes can take too long) they avoid discrepancies, and make voting experience fast and easier, and it provides flexibility by providing voting in multiple languages. Although it is believed that e-voting will smooth election, it hasn’t been fully implemented yet- at least not everywhere in states. IT personalities are faced with different challenges on the deployment of electronic voting machines, which are mainly caused by conflicting requirements. Some are privacy, security, budget, and simplicity, error correction/avoidance.
Privacy:
On August 20, 2007 news article, cnet reported the privacy nightmare caused by electronic voting machines. It stated that the e-voting machine designed by Election Systems and Software provided a time stamp paper trail, which can be matched to each individual voter. This induces pressure on the voters from interest groups and candidates. The idea of secret ballot is to make it just that: secret; however this machine seems to have lost its logic. Anonymity prevents not only intimidation, and manipulations of vote outcomes, but it also prevents vote buying. In the era where Internet has put voting on the open market, it is important voters remain anonymous. It is even more important that we protect voters’ identity in the coming election where an African American and a woman are contending to make history.
Security:
It needs to be close to impossible to tamper with voting machines; however, this happens to be difficult to prove. As information technology progresses and become more complex, the sophistication of hackers has also immensely progressed. In California many counties have abandoned the voting machines for fear of security. Besides hackers or viruses, there is also concern of the machines being manipulated by individuals who have access to the system at a given time such as system administrators.
A study led by UC Berkeley computer scientist David Wagner revealed that e-voting is not as secure and reliable as it should be. The fear of having voting machines tampered remains a constant threat to e voting. There have also been many other studies that show the security vulnerability of e-voting systems.
Simplicity:
Not everyone is adept with electronic technology; as such, it is important that voting machines are simple to use and easy to understand. It is important it accommodates the disable as well. It is important to remember that this is different than commercial software, where people have many choices to choose from. Deploying such systems requires lots of time and energy. The user interface has to be designed in such a way that millions of people will vote without issues emanated from misunderstanding of the use of the machine.
Accuracy/error avoidance
It should make it difficult for voters to mistakenly doing something they didn’t intend to do. For example, voting for two candidates at the same time.
Private eye?
Walk away from your cell phone for few minutes, and have all your information compromised. Yes that is what this new gadget CSI (Cell Seizure Investigator) stick does. According to cnet news, you plug it in on the cell phone, and it grabs everything – from address book content to deleted messages.
all you need is this little stick
I have no idea if it can actually load data from password protected phone, or those with software locks; however, for me I have already started enabling my lock code on my cell phone just in case.
I can imagine how this product is going to be popular very soon. Jealous couples, law enforcement agencies etc… are all going to want it. Can you imagine an email on your blackberry regarding the business deal you are about to make landing on competitor’s hands?
BBC NEWS | Europe | Sale of bank data alarms Germany
BBC reports that German congress is scrambling to protect peoples’ privacy. While the effort by the government is is admirable, I wonder how much good it will do to protect privacy.
In fact, regulating banks and firms that buy customer information, in my opinion, will do very little to protect our privacy. In the March 2005 issue of IEEE, Steven cherry’s report explains how a computer science professor Dr. Latanya Sweeney had found a way to collect all the information identity thieves need for free from the Internet. I know this information is old, there might have been some remedies for the problem Dr Sweeney introduced.
Although the government might play a great role by creating laws that regulate firms who buy our information, I think the greater responsibility lies upon each of us to protect our privacy. It is important that we take some precaution when we decide to give our information to any agency, especially when posting resumes online. In web 2.0 world, where interactive web and social networking groups have made the Internet very attractive to lots of people, it is very easy to obtain information about others. Karen Lawrence Öqvist wrote on December issue of ISSA journal, about the threat of privacy caused by social networking groups. The following are simple precautions one should take to protect their identity:
- Educate yourself. Simple search on data privacy on Google, should reveal many information about what is at risk.
- Avoid including sensitive information on your resume (like social security number)
- Many banks and other organizations give you the option to opt out from having your information given to third party partners. Opt out. If they don’t provide you with one, ask them
- If you decide to be part of social networking groups, do enough research to see who is checking your information. Don’t reveal too much. Not everyone who requests to be your friend on frindester, or facebook is your friend. Just like you tell you kids “don’t talk to strangers”
The bottom line is understand that there are consequences for your action. If you care about your privacy, do as much as you can to guard it. Make it your responsibility, and stop waiting for the government to come to your rescue.
Amorphous Thoughts 