Sharing versus Security: Driving without Brakes
Does the enterprise still have a choice about sharing information?
data protection
Guarding against password reset attacks with pen and paper
With the recent announcements of password breaches at LinkedIn, and warnings from Google about state-sponsored attacks on Gmail accounts, it seems like a good idea now to review some password security basics. In this blog post, we’re going to take a look at a rather low-tech solution to a decidedly high-tech problem: How to guard
The security of unlocking an Android based device, the future is near?
In a recent survey of people in America who use their smartphone for work, less than a third said they employ the password protection on their smartphones. Although everyone will agree that not protecting your smartphone isn’t smart, it is all about memorizing. Everyone that has an Android-based device knows they do not have to
SKYPE: (S)ecurely (K)eep (Y)our (P)ersonal (E)‑communications
SKYPE: Securely Keep Your Personal E-communications From time to time people get new computer equipment and need to (re-)install all their favorite programs. Often a painful and time-consuming job, but afterwards it should ease the way of working with the new equipment. Even security gurus have to undergo this procedure at regular intervals. In November
Windows Phone 8: Security Heaven or Hell?
Introduction Mobile World Congress 2012 is almost upon us, and one of the most hotly-anticipated topics is the next generation of Microsoft’s smartphone operating system Windows Phone 8, which has been kept under wraps far more tightly than its PC counterpart, Windows 8. While Microsoft was an early adopter in the creation of smartphones with
Facebook/app data privacy – sharing gone wild
So you browse your favorite restaurant review site and settle on a great Mediterranean restaurant, and “magically” a variety of preferences get fed back to your Facebook profile, to be shared, re-shared and re-shared, ricocheting around the internet to form purportedly value-added experiences elsewhere you visit. That’s great news if you want your preferences bounced
CarrierIQ‑style data gathering law to require mandatory notification/opt‑in?
As legislators grapple with increasingly vocal smartphone owners concerned with privacy, a new Bill before the U.S. House of Representatives aims to require mandatory consumer consent prior to allowing the collection or transfer of data on such devices. You may recall that a company called CarrierIQ recently became the center of attention after a user
Now you can be forced to decrypt your hard drive?
Awhile back we noted a case where Ramona Fricosu, a woman accused of involvement in a mortgage scam, was asked, following a law enforcement raid in which her laptop was seized, to decrypt data on the device for use as evidence, potentially incriminating her. She pleaded the 5th Amendment protection against self-incrimination and refused to
EU – data breaches to be reported within 24 hours
In an escalation of the tendency to require companies to be forthright with their users following a breach, a European Union proposed bill intended to overhaul a 17-year old law is making progress. This week EU will outline the overhaul to the existing rules, hoping to encourage more expedient communication efforts following a breach, in
Welcome to Facebook f‑commerce platform – and Own/Want features
As increasing sectors of the internet migrate to Facebook as a deployment platform (Zygna, etc.), a new effort aims to spread the preference aggregation features to include things users either own or would like to own. By allowing users to add Own and Want buttons to their profile, users can highlight both a Wishlist and
Zappos.com breach – lessons learned
We read that Zappos.com was breached on Sunday, to the tune of 24+ million users’ worth of information. But it seems at first blush they responded well. Of course, a company would hope to never have a breach at all, but when it happened at Zappos.com, here are some of the things they appear to
Android – meet NSA/SELinux lockdown
National Security Agency’s (NSA) SE Linux team, citing critical gaps in the security of Android , is building a Security Enhanced (SE) version of the publicly available source code for the Android project. This is a variant of the SE Linux project co-developed by NSA and RedHat, which gives (among other things) a more granular
Could hackers break into your Wi‑Fi wireless router?
You just got a new wireless router for Christmas, but when you set it up it asks about wireless security. Do you want WEP, WPA, WPA2 or any of the other alphabet soup options they give? While it’s easiest to just pick the default setting, are you setting yourself up for trouble from aspiring hackers?
Stratfor hack – lessons learned
Recently we noted that unencrypted credit card storage was on the rise in 2011, and also highlighted the expense involved to the company in the event of a credit card breach. Now we see personal data – including unencrypted credit card information – being paraded out as a part of the recent Stratfor hack. Also,
What would a credit card breach cost your company?
We’ve noted recently that many companies store credit card information in an unencrypted form, sometimes several years' worth. So what happens if your systems get hacked before you get around to securing that credit card data? Sure, there’s the embarrassment of telling your customers their data has been exposed–a legal requirement in more than 40
2012 predictions: online data brokers come under fire
In 2011 we saw an increase concern about, and scrutiny of, what exactly social networking sites do with the data you input, both internally as well as what gets shared with third parties. But in 2012 some of that scrutiny will shift to those third parties as more people ask: What are they doing with
Unencrypted credit card storage on the rise
More websites stored unencrypted credit card payment information than ever this year, according to a recent report. I thought we had this figured out? Obviously this is a direct violation of Payment Card Industry Data Security Standard (PCI DSS) requirements. But seriously, this stuff is simple for the developers to fix, so why don’t they?
CarrierIQ, keylogging and mobile payment systems
Recently we see allegations that CarrierIQ is quietly collecting more information than Android users bargained for. In one case, Trevor Eckhart thinks he proved that they register users’ keystrokes without the users’ knowledge for reasons subject to ongoing speculation. We certainly had no trouble finding the CarrierIQ software on an HTC phone, where it possessed
AVAR Hong Kong security conference 2011 – in 30 seconds
Well, okay, if you happen to be an extremely fast reader. The Association of Anti Virus Asia Researcher’s (AVAR) 14th AVAR Conference just wrapped up in Hong Kong on Friday. This year, the focus was on security issues in and around the emerging Asian security market, and how to rise to the challenge. As one
October: Facebook Facepalm, Feeling Safe Online, and a Small Tsunami
ESET's Threat Reports for September and October include some quality articles on Facebook, safety online, and backup strategy.