Tag Archive for Security

| May 9, 2013
Comments Off on Tech Disrupters

Tech Disrupters

Tech DisruptersThe BusinesInsider notes that analysts at investment bank Citi (C) have issued a new research report, that takes a look at 10 disrupting technologies, According to BusinessInsider, these technologies will change the way we do business. The firm which took $300 billion dollars taxpayer-funded bail-out looked into practically every sector you can think of: energy, entertainment, IT, manufacturing, and transportation among them to identify disrupters.

Software-Defined Networks

One of the information technologies that Citi called a disrupter is Software Defined Networks (SDN). SDN’s simplify IT networks by separating the Control Plane (the intelligence) from the Data Plane (the packet forwarding engine). “Instead of having intelligence distributed across the network in separate boxes, SDN centralizes the Control plane in an overriding software layer which disseminates instructions to each router or switch.

Citi claims that SDN is too cheap to resist. They cite data from IDC that says Software Defined Networking is expected to grow from just under $360 million in 2013 to $3.7 billion in 2016. Revenues are likely to be split between startups, traditional network vendors like Cisco (CSCO), and big IT vendors like IBM (IBM), HP (HPQ), and Dell.

Software-as-a-Service

The prognosticators at Citi also identified SaaS as another disruptive opportunity. The article explains that Software-as-a-Service (SaaS) is Internet-based software delivery. Basically, customers can use software that they’d otherwise have to buy via downloads or at a store. Examples include Google (GOOGAppsMicrosoft (MSFT) 365, and Amazon (AMZN) web services.

In 2012, the SaaS market grew 26% to become an $18 billion market according to market research firm IDC. According to Citi’s survey, SaaS has already captured 8% of their software wallets so far and firms expect to increase spending to 70% of their budget over time — a 9-fold increase.

rb-

The Citi prognosticators are so smart, they are at least a year behind the Bach Seat. I have covered cloud since 2011. I think we all know that cloud computing and software-defined networking are information technology disrupters. Thanks, guys.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , ,
| May 2, 2013
Comments Off on Ellen Spoofs Password Infomercial

Ellen Spoofs Password Infomercial

Ellen Spoofs Password InfomercialGraham Cluley at Sophos’s Naked Security Blog recently blogged about a crazy password infomercial and day-time TV talk show host Ellen DeGeneres’ reaction to the late-night advert. The infomercial that caught the talk show host’s attention proves that you can always rely on late-night TV to try to sell you anything.

Ellen DeGeneresEllen DeGeneres recently focused some attention on a product that claimed to solve a computer security problem experienced by many inner-webs users – how to remember your passwords. Here’s the link to the video below about the “Internet Password Minder”:

As one of the customers featured in the infomercial breathlessly explains:

"I don't have to worry anymore about security or identity theft... I now have all my passwords in one place. It's great"

Apparently, this is not a put-up by the “Ellen” show. As Ellen amusingly asks, wouldn’t it be cheaper to save money and write all your passwords on a $5 bill? You could even keep the (patent-pending – don’t steal the idea!) $5 bill password minder in your wallet if you liked – much more convenient than the book-sized Internet Password Minder!

hard-to-crack passwordSophos offers a video explaining how to generate a tough, hard-to-crack password that is still easy to remember. If you can’t remember your passwords and have difficulty juggling different passwords for different websites, then Sophos recommends password management software like KeePass, 1Password or LastPass. I have covered the password issue many many many times before.

Mr. Cluley pointed comment on Ellen’s website from someone who claims to be the woman in the infomercial who no longer worries about identity theft.

rb-

I don’t watch The Ellen Show (I work during the day), but I know my mom does so a hat-tip to Ellen for raising awareness of password security issues with her large TV audience in an amusing way.

Those of us charged with keeping our clients and parents safe from the cyber-malcontents on the Intertubes, need all the help we can get, even if is from as unlikely a source as Ellen DeGeneres. Maybe now mom will stop asking me to change all of the passwords to something easier.

Do you think that Ellen’s spoof of the password infomercial helps the cyber-security cause?

 

Do you think that Ellen's spoof of the password infomerical helps or hurts the cyber-security cause?

View Results

Loading ... Loading ...

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| February 21, 2013
Comments Off on Dropbox Warms Up to Corp IT for IPO

Dropbox Warms Up to Corp IT for IPO

Dropbox Warms Up to Corp IT for IPOIn preparation for its IPO, Dropbox is warming up to corporate customers reports InfoSecurity. the general consensus about Dropbox within the business community is that it is an excellent service, but lacks security. Data breaches, a lack of visibility into and control over how stored and shared files are used make the app seem insecure to many corporate users. GigaOM points out that large companies, including IBM (IBM), forbid its use. One of the criticisms, InfoSecurity cites is that employees leaving the company (either through termination or leaving to join a competitor) will automatically take any potentially sensitive files stored in their Dropbox accounts when they leave the company.

Dropbox logoThe new Dropbox Team (the corporate multi-user offering) dashboard seeks to make that more attractive. This paid-for service costs $795 per year for 5 users plus $125 for each additional user. The new dashboard provides the team leader with greater visibility and control over which members can access individual files, and what they can do with those files. In particular, if a team member leaves the company or just the team, access to the stored files can be immediately blocked.

These new features do not prevent an employee from opening a separate personal account and using that to exfiltrate sensitive files. However, InfoSecurity claims they make it more likely that it would be a planned (and probably illegal) act. Unfortunately, the greater part of the shadow IT use of Dropbox is likely to occur simply because the staff is seeking to make their jobs easier and more efficient. By providing an official Dropbox Team account, the need to bypass security becomes less pressing. Dropbox will benefit from increased income while business benefits from increased control.

two-factor authenticationA second new security feature within the new dashboard is the ability for the team leader to insist on and ensure the use of two-factor authentication by the team members. Optional two-factor authentication was announced by Dropbox last July. It followed the breach involving users’ re-used passwords. “Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts,” announced the company at the time. Two-factor authentication can solve this issue, and the team leader can now insist upon it and ensure that individual team members do not subsequently turn it off.

It is possible that this improvement to the corporate Dropbox may be the start of preparation for a Dropbox IPO. IDC estimates that the enterprise file-sharing market will be worth $20 billion by 2015, and Dropbox is currently valued at around $4 billion.

we just want to make it easier for IT to say yesOver 2 million businesses have people inside them using Dropbox. It’s already pervasive, we just want to make it easier for IT to say yes to those people asking for Dropbox,” Sujay Jaswa, VP of business development for Dropbox said in an interview with GigaOM.

Among business accounts, GigaOM says Google (GOOG) is getting traction with the Google AppsGoogle Drive combo and Microsoft (MSFT) integrates SkyDrive storage with Office and Windows 8. Box, the company most associated with Dropbox-of-the-Enterprise, touts its support of all client devices but targets larger companies including Netflix, Dow Chemical, and Procter & Gamble.

rb-

Other competitors in the Dropbox-of-the-Enterprise niche are Accellion’s kitedrive, Egnyte, GroupLogic’s activEcho, SurDoc, and ownCloud. Still, it’s hard not to see all these rivals battling it out for the same paying business customers down the road.

At $125 per seat it seems awfully expensive, is it good enough for corporate IT to warm up to Dropbox in time to save its IPO?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| February 19, 2013
Comments Off on School Kids’ Data at Risk – Part 2

School Kids’ Data at Risk – Part 2

School Kids' Data at RiskIn the Huffington Post article, “In Push For Data, Schools Expose Students To Identity Theft” author Gerry Smith writes about the growing risk of school kids data being stolen across the country.

Read Part One here:

Data Quality Campaign, an organization that encourages states to build student databases argues that students’ Social Security numbers are useful for education policy by creating “enhanced analytical opportunities” for evaluating school curriculum. “The more important conversation is not whether states are collecting Social Security numbers, but how they are ensuring the privacy, security, and confidentiality of all personally identifiable information,” Laird said in a statement to the Huff Post. “We can’t speak to how Social Security numbers are collected and stored at the local level,” she added.

The article cites one survey that concludes student PII is not stored very securely. Only half of K-12 schools use data encryption, according to a survey of IT employees at K-12 schools nationwide. 72% cited budget constraints as the primary barrier to improving their IT security, according to the survey by Panda Security (PDF). Collecting PII in central databases with lackluster security is asking or trouble, “This is making a much bigger honey pot for people with malevolent purposes to gain access to children’s information,” Joel Reidenberg, a professor at Fordham University School of Law. He told The ID Channel, “It’s a meltdown waiting to happen.”

School districts in 26 states now ask for students’ Social Security numbers. The Michigan Department of Education states (PDF), “A school district cannot mandate that parents disclose the social security number of their children.” Huff Post states that Texas is one of those states where education officials use PII to connect K-12 records to higher education and workforce data, according to Debbie Ratcliffe, a spokeswoman for the Texas Education Agency.

Last year, the Texas agency asked eight school districts to send PII, including Social Security numbers, through the mail on unencrypted CDs for research purposes. The article reports that Laredo Independent School District learned the CD it sent got lost in the mail, exposing nearly 25,000 current and former high school students to identity theft, according to the Texas Tribune. Ratcliffe told The Huffington Post that the request came from an agency employee who operated “way outside” normal protocol.

Social Security numbers are useful enhanced analytical opportunitiesIt was not the only school data breach in Texas.

  • Beaumont school officials told parents that Social Security numbers belonging to an estimated 15,000 students were accidentally exposed online for nearly a year.
  • The San Antonio Independent School District told parents that names and Social Security numbers of up to 360 students were mistakenly made visible through a Google search.

Still, the Texas Education Agency has no plans to stop asking school districts for students’ Social Security numbers, Ratcliffe told the author. “We have so many databases that use them that it would require quite a bit of change to make that happen,” she said.

Texas has no plans to stop asking for students' Social Security numbersYet concerns over child identity theft have prompted at least five states — Nebraska, North Dakota, Washington, Maine and Wyoming. to create policies that restrict the collection and use of Social Security numbers in K-12 schools.

Jerry Coleman, director of school finance at the North Dakota Department of Public Instruction Coleman said in an interview, “To protect those Social Security numbers would be a hassle we don’t need,”

Parents can refuse to disclose their child’s Social Security number, and the student would be assigned a different identifying number. Ratcliffe, of the Texas Education Agency, said most parents disclose their child’s number anyway.

Parents can refuse to disclose their child's Social Security numberBut privacy experts say, in most cases, parents should keep that information to themselves. “When someone asks for your child’s Social Security number, say no,” said Aaron Titus, chief privacy officer for Identity Finder, which helps organizations protect sensitive data. “I have found about 90 percent of the time when I push back a little bit, I get my way.”

Data breaches leave people six times more likely to become victims of identity theft, according to a survey by Javelin Research. Schools warn parents to monitor their children’s credit after a data breach. The Huff Post says credit reports only turn up 1 percent of fraud on children’s credit histories because thieves pair children’s Social Security numbers with new names and birth dates, a study by Debix found.

More than 18,000 child identity theft complaints were reported to the Federal Trade Commission. But experts tell Huff Post that figures on child identity theft are likely much higher because the crime often goes undetected for years. ID Analytics estimates more than 140,000 children are victims of identity theft each year, based on a one-year study of those enrolled in the firm’s identity protection service. When child identity theft victims turn 18, they find their credit has been destroyed, preventing them from taking out loans or renting apartments.

rb-

Consumers Unions points out that Michigan law restricts how Social Security numbers can be used. In Michigan, SSNs cannot be printed on ID cards, intentionally communicated to the public, and/or publicly displayed or mailed within an envelope.

Related articles
    • Child Identity Theft: Warning Signs and Action (lexingtonlaw.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , ,
| February 16, 2013
Comments Off on UP EAS Warns of Zombie Attack

UP EAS Warns of Zombie Attack

UP EAS Warns of Zombie AttackEmergency Alert Systems at northern Michigan television stations sent out a fake emergency alert warnings. The alters warned the UP of a zombie attack after being hacked. The fake broadcast warned that bodies were rising from the grave and alerted people to avoid contacting the walking dead.

MLive Zombiereports the message went on Monday about 8:30 p.m.. The zombie attack warning interrupted “The Bachelor” on WBUP, ABC 10 and “The Carrie Diaries,” a prequel to “Sex and The City,” on CW. The same person got into Northern Michigan University’s public television station WNMU-TV 13. That message interrupted “Barney and Friends” at about 4 p.m., reports NMUstation manager Eric Smith.

People panicked and it was crazy and we didn’t know how to stop it,”  Cynthia Thompson, station manager and news director at ABC 10 and CW 5 in Marquette, MI said. The suspected hacker has been caught, according to MLive, Ms. Thompson could not release any further details on the suspect.

Attacks around the nation

Security leakSimilar attacks were reported at Great Falls, MT station KRTV and KNME/KNDM in Albuquerque, NM. The security breach’s occurred at stations that didn’t have their login names or passwords reset from factory default settings, said Ed Czarnecki, senior director for strategy and regulatory affairs for Monroe Electronics Inc., a Lyndonville, NY based manufacturer of EAS equipment. “We are very aggressively working with authorities … to ensure that all broadcasters have updated their passwords on their critical equipment,” he said.

Michigan Association of Broadcasters CEO Karole White said the MAB is taking the issue very seriously and working with the Michigan State Police and Federal Communications Commission on the case. “Though this was kind of a pranksters joke, they could have used a different code that could have caused people to be very concerned and possibly even panic,” CEO White said.

HackerInfoSecurity says the problem goes beyond just passwords. Mike Davis, a security expert with IOActive, submitted a report to US-CERT detailing flaws in the equipment used by the EAS system a month before the incident. “Changing passwords is insufficient to prevent unauthorized remote login. There are still multiple undisclosed authentication bypasses,” he told Reuters via email. “I would recommend disconnecting them from the network until a fix is available.

Really, really, terrible software

According to Kaspersky’s ThreatPost, the flaws Mr. Davis unearthed allowed him to do exactly what Monday’s hacker did. “There is some really, really, terrible software on the other side of that box,” Davis said. “There are some known issues like authentication bypasses and what I would call back doors, although I don’t know if they were meant that way. While I can’t provide authenticated messages [from the EAS system itself], I can log into all of them and insert authenticated messages.

The problems that Davis found,” warns ThreatPost, “represent a serious weakness in the EAS system. Some of the ENDECs (encoder-decoder) are networked together in a way that enables them to relay messages to one another, so an attacker who could compromise one could conceivably cause problems on others, as well.

 rb-

Umm Networking 101, change your default passwords.

Haven’t the dead been roaming the halls of Congress for years? Brain dead anyway!?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , ,
« Older Entries   Recent Entries »