Some people said it was the biggest startup to come out of Stanford since Google. After securing some seed funding from professors, and then raising $25 million in a party round, Clinkle was destined for greatness among startups. Clinkle was designed to become the payment service all of us could use to manage credit cards, banks, and cash from our smartphones. And yet, I’m guessing the majority of this blog’s readers have never heard of them. Why could that be? The rise comes before… Launched in 2011, Clinkle got a lot of hype. Big names like Richard Branson and Peter Thiel, and organizations like Intuit and Intel were among the investors. They were clearly excited about something. But Clinkle has[…]

Recently, an article came to my attention about social networks being gamed in order to hurt the reputations of competitors and enemies. With all the talk these days of search engine optimization, social media experts, and the “internet of things” we are looking to connect our information to as many people, and in as many ways, as possible. Have you considered the ways this might hurt you instead? We are beginning to get a handle, as a society, on the minimum viable security that every organization needs in order to stay in business and not be destroyed by the constant noise of attacks facing us on the Internet. But what happens when instead of facing a distributed denial of service[…]

Today’s reading brought me to another article by Brian Krebs about his continuing research into the breach at Target. The lengthy article points to some newly uncovered clues, and provides some conjecture as to how the breach may have been exercised. A part of it definitely caught my eye, because it is closely related to some of the work we get called on to do on a regular basis. That “Best1_user” account name seems an odd one for the attackers to have picked at random, but there is a better explanation: That username is the same one that gets installed with an IT management software suite called Performance Assurance for Microsoft Servers. This product, according to its maker — Houston, Texas base[…]

I went to a casino recently with some friends, and watched play at the roulette table for a while. It was really interesting, to see the mindsets of the different people playing. Some were consistent with their play, playing corner bets, where you place your bet on a corner between four numbers. Some others were betting small amounts on individual numbers which held importance to them. Others bet the “safer” bets of red/black, even/odd, or high/low. What interested me were the people who were wildly inconsistent with their bets. They’d increase their bets after losing a few times in a row, because they must be “due”. The bettors reasoned with themselves that since their number hasn’t come up yet, it[…]

The Dreaded Call Daniel Seward awoke to his cell phone vibrating on his nightstand. Groggily he rolled over and looked at the phone. It was just after 5am and he didn’t recognize the 800 number, but angrily answered it ready to give the telemarketer a piece of his mind. “Do you realize what time it is?” “Mr. Seward, this is Ross Spears with the fraud prevention unit of Haneysville National Bank. We have detected activity within your account that we suspect may be fraudulent. Did you attempt a wire transfer of $73,500 to an account at 6:15am on Tuesday?” Immediately, Daniel sat up in bed, his heart racing. “No, I did not. Who was the wire made to?” “We cannot[…]

One of the things that caught my eye in PWC’s most recent The Global State of Information Security® Survey 2014 report was the bits and pieces of information shared about the importance of evaluating the security of third parties. As data proliferates and is shared among more partners, suppliers, contractors, and customers, it is increasingly critical that businesses understand the risks associated with sharing data with third parties. What’s more, organizations should ensure that third parties meet or beat their requirements for data security. This is a refrain I have been using for years, even having presented about it at the 2009 Drug Information Association Annual Meeting in San Diego, as well as the 2010 Pharma Outsourcing Congress in Munich. Unfortunately, the[…]