Paul Wallbank – Brilliant Communications

Tag: security

  • The digital inheritance

    The digital inheritance

    Our digital footprint – what appears about us online in websites and social media services – is becoming more important as we’re judged by what people find out about us on the web.

    As what we store on the web becomes more important, the need to plan for what happens to that data when we pass away becomes more important. “Generation Cloud”, a survey in the UK by hosting company Rackspace and the University of London looked at how Britons were dealing with these issues.

    Information left online can cause problems as social media sites will send suggestions and reminders which can distress others if the suggested contact has passed away.

    Equally, a web site or Facebook page could even serve as a memorial. The final blog post of Derek K. Miller is a particularly touching memorial.

    To create a “digital tombstone”, for your loved ones to remove inappropriate posts or just to access your digital personal effects like email or photos stored on a cloud service, they will need your passwords.

    In the Generation Cloud survey, 11% of the participants planned to leave their online account details and passwords in their wills and half considered some of their ‘treasured possessions’ are stored online.

    Once again we’re finding our online data has real value that’s worth passing down. It’s another reason to guard your data safely and not give it away lightly.

    Similar posts:

  • What businesses should learn from Wikileaks

    What businesses should learn from Wikileaks

    The Wikileaks Cablegate affair has been entertaining us now for two weeks as we see diplomats and politicians around the world squirming with embarrassment as we learn what US diplomats really think about the foreign powers they deal with.

    Both the leak of the cables and the treatment of Wikileaks and its founder, Julian Assange, by various Internet companies raises some important questions about the Internet, cloud computing and office security in the digital era.

    Security

    It’s believed the source of the leaked cables is Private First Class Bradley Manning, who is alleged to be responsible for leaking the Iraq tapes released by Wikileaks earlier this year.

    The lesson is don’t give junior staff unrestricted access to your data, access to important information such as bank account details, staff salaries and other matters best kept confidential needs to be protected.

    You can stop data leaving the building by locking USB ports, CDs and DVDs through either software or hardware settings on your computers and you should ask your IT support about this, keep in mind that locking down systems may affect some of your staff’s productivity.

    Locking the physical means though doesn’t stop the possibility of data being sent across the Internet and access logs may only tell you this has happened after the fact. So it’s important to review your organisation’s acceptable use policy. Check with your lawyers and HR specialists that your staff are aware of the consequences of accessing company data without permission.

    Incidentally, the idea that Pfc Manning was just one US Army staffer of thousands who were able to access these cables raises the suspicion that the information Wikileaks is now releasing was long ago delivered to the desks of interested parties in London, Moscow, Tel Aviv, Beijing and cave hideouts in remote mountain ranges.

    Don’t rely on one platform

    Wikileaks found itself hounded from various web hosting and payment providers. As we’ve discussed previously, relying on other people’s services to deliver your product raises a number of risks. Make sure you have alternatives should one of your service providers fail and never allow an external supplier to become your single point of failure.

    Concerns about the cloud

    This column has been an unabashed fan of cloud computing, but the Wikileaks saga shows the cloud is not necessarily secure or trustworthy. Not only is there the risk of a PFC Manning working at the data center compromising your passwords or data, but the arbitrary shutdown of Wikileaks’ services is a stark lesson of relying on another company’s Terms of Service.

    Within most terms of service are clauses that allow the provider to shut down your service if you are accused of breaking the law or straying outside of the providers’ definition of acceptable use. As we saw with Amazon’s treatment of Wikileaks, you can be cut off at any time and without notice.

    Amazon’s shutting down of Wikileaks is a pivotal point in the development of cloud services. Trust is essential to moving your operations to the cloud, and Amazon’s actions shown much of that trust may be misplaced.

    Should you be considering moving to the cloud, you’ll need to ensure your data and services are being backed up locally and not held hostage to the arbitrary actions of your business partner.

    Don’t put your misgivings in writing

    So your business partner is a control freak? Great but don’t put it in writing.

    Be careful of gossip and big noting

    One interesting aspect of Wikileaks to date is how senior politicians like gossip and showing how worldly they are to US diplomats.

    That’s great, but it probably isn’t a good idea to tell your best friend they should consider beating up your most important customer. As mentioned earlier, this little gem was probably on polished desks of the Chinese Politburo long before the cables found their way to Wikileaks.

    Resist the temptation to gossip, remember your grandmother’s line about not saying anything if you can’t say something nice.

    Ultimately what Wikileaks shows us is all digital communications are capable of being copied and endlessly distributed. In a digital economy, the assumption has to be that everything you do is likely to become public and you should carry out your business conduct as if you will be exposed on Wikileaks or the six o’clock news.

    Wikileaks is a lesson on transparency, we are entering an era of accountability and the easiest way to deal with this is to be more honest and open. That’s the big lesson for us in our business and home lives.

    Similar posts:

  • Other peoples’ platforms

    Other peoples’ platforms

    “We have successfully established an online business, but we have run into problems with Ebay (indefinite suspension – unfairly I might add)” wrote Ralph*, an old client.

    “We are pretty desperate, as this is now our sole business and we are now without an income.”

    The Privately Owned Web

    Ralph’s problem is typical of thousands of businesses that rely on one Internet service. Some months back we looked at “Nipplegate”, the story of a Sydney jeweller who had her Facebook page closed down because of her anatomically correct dolls.

    All of these services are privately owned with their own terms and conditions along with their own corporate objectives. If you choose to use their product, you have to follow their rules – just like a shopping mall management can order you off their premises because they don’t like the colour of your socks.

    The most glaring example of this is Wikileaks where Amazon, Paypal, Mastercard and Visa all threw the whistleblower site off their services for allegedly breaching their terms of services in various obscure ways.

    The Terms of Service Trap

    A business’ Terms of Service usually feature clauses wide enough to catch even the most honest and diligent business, this is by design as it gives management the excuse to throw anyone who makes their lives difficult, which is exactly what has happened with Wikileaks.

    While Ralph’s problem is nothing like the scale of Julian Assange’s, all of these stories illustrate the dangers of relying on one service for your livelihood. Should that service change the way it operates, then any business that relies on that could be broke in hours, as many businesses that rely on Google search results have found.

    Most of the Internet is not a public space, almost all of it is privately run along similar lines to that shopping mall or a walled estate.

    Ralph and Julian Assange have shown us the limitations and risks of the privately operated web. As citizens and business owners we have to understand these corporations’ objectives are not always the same as ours and make judgements on how we live with the risk of finding ourselves in breach of a Term of Service in our business or personal lives.

    We’re still in relatively early days of the net and all of us are still learning. One lesson is clear though, we can’t allow our livelihoods to be held hostage by a small number of big technology companies. Make sure you have alternatives to your online channels.

    *Ralph is not his real name

    Similar posts:

  • The strange story of the Stuxnet worm

    The strange story of the Stuxnet worm

    The tale of the virus infecting Iran’s nuclear program is one of the fascinating stories of the computer world.

    Whoever wrote the Stuxnet worm did a spectacular job in bringing together a number of security problems and then using two weak links — unpatched Windows servers and poorly designed programmable logic controller software — to create a mighty mess in the target organisation.

    The scary thing with a rootkit like Stuxnet is that once it has got into the system, you can never be sure whether you’ve properly got rid of it.

    What’s worse, this program will be writing to the Programmable Logic Controllers the infected computers supervise so plant operators will never know exactly what changes might have carried out on the devices essential to a plant’s operations and safety.

    Damaging Iranian nuclear plants

    A report on the Make The World A Better Place websites over the weekend indicates the Stuxnet Worm may have damaged the Iranian nuclear reactor program.

    The story behind the Suxnet worm is remarkable. It appears this little beast is a sophisticated act of sabotage involving using a number of weaknesses in computer systems as detailed by Computer World in their Stuxnet Worm hits Industrial Systems and is Stuxnet the best Malware Ever articles.

    The risk of unpatched systems

    One of the things that leaps out is how servers running unpatched systems are an important part of the infection process. The Stuxnet worm partly relies on a security hole that was patched by Microsoft two years ago so obviously the Iranian servers were running an unpatched, older version of Windows.

    This is fairly common in the automation industries. I’ve personally seen outdated, unpatched Windows servers running CCTV, security, home automation and dispatch systems. They are in that state because the equipment vendors have supplied the equipment and then failed to maintain them.

    These companies deserve real criticism for using off the shelf, commercial software to run mission critical systems that it was never designed to do.

    Commercial programs like the various Windows, Mac and other mass market operating systems are designed for general use, they come with a whole range of service and features that industrial control systems don’t need. In fact, the Stuxnet worm uses one of those services, the printer spooler, to give itself control of the system.

    Securing industrial systems

    These industrial systems require far more basic and secure control programs, a cheap option would be a customised Linux version with all the unnecessary features stripped out. In the case of Siemens, the providers of the PLCs supplied to the Iranian government, it’s disappointing such a big organisation couldn’t build its own software to control these systems.

    Business owners, and anyone who has computer controlled equipment in the premises, need to ask some hard questions to their suppliers about how secure supplied computer equipment is in this age of networked services and Internet worms.

    Similar posts:

    • No Related Posts

  • Protecting yourself from the Conficker worm

    Nearly a year after it was identified, the Conficker computer worm continues to plague Windows users, infecting systems controlling everything from fighter planes to bus lane fines.

    The problem has become so great, a consortium of vendors have set up the Conficker Working Group to deal with the malware’s spread, and Microsoft are offering a $250,000 reward for the identity of the writer.

    It’s not a problem that should be understated – the worm’s main use appears to be as a controller of botnets, networks of remote controlled computers used to launch attacks on other systems or to hide the tracks of scammers and password thieves.

    Update your systems

    Given the risks and embarrassment of being infected, avoiding this worm and others like it should be a priority for your business. First of all your Windows computers should have the latest updates as Conficker relies on some old security bugs that Microsoft patched last October.

    Run an anti-virus

    Naturally, you should be running an up to date anti-virus. Most widely used AV programs will do the job, including Open Source detectors like Clam AV and freeware programs.

    Note though that the licences for freeware programs like AVG and Avast! are specifically for home use only. If you are running those on your office system, respect the developer’s right to make a living and buy a commercial licence, they are actually cheaper and more reliable than many of the better known brand names.

    Restrict your users

    Finally, make sure your users log on in Limited User mode. The reason why Windows computers are more prone to viruses than their Mac and Linux cousins is because most users run their Microsoft systems as the powerful Administrator mode which is the equivalent of leaving your car doors unlocked all night.

    I’ve some instructions on setting up Limited User Profiles for Windows XP systems on the PC Rescue website. If you have an office with a Windows 2003 or 2008 server, your IT department or consultant will be able to do this through the network, which is a lot more secure way of doing things.

    Be warned that some programs won’t work unless they run in Administrator mode. If you find this is a problem then you should consider replacing that software as the vendor has shown they are either incompetent or are prepared to put their customers at risk to save a few dollars.

    Either way, you don’t need suppliers that have no respect for their customers.

    Your computers are too important to your business and shouldn’t be exposed to these sorts of embarrassing and expensive risks. Get your IT people to make sure the office systems are locked down properly.

    Similar posts:

    • No Related Posts