tagged w/ Privacy Rights
-
Small and medium sized businesses (SMBs) are an attractive target for identity thieves. According to the Institute of Consumer Financial Education (ICFE), SMBs usually qualify for larger lines of credit, “enjoy extended payment terms and less transactional scrutiny for large purchases or high value ticket items than individual customers.”Small and medium sized businesses (SMBs) are an attractive target for identity... more
-
-
On July 29th, as I was following up on a story that flashed across my Twitter stream about 30 certified employees of a school district finding themselves victims of ID theft, I found something that should not have been there...On July 29th, as I was following up on a story that flashed across my Twitter stream... more
-
-
RSA, the Security Division of EMC recently released several research reports that examine the far-reaching security implications of promising technologies such as cloud computing, virtualization, social networking and mobile communications, and explore the pivotal business risks and rewards they represent to organizations worldwide.RSA, the Security Division of EMC recently released several research reports that... more
-
-
The US Defense Information Systems Agency announced that it is going to released a Request For Information this month. Anyone responding to DISA’s RFI would do well to study the methodology that Barrett Lyon describes using the open source SQUID proxy and caching server. The technique spelled out by Barrett involves putting a bank of high end servers running SQUID in front of the potential targets.The US Defense Information Systems Agency announced that it is going to released a... more
-
-
By Mike Spinney, CIPP, Privacy Analyst, Ponemon Institute - Here’s a brazen bit of breachery from the Miami Herald: It’s a neat little proposition: for a flat monthly fee, a data broker (of sorts) acquires medical records from a hospital employee and passes them through to a personal injury lawyer for a fee plus a percentage of his lawsuit earnings...By Mike Spinney, CIPP, Privacy Analyst, Ponemon Institute - Here’s a brazen bit... more
-
-
Review the state of play of cyber security for the government and the private sector, including recommendations on how to create a more productive public-private partnership. Cyber security policies are rapidly expanding, indicating the critical threat faced by any organization using Internet-based technologies. In 2008, the Bush Administration launched the most comprehensive cyber security policy review in the federal government’s history. Soon after taking office, President Obama tasked the National Security Council to review our nation’s cyber security policy. In April, the first major bill calling for broad federal regulations and unprecedented power over private sector cyber systems was introduced in the Senate.Review the state of play of cyber security for the government and the private sector,... more
-
-
Thieves prey on our deepest and strongest emotions, and two people madly in love and about to take the plunge are certainly full of emotions and stress. Stress makes us more apt to decide quickly, without thinking the situation through. The sense of relief we feel may encourage us to accept an offer that seems “too good to be true” when we might otherwise hesitate.Thieves prey on our deepest and strongest emotions, and two people madly in love and... more
-
-
“We see many signs that criminals are mimicking the practices embraced by successful, legitimate businesses to reap revenue and grow their enterprises” -Tom Gillis, VP and general manager of Cisco.
According to Cisco Systems’ Midyear Security Report, issued July 14, online criminals are exploiting traditional business strategies as they continue to flourish amid a shaky global economy.“We see many signs that criminals are mimicking the practices embraced by... more
-
-
As it evolves, Emerson believes this next generation telecommunications system, dubbed IronPipe™, will have huge implications for national security as well as tremendous new revenue opportunities for the carriers and supply chains which serve them.As it evolves, Emerson believes this next generation telecommunications system, dubbed... more
-
-
The majority of Twitter users don’t mind sharing their tweets (i.e. their Twitter updates) with the rest of the world. After all, sharing ones thoughts/actions is at the core of social networks like Twitter, Facebook, MySpace. However, what users often don’t realize is that in aggregate, their tweets paint a picture about who they really are.The majority of Twitter users don’t mind sharing their tweets (i.e. their... more
-
-
Why cyber defense? How is this different than “security”? The difference is in motivation, purpose, and risks. Announcing the birth of Cyber Defense Weekly, a newsletter created to give participants in this new category a comprehensive summary of the week’s news, product announcements, and escalations in cyber threats.Why cyber defense? How is this different than “security”? The difference... more
-
-
Report: Naked video of ESPN reporter used to spread virus; Cyber expert shortage may hinder government in protecting Web sites, internal systems; Adobe promises patch for seven-month old Flash flaw; Report: federal documents detail iPods overheating, catching fire; Vietnam security firm in trouble after tracking hackers; Adobe investigating zero-day bug in Flash; Blackberry maker questions Etisalat software upgrade; Open-source firmware vulnerability exposes wireless routers; Clever attack exploits fully-patched Linux kernel; Trust but verify: Security risks abound in the IT supply chain…Report: Naked video of ESPN reporter used to spread virus; Cyber expert shortage may... more
-
-
Simple social engineering tactics can often be used to get to sensitive information simply by supplying a valid SSN. I know many of the business companies I’ve called, when just doing unscientific tests, started out the call with, “May I have your account number please?” To which I say, “Oh, darn; I don’t have that with me! Could I give you my SSN instead?” And usually they say, “Sure; give me the SSN.” Bingo. Social engineering is powerful and used by many crooks.Simple social engineering tactics can often be used to get to sensitive information... more
-
-
Computerworld reports that one in five companies search social networking sites during the hiring process, although many experts believe that number is much higher. You may think that you’re immune to ID theft or misinformation because you don’t have any MySpace, Twitter or Facebook accounts- but read on and you will find that is far from the truth.Computerworld reports that one in five companies search social networking sites during... more
-
-
The idea of having confidential records shopped to competitors and then offered up for sale to the highest bidder would be enough to keep any CIO up at night. Yet, as scary as this scenario is, cyber extortion remains rare. The bigger threat - one that should legitimately keep IT professionals up at night - is on the inside.The idea of having confidential records shopped to competitors and then offered up for... more
-
-
Nielsen Online reported that by the end of 2008 social networking had overtaken email in terms of worldwide reach. Sites such as Facebook, Twitter, Myspace and Linkedin provide users with a way to build and interact with a community in real time on a familiar platform at a very low cost.Nielsen Online reported that by the end of 2008 social networking had overtaken email... more
-
-
In the age where a huge percentage of all attacks are done through e-mail, very few of us know how to analyze where this e-mail was sent from. This analysis must go beyond the sender e-mail displayed in your e-mail client (which are easily spoofed). Here is a simple tutorial on analyzing Internet headers.In the age where a huge percentage of all attacks are done through e-mail, very few of... more
-
-
Bruce Schneier points out the attacks against US Federal sites that succeeded in shutting them down or the malware spread by USB thumb drive that infected the US Military Central Command, demonstrate a lack of common sense anti-virus and patch management. But that is a very big deal Bruce…Bruce Schneier points out the attacks against US Federal sites that succeeded in... more
-
-
War has not changed. The weapons of disruption, corruption, and destruction reflect only the evolution of human creativity and innovation. We must understand the conflicts that drive their use, be they individual, corporate, or international. Without this insight, we are doomed to cyber attrition.War has not changed. The weapons of disruption, corruption, and destruction reflect... more
-
-
Lexis-Nexis Breach Linked to Crime Family: One of the “old school” tactics that the organized crime figures use is going to the local watering holes and seducing young girls and finding out where they work. The mob’s tactic of dating new employees who work at companies that have access to customer data leads to Litan’s warning, “He’s not after your heart; he’s after your data.”Lexis-Nexis Breach Linked to Crime Family: One of the “old school” tactics... more
-
