CSOOnline has a story highlighting 8 landmarks in information security history.
1971: Captain Crunch Whistle
1988: Morris Worm
1994: Citibank Heist
1995: The Celebrity of Kevin Mitnick
2004: Witty Worm
2005: Titan Rain
2005: ChoicePoint Debacle
2007: Storm Worm
Have others to add? Think they got this set wrong? Comment below!
I’m still torn as to whether or not this is a good idea. PixelCryptor uses an image file as the encryption/decryption key. The theory is that images can contain more information than a simple password, so your entropy is higher. However, now the image used for the key needs to be kept securely.
It seems to me that this would be best like one of those fake rocks sitting by your front door containing the key to your house, or the magnetic key holder you stick to the frame of your car. It does not provide real security against a determined thief, but it does provide security from the casual snooper who wouldn’t know where to look for the “key”.
Obviously, for business-grade operations, I’d say you should avoid this. For keeping something secure while sent over email between friends, I can see saying “encrypted with the picture in my flickr account of Jen in her favorite hat”.
Despite the fact that corporate interest is growing in Macs, they haven’t been able to penetrate the market.
There’s just one problem. “Apple will tell you that they are focused on [the commercial business market], but at the end of the day, it’s not a big priority for them,” says David Daoud, an analyst at IDC.
A big reason Macs are getting this kind of attention is due to people’s perception that they are more secure. Even the US military has begun using them.
He points out that Apple’s X Serve servers, which are gradually becoming more commonplace in Army data centers, are proving their mettle. “Those are some of the most attacked computers there are. But the attacks used against them are designed for Windows-based machines, so they shrug them off,” he says.
The question is two-fold; is this lack of corporate interest better for businesses in the short-term and is this a security alternative based on obscurity?
My quick answers are that Apple will make it a priority when the money justifies it and that Macs have more inherent security but won’t have such a spotless image once a few clever teenagers turn their attention to them.
Disputes, thoughts, ideas? Let us know in the comments!
Perhaps you’ve seen this logo at sites like http://geeks.com:
Well Information Week posted this story: Many ‘Hacker Safe’ Web Sites Found Vulnerable
The merits of the ScanAlert service came into question just over a week ago following the publication of a letter from the parent company of Geeks.com, a site also certified “Hacker Safe.” The letter warned the site’s customers of a data breach last December and said it was possible “that an unauthorized person may be in possession of your name, address, telephone number, e-mail address, credit card number, expiration date, and card verification number.” ... ScanAlert spokesman Nigel Ravenhill subsequently asserted in an e-mail that “no one knows exactly what happened, or whether this breach occurred on the [Geeks.com] Web site or somewhere else.” And he said, “There is no evidence that this Web site was hacked while it was certified ‘Hacker Safe’.”
Gee, thanks for the help. I’m guessing the folks over at Computer Geeks are wondering what they are paying for…
Convoluted security checks and procedures imposed upon medical staff at the Delano Regional Medical Center (DRMC) were so bad that physicians had to turn patients away. After a single sign on solution was developed and implemented, physicians were no longer telling patients to look for another health care provider.
Treating patients at DRMC required doctors to weave through a handful of medical information, patient information, and imaging applications. Not only did they have to remember a handful of different passwords, but the security checks were also constantly changing — usually every three to six months. Security checks are required by health care providers such as DRMC because federal regulations require that access to patient data be restricted to health care professionals.
Security should be an aide to business, not a deterrent. If it is, then you’re just stealing money out of your own pocket.
While the title Polish teen derails tram after hacking train network is a little deceiving, note that the 14-year-old modified a TV remote to control track junctions along the tram line in the Polish city of Lodz. Pretty impressive work. Now for the scary part:
Transport command and control systems are commonly designed by engineers with little exposure or knowledge about security using commodity electronics and a little native wit. The apparent ease with which Lodz’s tram network was hacked, even by these low standards, is still a bit of an eye opener.
I’ll say.
The Aussies are voting on what they perceive as the best new word or term of 2007. The term password fatigue is up for a nomination in the contest sponsored by the Macquarie Dictionary.
[Password fatigue is] frustration caused by having too many passwords and failing to remember them.
Much like the term hacker these words come, go, and evolve. Password fatigue is a very real phenomenon, especially in the corporate world. Despite our (security folks’) best efforts to implement smart cards, PKI, biometrics, etc. password fatigue is not going away anytime soon.
You can vote for your favorite words here. Personally I like salad doger, Chindia, and kippers.
It has been reported that Geeks.com is sending out an emails stating how confidential customer information, including credit card numbers have been obtained by an outside individual.
The purpose of this letter is to notify you that Genica dba Geeks.com (“Genica”) recently discovered on December 5, 2007 that customer information, including Visa credit card information, may have been compromised. In particular, it is possible that an unauthorized person may be in possession of your name, address, telephone number, email address, credit card number, expiration date, and card verification number. We are still investigating the details of this incident, but it appears that an unauthorized individual may have accessed this information by hacking our eCommerce website.
So, if you have ordered from them recently, or as far back as the past twelve months, take note of this.
First, a few days ago, it was revealed that Sears was inviting people to install software which CA called a Significant Threat to Privacy.
The proxy:
- Monitors and transmits a copy of all Internet traffic going from and coming to the compromised system.
- Monitors secure sessions (websites beginning with ‘https’), which may include shopping or banking sites.
- Records and transmits “the pace and style with which you enter information online…”
- Parses the header section of personal emails
- May combine any data intercepted with additional information like “select credit bureau information” and other sources like “consumer preference reporting companies or credit reporting agencies”.
In addition, My SHC Community requires a variety of personal information during registration – like name, email, address, city, state, and age. All of this information can be correlated with intercepted data to create a comprehensive profile.
Now comes word of a lawsuit filed alleging that customer warranty information can be accessed by anyone.
According to a filing in Cook County court in Illinois, the Sears Website, called Manage My Home, allowed users to enter others’ addresses into a database and collect information about their purchasing habits, as well as all of the Sears-warrantied products in the home.
Wow, evil and completely incompetent. Stealing customer’s private information on one hand, and taking no measures to protect customer information on another hand… That is an impressive one-two punch.
“Top Gear” host Jeremy Clarkson has lost money after publishing his bank details in his newspaper column.
Clarkson published details of his Barclays account in the Sun newspaper, including his account number and sort code. He even told people how to find out his address.
“All you’ll be able to do with them is put money into my account. Not take it out. Honestly, I’ve never known such a palaver about nothing,” he told readers.
But he was proved wrong, as the 47-year-old wrote in his Sunday Times column.
“I opened my bank statement this morning to find out that someone has set up a direct debit which automatically takes £500 from my account,” he said.
“The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again.
“I was wrong and I have been punished for my mistake.”
When it comes to privacy and security risks, let the experts guide you. Imagine if people read this guy’s article and had decided to be similarly careless with their banking and other private information. Mr. Clarkson has been taught a lesson via at least one £500 donation to the charity Diabetes UK. Your normal individual would probably not be so lucky.