Paul Wallbank – Brilliant Communications

Tag: security

  • Navigating the Internet jungle

    Navigating the Internet jungle

    I usually don’t pay much attention to stories about Apple malware given that most hysterical stories about Mac viruses are written by charlatans spruiking third rate security products.

    The story of the Flashback Trojan is an interesting one though, not because the malware is particularly original or that it comes with the usual hysterical claim of being part of the coming wave of viruses that will wipe the smug smiles off Mac users’ facers.

    Flashback’s interesting because it combines all the tactics of a modern computer virus or malware, bringing together unpatched vulnerabilities and some social engineering with the intention of stealing user passwords.

    These are risks regardless of what type of computer, smartphone or tablet you use. It illustrates how the security risks have moved on since the first epidemic of Windows computer viruses just before the beginning of the century.

    Similarly, the motivation for writing viruses and malware has evolved. Where it was once an intellectual exercise for bored, highly skilled young code cutters, today it’s a lucrative criminal enterprise aimed at getting access to victim’s bank accounts and other assets.

    Which is the reason why it’s a good idea to have different passwords for various online services – no more using the same password for your online banking, Minecraft and Facebook accounts.

    Having the latest security patches installed is also important, particularly with third party products like Adobe Flash, Java or Microsoft Office, so don’t ignore those warnings as a caller to one of my radio slots boasted.

    We also need to keep our wits about us online and watch out for the sneaky tricks used to fool us into opening malware, it’s a jungle out here on the web.

    Similar posts:

  • ABC702 Weekends: Facebook and your Family

    ABC702 Weekends: Facebook and your Family

    For the first 702Sydney Weekend program for the year ABC 702 Sydney Paul Wallbank and Ian Rogerson looked at how to use Facebook safely.

    Facebook and other social media services are becoming an increasingly important part of our lives, so it’s important we understand the benefits and the risks involved in using the web.

    All the details of what we discussed in the program are available at the Facebook and Your Family post.

    One listener’s question we said we’d get back to was Emma who asked about Microsoft Word stopping her Mac from closing down.

    This is usually due to problems with an office plug in or the normal template. To attempt to fix the template, follow the instructions at the Word Mac site.

    As Ian suggested, it may be time to consider a more up to date program as Office 2001 is seriously outdated.

    Similar posts:

  • The importance of logging off

    The importance of logging off

    English Labour MP Tom Watson today learned why logging off your computer is important when his office intern cracked what she thought a joke on his behalf.

    What appeared to be a mis-step by the Member of Parliament bought predictable criticism from his enemies in politics and media, particularly given his role as a critic of News International.

    The biggest risk in computer security are your staff and co-workers; they have access to your systems and the data saved on them.

    In Tom’s case – like most business security breaches – the intern wasn’t being malicious, she was making a very valid point about a serious topic, it was her unfortunate choice of words that caused a problem.

    Luckily for her, the boss has taken a mature attitude towards the problem – there’s many bosses who wouldn’t. So the intern seems safe unless the media can beat the story up further.

    The moral for all of us is to log off or shut down our computers whenever we step away from them.

    If we’re using public terminals in flight lounges, Internet cafes or hotels, then we should make sure we’ve logged out of our email, social media or banking services before the session ends.

    Should someone leap on your system when you turn your back, you could find anything from your social media or email account used to send out fake messages about you being robbed through to your online bank balance being pillaged.

    We often worry about evil, sophisticated hackers breaking into our accounts but often it’s these simple mistakes that let opportunistic thieves get our details.

    Often it’s the simple things that bring us unstuck, so logging off is a good habit to get into. Tom’s intern is right.

    Similar posts:

  • Password blues

    Password blues

    “Johnny down the street hacked my Minecraft account!” is something almost every parent today has heard in one way or another.

    If you believed the kids, the schools are full of 12 year old hacking geniuses that can unravel passwords faster than a CIA super computer.

    Usually it turns out the “evil hacker” in Grade 5 had the password all along as the kids share their login details with all their friends.

    The New York Times recently pulled together story showing how teenagers are sharing passwords to show their affection. One wonders how many abusive relationships see the dominant partner control the other’s social media and online accounts.

    It isn’t just kids and teenagers who find themselves in trouble though, businesses make the same mistakes. Commonly sharing a password to important files and tech functions across the organisation.

    Thinking this is just a small business problem would be a mistake; Australia’s Vodafone made all their entire customer base available on the Internet thanks to single logins and shared passwords for each of their dealers.

    Over the years this caused major problems for customers and the honest Vodafone dealers as their unscrupulous competitors hijacked accounts and churned clients to new plans. The cost to Vodafone Australia must have been huge but impossible to quantify given they apparently had no tracking mechanism to figure out who had accessed accounts.

    In households and business, the main reason we share passwords is convenience – security by nature is always inconvenient. It’s convenient not to bother locking your front door or leaving your keys in the car.

    When you really value something, you lock it up and you don’t give a key to everyone in your neighbourhood. It should be the same with passwords, keep them strong and keep them secret.

    Our kids learn this the hard way, we shouldn’t have to.

    Similar posts:

  • Strategic lessons from a security breach

    Strategic lessons from a security breach

    2011 has been the year of the IT security breach. Big and small organisations around the world ranging from major corporations like Sony through to smaller businesses such as security analysts Stratfor found their customer data released onto the web.

    The frustrating this is most of these breaches are avoidable and “hacking” is often giving too much credit for the security used by the targeted companies.

    While the ‘hackers’ themselves may be skilled, the compromised organisations are often easy targets as they don’t follow the basic rules of protecting their data.

    Standards matter

    Customer payment account details are covered by the Payment Cards Industry -Data Security Standard (PCI-DSS) operated by the PCI Security Standards Council.

    The PCI Security Standards Council helpfully has a range of information sheets for merchants of all sizes and if you are taking payments off the web you should make yourself aware of the basic requirements.

    For most businesses, the cardinal rule is not to save customer’s card details. Once the payment is approved, you have no business retaining the client’s credit card or bank account numbers.

    In Stratfor’s case, they were almost certainly processing payments manually and credit card details were being saved on customers’ records in case of errors or to make renewals easier.

    Call in the professionals

    There’s no shortage of payment companies, ranging from PayPal through specialist services like eWay to your own bank’s services. Choose the one that works best for you. If you have no idea, call in someone who does.

    One of the arguments for using outsourced services, particularly cloud computing, is how data security is a complex field that requires professional and qualified expertise. The internal systems of Sony, Telstra and Stratfor were not up to the demands placed upon. A professional service is better equipped to deal with these issues.

    Size doesn’t matter

    A major lesson from the last year’s security breaches is that it’s not just the local shop or garage e-commerce business that is careless with data. Some of the world’s biggest companies and government agencies have been compromised.

    If anything, Sony’s experience has shown the double standards at work in the application of security rules; there’s no doubt that had a local computer shop been as thoroughly compromised as Sony were, they would have been shut down on the second breach and the management would have been carted off to jail well before the twelfth.

    For the management of Sony, there seems to have been little in the way of sanctions of the people nominally responsible for this incompetence. This has to change both within organisations and by those charged with enforcing the rules.

    The lesson for customers is you can’t trust anyone with your data; don’t assume the big corporation is any more secure than the serving staff at your local sandwich shop.

    Passwords matter

    Every time one of these breaches happen we hear about password security, with “experts” pointing out that some of the subscribers were using passwords like ‘statfor’ or ‘password’.

    For customers, this actually makes sense if you can’t trust third parties with your details so specific, disposable passwords for each site should be used. There’s little point in having a complex password if some script kiddie is going to post your login details onto 4Chan.

    Naturally your passwords for banking and other critical websites should be very different and far more secure than those you use for sites like Stratfor and the Sony Playstation Network.

    Will 2012 be any different?

    Given the data embarrassments of 2012 for businesses and government agencies, can we expect lessons to be learned in 2012?

    While many businesses are going to learn specific lessons from these breaches, there’s a management cultural problem where any spending on information systems is seen as a cost that has to be minimised.

    This cost cutting mentality lies at the core at many organisations’ failure to secure their systems properly and until a more responsible culture develops we’ll continue to see these lapses.

    Good managers and business owners who understand the importance of guarding their organisation’s and customer’s data are those who are ahead of their competition. Over time, these folk who will have the competitive advantage.

    For customers, the sad lesson is we can’t trust anyone and a layered approach to security along with keeping a close eye on our bank accounts and credit card statements is necessary.

    Similar posts: