Archive for RB

| October 11, 2011
4 comments

Time to Review Corporate Computer Policies

Time to Review Corporate Computer Policies The National Law Journal is reporting that three recent court decisions make it important for companies to begin a thorough review of their computer policies. The National Law Journal suggests firms focus on two issues: ensuring that employees have no expectation of privacy in using the company computer systems and delineating the scope of the employee’s permissible access to the company computers. The article by Nick Akerman, a partner in the New York office of Dorsey & Whitney who specializes in trade secrets and computer data discusses three recent decisions and their implications for creating effective corporate computer policies that protect the company against the theft of its data.

Mr. Ackerman says two recent decisions, Quon v. Arch Wireless Operating Co. Inc. and Stengart v. Loving Care Agency Inc., affect a company’s ability to gather evidence from its own computers. The article states both cases found company computer policies insufficient to defeat the employee’s expectation of privacy in using the company computers for personal reasons. Whether an employee has an expectation of privacy on the company computers can become a critical issue when an employee is suspected to have stolen corporate data.

review of text messagesIn Quon, (which I wrote about here) the 9th U.S. Circuit Court of Appeals held that a review of text messages on pagers provided to municipal police officers violated the Fourth Amendment as an unreasonable search. The article explains that although the city had no express policy “directed to text messaging by use of the pagers,” it did have a general “Computer Usage, Internet and E-mail Policy” applicable to all employees that limited the “use of City-owned computers and all associated equipment, software, programs, networks, Internet, e-mail and other systems operating on these computer” to city business.  This policy was acknowledged in writing by each city employee, and it was announced orally that this policy applied to pagers according to the National Law Journal.

The article goes on to state that the 9th Circuit affirmed the district court’s finding that Quon had a reasonable expectation of privacy with respect to the text messages because the policy did not reflect the “operational reality” at the police department where the staff was told that the department “would not audit their pagers so long as they agreed to pay for any overages” that exceeded a “25,000 character limit.” Consistent with that informal policy, Quon had exceeded that limit “‘three or four times and had paid for the overages every time without anyone reviewing the text of the messages,” demonstrating that the police department “followed its ‘informal policy’ and that Quon reasonably relied on it” the author states.

YahooIn Stengart, Mr. Ackerman argues the issue of the computer policies arose in the context of the attorney-client privilege. Marina Stengart used her employer’s laptop computer to communicate with her attorney about an anticipated lawsuit against her employer “through her personal, web-based, password-protected Yahoo email account.” After Stengart filed a discrimination suit, her then-ex-employer found many e-mails on the company computer between Stengart and her attorney. The employer’s computer policy was nearly identical to the policy addressed in Quon with one significant exception. Unlike the written policy in Quon, which limited the use of the computers to the employer’s business, the policy in Stengart provided that “[o]ccasional personal use is permitted.”

The court found two specific “ambiguities” with the computer policy that “cast doubt over the legitimacy of the company’s attempt to seize and retain personal e-mails sent through the company’s computer via the employee’s personal email account.” First, the “policy neither defines nor suggests what is meant by ‘the company’s media systems and services,’ nor do those words alone convey a clear and unambiguous understanding about their scope.” Second, the court found that one could reasonably conclude “that not all personal emails are necessarily company property because the policy expressly recognizes that occasional personal use is permitted.” Given these ambiguities, Stengart could have assumed her e-mails with her attorney would be confidential.

The National Law Journal article says the third decision relates to a company’s ability to use evidence found on its own computers to bring a viable court action against the disloyal employee under the federal Computer Fraud and Abuse Act to retrieve the stolen data and prevent its dissemination in the marketplace. The CFAA, provides a civil remedy for a company that “suffers damage or loss” by reason of a violation of the CFAA. A critical element in proving most CFAA claims is that the violator accessed the computer “without authorization” or “exceeding authorized access.”

The last case, LVRC Holdings LLC v. Brekka, Mr. Ackerman argues has made it more important than ever for corporate computer policies to address what is not permissible access to the company computer system. He reports that Brekka puts into question the concept that an employee’s authorization to access the company computers is predicated on his agency relationship with his employer such that when an employee violates his duty of loyalty by stealing his employer’s data, his authorization to access the company computers terminates. Brekka refused to apply the CFAA to a theft of employer data, holding that employees cannot act “without authorization” because their employer gave them “permission to use” the company computer.

Although this division in the circuit courts will ultimately have to be resolved by the U.S. Supreme Court, the article says that from an employer’s standpoint it is important to emphasize that the agency relationship with the employee is not the only way to prove that an employee’s access to the company computer was unauthorized or exceeded authorization. Employers can proactively establish the predicate for unauthorized access by promulgating the rules of access through company policies. The “CFAA … is primarily a statute imposing limits on access and enhancing control by information providers.. Thus, a company “can easily spell out explicitly what is forbidden” through several methods including an employee handbook explains the National Law Journal article.

Mr. Ackerman concludes by suggesting that in designing corporate computer policies and employee agreements, it is important not to lose sight of the well-established operating principle that company computers are company property, and, as such, the company can “attach whatever conditions to their use it wanted to,” even if these conditions are not “reasonable.” Nonetheless, he suggests in light of Quon, Stengart and Brekka, a company should check its computer policies to make sure that they do the following:

• Clearly define the computer systems covered by the policy; expressly encompass whatever technology is used, such as text messaging or instant messaging; and address not only the servers but removable media such as thumb drives and disks.

• Make clear that all data created in furtherance of any personal use belongs to the company — including use of the company systems to access personal web-based e-mail accounts — and may be monitored by the company and will not be confidential.

• Reflect operational reality and are audited at least annually to ensure they reflect operational reality.

• Spell out precisely the scope of an employee’s permissible authorization to the company computers, particularly what they are not permitted to do, e.g., access the company computers to retrieve company data for a competitor.

The time to get this right is now before the company finds itself the victim of data theft.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| October 6, 2011
Comments Off on 40 Years of Malware – Part 3

40 Years of Malware – Part 3

40 Years of Malware - Part 32011 marks the 40th anniversary of the computer virus. Help Net Security notes that over the last four decades, malware instances have grown from 1,300 in 1990, to 50,000 in 2000, to over 200 million in 2010. Fortinet (FTNT) marks this dubious milestone with an article that counts down some of the malware evolution low-lights.

The Sunnyvale, CA network security firm says that viruses evolved from academic proof of concepts to geek pranks which have evolved into cybercriminal tools. By 2005, the virus scene had been monetized, and almost all viruses developed for the sole purpose of making money via more or less complex business models. According to FortiGuard Labs, the most significant computer viruses over the last 40 years are:

See Part 1 HereSee Part 2 Here – See Part 3 Here  – See Part 4 Here

Code Red Worm2001 – E-mail and the Internet become primary transmission vectors for malware by 2001 as scripts automatically load viruses from infected Websites. The Code Red worm targeted Web servers and not users. By exploiting a vulnerability in Microsoft IIS servers Code Red automatically spread to nearly 400,000 servers in less than one week. The Code red worm replaced the homepage of the compromised websites with a “Hacked By Chinese!” page.  Code Red had a distinguishing feature designed to flood the White House Website with traffic (from the infected servers), probably making it the first case of documented ‘hacktivism’ on a large scale.

Shortly after the September 11 attacks, the Nimda worm (admin spelled backward) infected hundreds of thousands of computers worldwide. Nimda is one of the most complicated viruses, having many different methods of infecting computers systems and duplicating itself.

Microsoft SQL Server2003 – Widespread Internet attacks emerge as SQL Slammer (or Sapphire) infects the memory in servers worldwide, clogging networks and causing shutdowns. on January 25, 2003, Slammer first appeared as a single-packet, 376-byte worm that generated random IP addresses and sent itself to those IP addresses. If the IP address was a computer running an unpatched copy of Microsoft’s (MSFT) SQL Server Desktop Engine, that computer would immediately begin firing the virus off to random IP addresses. Slammer was remarkably effective at spreading, it infected 75,000 computers in 10 minutes. The explosion of traffic overloaded routers across the globe, which created higher demands on other routers, which shut them down, and so on.

The summer of 2003 saw the release of both the Blaster and Sobig worms. Blaster (aka Lovsan or MSBlast) was the first to hit. The worm was detected on August 11 and spread rapidly, peaking in just two days. Transmitted via network and Internet traffic, this worm exploited a vulnerability in Windows 2000 and Windows XP, and when activated, presented the PC user with a menacing dialog box indicating that a system shutdown was imminent.

The Sobig worm hit right on the heels of Blaster. The most destructive variant was Sobig.F, which generated over 1 million copies of itself in its first 24 hours. The worm infected host computers via e-mail attachments such as application.pif and thank_you.pif. When activated, the worm transmitted itself to e-mail addresses discovered on a host of local file types. The result was massive amounts of Internet traffic. Microsoft has announced a $250,000 bounty for anyone who identifies Sobig.F’s author, but to date, the perpetrator has not been caught.

Sasser shutdown2004 – The Sasser worm built on the autonomous nature of Code Red. It spread without anyone’s help by exploiting a vulnerability in Microsoft Windows XP and Windows 2000 operating systems called the Local Security Authority Subsystem Service or LSASS. Microsoft Security Bulletin MS04-011 here. This is the first widespread Windows malware, made even more annoying by a bug in the worm’s code, that turned infected systems off every couple of minutes.

This is the first time that systems whose function isn’t normally related to the Internet (and that mostly existed before the Internet) were severely affected. Sasser infected more than one million systems. The damage amount is thought to be more than $18 billion.

Bagle was first detected in 2004, it infected users through an email attachment, and used email to spread itself. Unlike earlier mass-mailing viruses, Bagle did not rely on the MS Outlook contact list rather it harvested email addresses from various document files stored in the infected computer to attack. Bagle opened a backdoor where a hacker could gain access and control of the infected computer. Through the backdoor, the attacker could download more components to either spy and steal information from the user or launch DDoS attacks.

MyDoom is another mass-mailing worm discovered in 2004. It spread primarily through email but it also attacked computers by infecting programs stored in the shared folder of the Peer-to-Peer software KaZaA. MyDoom slowed down global Internet access by ten percent and caused some website access to be reduced by 50 percent. It is estimated that during the first few days, one out of ten email messages sent contained the virus.

2005 – In 2005 Sony BMG introduced secret DRM software to report music copying; Other rootkits appear, providing hidden access to systems.

MyTob appeared in 2005 and was one of the first worms to combine a botnet and a mass-mailer. MyTob marks the emergence of cybercrime. The cybercriminals developed business models to “monetize” botnets that installed spyware, sent spam, hosted illegal content, and intercepted banking credentials, etc. The revenue generated from these new botnets quickly reached billions of dollars per year today.

rb-

By 2005 cybercriminals are starting to put all the parts together, Slammer proves that Microsoft systems can be used to spread attacks, Blaster and SoBig improved the infection rate, Bagel began to mine the targets for data and install backdoors so the attackers could continue to re-use the victims’ systems. MyDoom stated to use the first social network, the P2P networks for attacks. Sony proved that rootkits could be widely distributed and MyTob was the first of the modern botnet, leading the world into today’s monetized cybercrime age, described in part 4.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , , ,
| September 29, 2011
Comments Off on Detroit Netizens Vulnerable to Online Threats

Detroit Netizens Vulnerable to Online Threats

Detroit Netizens Vulnerable to Online ThreatsDetroit Internet users rank seventh among 35 U.S. cities for being most at risk for online threats and being “digitally duped,” according to an AVG Technologies survey of online behavior. Of the more than 8,000 Americans with home Internet surveyed, AVG says many consumers are unknowingly putting themselves at risk of falling victim to identity thieves, viruses and malware with bad PC habits and a lack of comprehensive protection:

Malware

  • 75% don’t back up their phone’s data – many rely on their provider to restore their contacts should an accident occur.
  • 67% don’t use an identity monitoring service.
  • 41% never run a manual antivirus scan to make sure the computer is virus-free
  • 40% don’t use a password on their mobile device and of those that do, another 34% have not changed the password in the past year.
  • 38% admit to sharing online passwords with at least one other person
  • 23% don’t back up the data on their PC

U.S. cities at highest risk

AVG says that the top 10 U.S. cities at highest risk are:

1. San Antonio
2. Tampa, Fla.
3. Atlanta
4. Dallas
5. Oklahoma City
6. Charlotte, N.C.
7. Detroit
8. Denver
9. Washington D.C.
10. Sacramento, CA

rb-

The rules of the road still apply to online activities:

  • Patch your system
  • Use current anti-malware software
  • Change passwords regularly, use variations for each online account, and never, ever share them with others
  • Use one credit card with a low spending limit for all online purchases. Monitor this account regularly, and flag any inappropriate activity to the bank.
  • Back up your data
  • Don’t share your personal data on Facebook
  • Be wary of phishing scams. Never click on links in emails
Related articles
  • 5 Essential Mobile Security Tips (informationweek.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| September 27, 2011
2 comments

Tablets Info

Tablets Info Morgan Stanley predicts (PDF) that by the end of 2020 10 billion mobile internet devices will be in use, up from 2 billion today. They also say that enterprise adoption is more widespread than expected. Two-thirds of the CIOs surveyed expect either to buy tablets for some of their employees or allow employee-owned tablets on their networks within one year. The investment house also says that tablets will be viewed as content creation devices. They found 20% of tablet owners use the device to create or edit files regularly. and believe the rate of introduction of new mobile applications and faster processors could increase these figures over time.

People Have No Clue How To Use iPad Apps

ConfusediPad readers are skimming and can’t remember what they’ve read according to Nielsen Norman Group, BussinessInsider points out the report which finds that many big-name iPad apps are too difficult to use, and should abide by one standard for gestures, tapping, etc.

Nielsen gave 16 study participants access to the NPR app, the Flipboard app, The Daily app, and the Amazon app, among others for two months, to see how they reacted and what they attempted to swipe, pinch, and tap.

According to Nielsen, most consumers are confused because every app has a different navigation scheme, and looks different than their website counterparts. People had a lot of trouble in specific situations, because from one app to another, performing simple tasks like search, scrolling, or shopping, can be completely different.

In the midst of all their hard findings, Nielsen makes suggestions for app-makers to make their apps more intuitive and ergonomic for users. Nielsen suggests:

  • Always have a back button.
  • Content should look the same in portrait or landscape navigation.
  • Apps should take less than 20 seconds to download initial content.
  • Stick to a solid format for your website and tablet app.

Fring 4-way Group Video Chat Lands on iPad 2

fringThere is now a good reason for iPad 2 owners to use their front and rear cameras. AppScout says that Fring is the first app that brings group video chat to the Apple (AAPL) iPad 2.

Fring is a competitor to Skype and Qik that offers free 1-1 video chat over smartphones, but with the added bonus of free cross-platform 4-way live video chat. You can chat over Wi-Fi, 3G or 4G. AppScout predicts this feature makes Fring a force to be reckoned with. Instead of waiting on its competitors to bring video chat to the iPad, Fring stepped up to deliver group video chat to the iPad. AppScout states that for now is the ONLY iPad-specific video chat app.

All the same, features that are available for iPhone, iPod Touch, Google’s (GOOG) Android, and Nokia (NOK) devices are available on the iPad as well. Additional features include FringOut that lets you call ANY phone number using low-cost Fring credits.

USB Hub Allows Simultaneous Syncing of 49 iPads

Datamation Systems has released a desktop station that allows simultaneous syncing for up to 49 Apple (AAPL) iPads or other USB devices. The DS-IP-49-SYNC changes the way information is managed and distributed. The device acts as a fully powered USB hub for 49 devices. Using a Mac, it can sync with iTunes or other software capable of addressing USB devices. The system will work with Microsoft (MSFT) Windows, Linux, and Mac computers but could have some software limitations with a non-Mac host.

The device is a syncing device that will provide a “trickle charge” for iPads, not as a fast-charge device. A single station in a tech center or IT department can quickly sync 49 devices which permit more practical centralized management control in technology deployments and maintenance. (rb- Something that Apple still does not get)

Foxconn Exported 48 Billion From Shenzhen In 2010

Foxconn Technology Group ChinaTechNews reports that Foxconn Technology Group (2038) says that in 2010, the company’s export value from its Shenzhen processing and trade enterprise reached $48 billion, a year-on-year increase of 50%.

According to ChinaTechNews nearly half of the world’s top branded computers are made by Foxconn. The company also makes the mobile phone for Nokia (NOK) and Motorola (GOOG); it makes PlayStations, laptops, and LCD TVs for Sony (SNE); and it makes iPods, iPhones, and iPads for Apple (AAPL).

The article goes on to say that the Foxconn Shenzhen Longhua campus has become the manufacturing base for the latest technology products, including smartphones and tablet computers; and the volume and speed of shipments from this plant influence the prices in the global IT market.

Foxconn boasted new technology breakthroughs during the past year. In 2010, Foxconn applied for 16,000 global patents and 7,000 were approved; and it applied for 6,000 patents on Chinese mainland and nearly 3,000 got approved. (rb- And still the idiots politicians in Washington are still messing around with another budget extension.)

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Tablet computing | Tags: , , , , , , , , , ,
| September 22, 2011
One comment

Heidi Klum Most Dangerous Celebrity in Cyberspace

Heidi Klum Most Dangerous Celebrity in CyberspaceGerman-born super-model, Spin City actress and hottie Heidi Klum is now the most dangerous celebrity on the Web according to anti-malware firm McAfee‘s fifth annual Most Dangerous Celebrities study. Heidi Klum replaced Cameron Diaz as the number one riskiest celebrity to search for on the web.

Heidi Klum 2011's Most Dangerous Celeb in CyberspaceMcAfee research found that searching for the latest Heidi Klum pictures and downloads almost a 1 in 10 chance of landing on a website that has tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware.

Paula Greve director of Web security research at McAfee said:

Consumers should be particularly aware of malicious content hiding in ‘tiny’ places like shortened URLs that can spread virally in social networking sites, or through e-mails and text messages from friends.

Mila Kunis one of 2011's Most Dangerous Celeb in CyberspaceMcAfee says that cyber-criminals often use the names of popular celebrities to lure people to sites that are actually laden with malicious software. Anyone looking for the latest videos or pictures could end up with a malware-ridden computer instead of just trendy content.

Top 10 dangerous celebrity list

1 – Heidi Klum, The former Victoria’s Secret model and current producer of “Project Runway” moved up from No. 10 in 2010 to No. 1 for 2011. Searching for Ms. Klum results in nearly a one in ten chance of landing on a risky site.

2 – Cameron Diaz, 2010’s Most Dangerous Celebrity fell to second place, with searches resulting in slightly fewer risky sites this year.

3 – Piers Morgan is a new addition to the top ten list, Morgan is also the most dangerous male celebrity.

4 – Jessica Biel, 2009’s Most Dangerous Celebrity fell to fourth place this year with searches resulting in fewer risky sites.

5 – Katherine Heigl, the former “Grey’s Anatomy” star is new to the top ten in 2011.

6 – Mila Kunis, the former star of “That 70s Show” is also new to the top ten, bolstered by starring in “Friends with Benefits.”

7 – Anna Paquin, the “True Blood” star is as dangerous on the Web as she is on the screen. She moved up from No. 10 last year to No. 7 this year.

8 – Adriana Lima who is best known for being a Victoria’s Secret Angel since 2000 she has become slightly safer, moving her from No. 6 last year, to No. 8 this year.

9 – Scarlett Johansson, the 2010 GQ MagazineBabe of The Year” is new to the list this year.

10 – Brad Pitt, Emma Stone, and Rachel McAdams, Mr. Pitt has been on the list for the past four years. Ms. Stone and Ms. McAdams are new to the top ten.

Julia Roberts not one of 2011's Most Dangerous Celeb in CyberspaceGisele Bündchen, Tom Cruise, Penelope Cruz, Jennifer Love Hewitt, Nicole Kidman, and Julia Roberts have all dropped out of this year’s top ten list. Noticeably missing from this years list is Charlie Sheen who made headlines with his highly public departure from “Two and a Half Men

rb-

But BitDefender called Jay Leno, the most dangerous celeb in cyberspace. It is good to see Intel McAfee wisely spending its marketing dollars on info like this when Microsoft (MSFT) is going to kill the anti-virus market by baking AV into Windows 8. Maybe I will get more hits after putting these pop names in here.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
« Older Entries   Recent Entries »