Featured Posts

<< >>

Net Neutrality – We Win

Let the lawsuits begin! In addition to the lawyers, lining up to squash Net Neutrality, Michigan’s own Fred Upton—who holds personal investments in AT&T, Comcast, and Verizon—has introduced anti-Net Neutrality legislation that eliminates the FCC’s authority to regulate internet service providers and could crush the agency’s ruling and allow AT&T (T), Comcast (CMCSA) and Verizon (VZ)

Quicken Fiber Coming to the D

Crain’s Detroit Business is reporting that real estate mogul, Lebron James’ boss, founder and chairman of Quicken Loans Inc., Dan Gilbert announced the formation of a new a Detroit-based high-speed Internet provider to bring service to downtown Detroit –  Rocket Fiber LLC. Mr. Gilbert (@cavsdan) tweeted: Yes,it’s true @RocketFiber coming to downtown Detroit in near future. Fast

Anthem Breach Allows Phish of US Cyber Forces

Many online believe that the Anthem (ANTM) hack was a strategic cyber-war strike by China. Stu Sjouwerman at CyberheistNews writes that PII thefts would normally be a Russian operation. however, the Anthem attack appears to be a Chinese attack. CNN reports that Chinese hackers tend to target trade, economic, and national security secrets that could help the Chinese

Scary Numbers

As you may have heard by now, the second largest health insurer Anthem gave away at least 80 million of their customers records to hackers. I say at least because they these always grow as the experts dig through the wreckage. The WSJ reports the Indianapolis based insured did not encrypt this data (I covered encryption

25% of Employees Access Past Employers Doc’s

More than 25% of file-sharing service users report still having access to documents from their previous employer, according to a “Rogue Cloud in Business” survey of 2,000 U.S. adults by Harris Interactive for Egnyte, an enterprise file-sharing platform provider. According to FierceITSecurity, the survey highlights the security risks uncontrolled file-sharing practices pose to the enterprise from these practices

Net Neutrality – We Win

Let the lawsuits begin!

Net Neutrality - We Win

In addition to the lawyers, lining up to squash Net Neutrality, Michigan’s own Fred Upton—who holds personal investments in AT&T, Comcast, and Verizon—has introduced anti-Net Neutrality legislation that eliminates the FCC’s authority to regulate internet service providers and could crush the agency’s ruling and allow AT&T (T), Comcast (CMCSA) and Verizon (VZ) to rule the Internet at our cost to grow their profits.

rb-

I have already seen an ad on BrightHouse cable from Broadband For America, (whose membership page is empty) claiming that the FCC ruling will force them to raise taxes. Here come more imaginary “Regulatory re-captureprofits fees.

For right now, this is a rare win for the 99% in post 9-11 ‘murica. Just follow the money.

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

 

Quicken Fiber Coming to the D

Quicken Fiber Coming to the DCrain’s Detroit Business is reporting that real estate mogul, Lebron James’ boss, founder and chairman of Quicken Loans Inc., Dan Gilbert announced the formation of a new a Detroit-based high-speed Internet provider to bring service to downtown Detroit –  Rocket Fiber LLC. Mr. Gilbert (@cavsdan) tweeted:

Rocket FiberYes,it’s true @RocketFiber coming to downtown Detroit in near future. Fast as Google or faster. Details in a few weeks pic.twitter.com/fTPRSbauoN

Mr. Gilbert formed Rocket Fiber LLC in 2014. He called the company a “community investment initiative.” Matt Cullen, president and CEO of Rock Ventures, called the new network “the generational leap forward” – leapfrogging where the city is at this point. It’s starting in the downtown and hopefully spreading out to the neighborhoods. There is some interest along the riverfront.Fiber Optic Cable

The first wave of installations will happen in the downtown area between the Lodge on the west, I-375 to the east and I-75 to the north. Rocket Fiber will expand services to residents and businesses in Midtown Detroit along the Woodward corridor.

Crain’s reports that construction is already happening on the “advanced fiber-optic network.” The system will use on hard-wired fiber-optic lines that will be connected to buildings. Users will connect devices in their homes or businesses by either an Ethernet cable or Wi-Fi. An outdoor Wi-Fi offering also will be available, Rock Ventures said.

Rocket FiberThe effort is not entirely altruistic. Undoubtedly part of the project will be to connect the Quicken campus downtown to the new Corktown technical center Bedrock is building at Rosa Parks and Porter which includes a 10, 000-square-foot server room.

rb-

Mr. Gilbert is doing something ATT or Comcast could or would not do. – I worked on a job in the City to bring in 12 AT&T (T) POTS and Comcast (CMCSA) Business circuits.

Quicken Loans Data Center - Curbed– OMG – It took ATT a week to get the last three POTS lines in and Comcast projected 6 months to install a city block away from Ford Field and 100 yards from a known working drop. (and now they are going to stop service in Detroit). Thankfully 123.net was able to get the customer up on working on time and budget.  

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Anthem Breach Allows Phish of US Cyber Forces

Anthem Breach Allows Phish of US Cyber ForcesMany online believe that the Anthem (ANTM) hack was a strategic cyber-war strike by China. Stu Sjouwerman at CyberheistNews writes that PII thefts would normally be a Russian operation. however, the Anthem attack appears to be a Chinese attack. CNN reports that Chinese hackers tend to target trade, economic, and national security secrets that could help the Chinese economy. Mr. Sjouwerman says he received an insider tip that most of the three-letter U.S. Government agencies have their employees insured through Anthem’s Blue Cross Blue Shield. Anthem also provided health-insurance defense contractors Northrop Grumman and Boeing.

Anthem Blue CrossKnowbe4’s Sjouwerman speculates that the Chinese now own the identities of all the people fighting them. The stolen data can now be used in a multitude of social engineering scenarios. Dmitri Alperovitch, co-founder of security firm CrowdStrike told CNN that the attack fit the profile of a hacking group believed to be Chinese government spies called “Deep Panda.”

The objective of the “Deep Panda” according to the CrowdStrike CTO is to amass a large collection of Americans’ personal information to find citizens willing to spy for the Chinese and find potential U.S. spies operating in China. Mr. Alperovitch told CNN that’s why Chinese hackers broke into U.S. federal employee network last year. They also broke at least three hospital chains and two insurance providers the public hasn’t yet heard about.

PhishingKnowbe4 speculates that many people in the Government have steam coming out of their ears about the Anthem hack. Cyberwar has suddenly become very personal to them. This may be why President Obama recently signed an executive order that will nudge private companies to share data about cybersecurity threats between each other and with the federal government.

Apart from the cost of the Anthem data breach are likely to smash $100 million barrier, it’s surprising that Anthem did not encrypt SSN’s which allowed wholesale identity theft of thousands of American cyber-warriors.

Chinese hackingCEO Sjouwerman explains that hackers are going after healthcare records because they are much more valuable. He points out that healthcare records stay active for several months after a hack, as opposed the credit card numbers which quickly get nixed after a few days. Since Anthem is a healthcare company, you would expect them to take HIPAA compliance to the max and even top the required controls with higher standards. As we all know, compliance does not equal security, but it establishes a baseline at the very least.

rb-

This is enough blame to go around.

Time to go back to a cash society and barter.

Say Doc. Johnson, I’ll trade you two chickens for a measles vaccination.

 

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

Scary Numbers

Scary NumbersAs you may have heard by now, the second largest health insurer Anthem gave away at least 80 million of their customers records to hackers. I say at least because they these always grow as the experts dig through the wreckage. The WSJ reports the Indianapolis based insured did not encrypt this data (I covered encryption here and here). That means customers social security numbers, phone numbers and other PII were easy targets for Chinese hackers according to CNBC.

Security breachAnthem is just the latest. There are even larger targets out there. The Business Insider published some pretty scary numbers. BI reports that somehow the biggest tech companies have done a great job at convincing people that their services for sending/receiving payments and purchasing goods are trustworthy and worthwhile. The article  estimates that Apple has somewhere around a billion iTunes accounts (with plenty of PII and credit cards) on file.

This chart from BI IntelligenceApple (AAPL) is nearing a billion iTunes accounts on file, and that number is likely to surge immensely. Customers in China can now link their UnionPay payment cards to their Apple IDs: For context, UnionPay is the largest card network in the world with more cards in circulation than Visa and MasterCard combined.

Amazon (AMZN) has approx. 300 million payment cards on file while PayPal has around 200 million payment cards on record.

Apple, Amazon, PayPal Payment Cards on File - Business Insider

Data breachA second BI article indicates that based on leaked Uber data charted analyzed by BI Intelligence, the ride-sharing firm has well over 12 million payment cards on file. Their closest competitor Hailo has 4.4 million payment cards on file.

Ride-Sharing Payment Cards on File - Business Insider

rb-

You have been warned. The next mega data breach could come from a tech firm like Apple or Amazon.

The WSJ article argues that companies can use many techniques to secure your data, but  those things slow companies down, sometimes to a degree they find unacceptable.

I think most victims of identity theft or credit fraud find that unacceptable.

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

25% of Employees Access Past Employers Doc’s

25% of Employees Access Past Employers Doc'sMore than 25% of file-sharing service users report still having access to documents from their previous employer, according to a “Rogue Cloud in Business” survey of 2,000 U.S. adults by Harris Interactive for Egnyte, an enterprise file-sharing platform provider.

uncontrolled file-sharingAccording to FierceITSecurity, the survey highlights the security risks uncontrolled file-sharing practices pose to the enterprise from these practices are obvious. An Egnyte presser claims The survey results illustrate a major exposure for today’s businesses when it comes to the transfer and storage of data through unapproved and insecure cloud-only file-sharing services.

The new survey uncovers deep issues around the rogue usage of consumer-based cloud services and illustrates the need for IT to deploy a secure enterprise-grade solution that meets the file-sharing needs of employees while protecting sensitive business data from the risks associated with insecure file sharing through the cloud

transferred sensitive files on an unapproved file-sharing serviceAccording to the survey of employed people:

  • 51% agree that collaborating on file-sharing services (such as Dropbox and YouSendIt) is secure for business documents;
  • 46% agree that it would be easy to take sensitive business documents to another employer;
  • 41% agree that they could easily transfer business-sensitive data outside the company using a file-sharing service;
  • 38% have used file-sharing services have transferred sensitive files on an unapproved file-sharing service to someone else at least once; 10% have done it 6 or more times;
  • 31% agree that they would share large documents that are too big for email through a file-sharing service without checking with their IT departments;
  • 27% file-share service users report still having access to documents from that previous employer.

Employee data theftAnother report from Workshare paints a grimmer picture for those of us tasked with protecting a firms intellectual property. The report titled “Workforce Mobilization” shows the true extent to which mobile users are willing to bypass IT policies and use unsanctioned applications to share large files and collaborate on documents outside of the office.

  • 72% of workers are using free file-sharing services without authorization from their IT departments.
  • 62% of knowledge workers use their personal devices for work.
  • 69% of these workers also use free file sharing services to collaborate and access shared documents.
  • At companies with fewer than 500 employees only 24% of employees using authorized file sharing solutions.

Data theftRobert Hamilton, director of information risk management at Symantec (SYMC) in Mountain View, CA also told FierceCIO a continued threat to the company’s data comes from employees who feel like they live in a “finder’s keepers” environment.

The results of the survey report, entitled “What’s Yours Is Mine,” were not encouraging to IT security professionals and IT management.  According to the Symantec survey of employees:

  • 68% their company doesn’t take proper steps to protect sensitive information;
  • 56% do not believe it is a crime to use a competitor’s trade secrets;
  • 40% download work files to personal devices;
  • 40% plan to use old company information in a new job role.

Symantec’s Hamilton told FierceCIO:

Employees are taking increasing amounts of data outside the company, and most people do not believe using corporate data for themselves is wrong … The attitude is that ownership lies with the person that created it, not with the company that employs them.

rb-

Intellectual property from leaking All three of these firms sell products they claim that can stop a firms intellectual property from leaking out through public file sharing services. But before you engage any firm, some basic steps should be taken.

  1. Develop a technology acceptable use policy.
  2. Include a public file sharing services to the AUP.
  3. Incorporate the AUP in the staff handbook, and make sure staff sign it before they are given network access.
  4. Train staff on the risks associated with using public file sharing services for sharing corporate document. Risks include, HIPAA violations, PII release, Malware, PCI-DSS violations and Government “Snooping.” Only then -
  5. Engage a service provider to implement an enterprise-approved alternative to the free file-sharing services.

What's Your is Mine

Ralph Bach has been in IT for fifteen years and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.