Wikileaks Positive Side Effect for IT Fri 10 Dec 10

The disclosure of diplomatic cables by the organization Wikileaks got a tremendous amount of attention. Given that the story involves issues related to theft, sexual assault, the moral duty for civil disobedience and just plain gossip, this is not at all surprising.

We shouldn't take any comfort in the notion that this is just an issue for the government. The corporate world may be next. Recently there have been rumors that Wikileak's next target is Bank of America. In addition a hacker group in support of Wikileaks took Mastercard's website down for a period of time in retaliation for Mastercard blocking payments to Wikileaks.

Continue reading "Wikileaks Positive Side Effect for IT" »

Tell A Friend Tell a Friend    View blog reactions   Bookmark    rss RSS Feed

Don't Blame Google For Grabbing Your Data Wed 09 Jun 10

Why people should secure their own Wi-Fi networks, and what the IT industry can do to help.

Google street view car croila Google was taken to task recently when it was discovered that it had captured private payload data from unsecured Wi-Fi networks while its Street View cars traveling to collect data for Google's location-based products.

On the official Google blog, Google owned up to collecting this data mistakenly "even though we never used that data in any Google products." Google added that it collected only fragments of payload data. Despite this, a number of European governments and at least one U.S. state attorney general are launching investigations into Google's alleged invasion of privacy.

While I certainly cannot condone Google's actions, I am a little puzzled by the reaction. Where is the call for personal responsibility? People should be safeguarding their own data.

Continue reading "Don't Blame Google For Grabbing Your Data" »

Tell A Friend Tell a Friend    View blog reactions   Bookmark    rss RSS Feed

The Hidden Price Of Free Applications Wed 26 May 10

Access to our personal data is the price we pay for ''free'' services on the Internet.

Privacy issues, the Internet and social media in particular have been getting a lot of attention lately. Facebook has become the poster child for privacy concerns about the data we divulge online.

The villain in all of this isn't the technology, since technology isn't inherently good or evil. The issue is how technology is used. That is driven by the business model of the Internet and social media.

Google, Yahoo, Facebook and others of their type provide so-called "free" services. These companies are funded through advertising. Twitter has been the most notable holdout on monetizing its services, but that won't last forever.

Continue reading "The Hidden Price Of Free Applications" »

Tell A Friend Tell a Friend    View blog reactions   Bookmark    rss RSS Feed

Keeping Data Safe From IT Snoops Wed 21 Apr 10

How to improve data security and privacy.

Laptop looking truthout A Pennsylvania school district made headlines recently with accusations that two of the district's IT employees were spying on students and took "thousands" of pictures of students in their homes without their knowledge, using the cameras in their school-supplied laptops. The school district contends that the ability to remotely take pictures was a security feature used solely to help locate lost or missing laptops. The situation came to light when the school district accused a student of selling drugs based on pictures taken remotely via the laptop that was assigned to the student, although it had not been reported lost or stolen.

The incident could start making everyone wonder about information technology's role in protecting data and privacy. It begs the question: Who watches the watchers?

IT has the keys to all the sensitive data in your company. This includes not only payroll and personnel records, but also financial records, trade secrets and intellectual property, data regarding pending acquisitions, product launches or other strategic decisions. A rather scary thought if you don't trust your IT folks.

Continue reading "Keeping Data Safe From IT Snoops" »

Tell A Friend Tell a Friend    View blog reactions   Bookmark    rss RSS Feed

The IT Security Balancing Act Wed 17 Feb 10

Ultimately, IT is responsible for security breaches even if it's not at fault.

Oldvaultdoor_daniel_leininger

Late last year, Plano, Texas-based Hillary Machinery lost $800,000 to cyber theft when attackers stole the money in a series of transfers from Hillary's PlainsCapital bank account. PlainsCapital was subsequently able to recover about $600,000.

As you might expect, Hillary demanded that PlainsCapital repay the unrecovered funds, saying PlainsCapital didn't provide adequate security measures. Up to this point, there is nothing especially noteworthy about this situation. Sad to say, but cyber theft just isn't all that unusual anymore.

However, what happened next has gotten a lot of attention beyond just west Texas.  PlainsCapital is suing Hillary Machinery, the victim!

Continue reading "The IT Security Balancing Act" »

Tell A Friend Tell a Friend    View blog reactions   Bookmark    rss RSS Feed

Responsible Twittering Wed 05 Aug 09

The company's security issues are well-known, but users also need to be more responsible about what they tweet.

Twitter bird matt hammTwitter, the popular social media app was recently awarded a Pwnie (pronounced "pony") at the BlackHat Security Conference. The reason for this rather dubious honor was due to what some call this year's biggest security failure. Apparently, a hacker was able to gain access to confidential documents by hacking into the e-mail account of Twitter Chief Evan Williams.

Prior to this, a similar incident occurred where someone hacked the password of a Twitter administrator and gained access to user accounts, including that of then President-elect Obama.

Continue reading "Responsible Twittering" »

Tell A Friend Tell a Friend    View blog reactions   Bookmark    rss RSS Feed

Identity Protection Goes Beyond Technology Mon 01 Jun 09

We need to include the "human element" in our identity protection schemes

Credit_Card_Theft_d70focusIdentity theft and security is always in the spotlight through the constant stream of news stories about companies losing confidential customer or client data, such as social security numbers, credit card numbers, health histories and so forth. These "breaking news" stories now seem to happen so frequently that we scarcely pay attention to them unless, of course, we are directly impacted by them. They have, however, heightened the public awareness and have even spawned new identity protection businesses.

IT companies rightly react to this by developing new technologies to improve security and eagerly market these to CIOs as a way to protect the personal information of their customers and clients. While we should use these appropriately we can't rely just on technology for identity protection.

Continue reading "Identity Protection Goes Beyond Technology" »

Tell A Friend Tell a Friend    View blog reactions   Bookmark    rss RSS Feed

Security In The Cloud Mon 02 Feb 09

Recent High Profiles Breaches Highlight Security Flaws That Are Not Just In The Cloud

Lock_AMagill In the past few months there have been some high profile security breaches involving cloud applications that may give people pause in using the cloud.  These got a lot of publicity because of the victims involved.

The first was Vice Presidential candidate Sarah Palin's Yahoo email account being hacked.  The second was a hacker gaining control of then President-Elect Barack Obama's Twitter account.

Continue reading "Security In The Cloud" »

Tell A Friend Tell a Friend    View blog reactions   Bookmark    rss RSS Feed

Protecting The US From Foreign Hackers Tue 30 Dec 08

Hackers_jose_goulao A recent Op-Ed piece in the Houston Chronicle, "U.S. must update laws defending against foreign hackers" caught my attention.  Congressman Jim Langevin (D-RI) and Congressman Michael McCaul (R-TX) wrote the piece in concern about foreign threats to our information technology systems and made some suggestions on possible improvements.  Although not in total agreement I do think they make some excellent points.

First, however, I feel the need to comment on the emphasis on foreign threats.  Putting the argument in terms of a "foreign" threat smacks of sensationalism and xenophobia.  If an American hacks my computer and steals my personal information I find no comfort in the fact that the thief wasn't a foreigner.  Cyber security is an issue of real significance.  Let's not trivialize it with sensationalism.  The bottom line is that a threat to cyber security is an important issue regardless of where that threat originates.

Langevin and McCaul get to the heart of the issue nicely when they say:

"Our national leaders have been far too slow to understand the scope and significance of this threat. America's laws for cyberspace are decades old, written for primitive technologies in a less-connected era. Our bureaucracy is organized for an industrial age. We are not prepared to meet the threats of the 21st century."

They then make a suggestion with which I whole-heartedly agree:

Continue reading "Protecting The US From Foreign Hackers" »

Tell A Friend Tell a Friend    View blog reactions   Bookmark    rss RSS Feed

Security and the Myth of the Superuser Mon 28 Jan 08

Lock_amagill_2 Bruce Schneier runs a great blog, Schneier on Security and I stumbled across a post of his from last May entitled The Myth of the Superuser.  In a very understated way Schneier refers to what he describes as  a "very interesting law journal paper".  It certainly is.  The paper in question is The Myth of the Superuser: Fear, Risk, and Harm Online by Paul Ohm, Associate Professor of Law and Telecommunications at the University of Colorado Law School.

The abstract states:

"Fear of the powerful computer user, "the Superuser," dominates debates about online conflict. This mythic figure is difficult to find, immune to technological constraints, and aware of legal loopholes. Policymakers, fearful of his power, too often overreact, passing overbroad, ambiguous laws intended to ensnare the Superuser, but which are used instead against inculpable, ordinary users. This response is unwarranted because the Superuser is often a marginal figure whose power has been greatly exaggerated.

The exaggerated attention to the Superuser reveals a pathological characteristic of the study of power, crime, and security online, which springs from a widely-held fear of the Internet. Building on the social science fear literature, this Article challenges the conventional wisdom and standard assumptions about the role of experts. Unlike dispassionate experts in other fields, computer experts are as susceptible as lay-people to exaggerate the power of the Superuser, in part because they have misapplied Larry Lessig's ideas about code.

The experts in computer security and Internet law have failed to deliver us from fear, resulting in overbroad prohibitions, harms to civil liberties, wasted law enforcement resources, and misallocated economic investment. This Article urges policymakers and partisans to stop using tropes of fear; calls for better empirical work on the probability of online harm; and proposes an anti-Precautionary Principle, a presumption against new laws designed to stop the Superuser. "

Don't let the "law journal" label scare you away.  This really is a very interesting and thought-provoking read.  Although phrases like "exaggerated attention to the Superuser"  and "overbroad prohibitions"  mind lead you to think that Ohm is downplaying the risk of lax computer security but upon careful reading I don't think he is.  Rather what he is suggesting is a more balanced and reasoned approach to security.

Continue reading "Security and the Myth of the Superuser" »

Tell A Friend Tell a Friend    View blog reactions   Bookmark    rss RSS Feed

michael_schaffner


tell_a_friend Tell a Friend About Mike's Blog







Creative Commons License 
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 License.

My photos on
www.flickr.com
Mike Schaffner's items Go to Mike Schaffner's photostream

Free Subscriptions
  Free RSS Subscription

Free RSS Subscription


For An Email Of New Articles
Enter your email address:


Read On Your Mobile Device

mofuse


Join the Conversation
Subscribe to Comments
  Free RSS Subscription

For New Comments Email
Enter your email address:






This is the personal blog of Michael W. Schaffner. The opinions expressed in this blog are soley mine and those of commenters. You should not infer that these opinions are the opinion of or have been endorsed by any current or former employer.

Please review the Privacy Policy.   I do love comments and trackbacks but I do reserve the right to remove any that don't comply with the Comments and Trackback Policy.  Rather than clutter up the front page with badges and statistics that are of little interest to anyone other than me I thought it would be best to establish a separate page for statistics and rankings.


Copyright © 2006, 2007, 2008, 2009 Michael W. Schaffner       You may copy or quote sections of this blog if you provide an attribution consisting of a reference to the Michael Schaffner and ''Beyond Blinking Lights and Acronyms" along with a hyperlink (if a web reference) to the blog posting.     

Creative Commons License 
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 License.