Twitter, Facebook, etc. Cyber Terrorism
By · CommentsPhishing and Shear phishing emails from unknown babes and beef cakes want to frined you and they want you to click on the link to add. These people are trying to place a virus on your computer.
Don’t friend these people.
A tip off is you see how many people are following them it usually a very low number. You also want to be sure you have a strong anti-virus program to protect your computer.
Be careful of who you friend and if you don’t know them or they are not part of your circle don’t accept them. And no matter what don’t click onto any of their links or pictures.
Justin Williams’ on Twitter Security
By · CommentsJustin writes a great article about the Twitter hack (see below). Password security is much more than about just having strong passwords, it is also about managing passwords. If a company’s IT department puts the burgen on users to change passwords frequently and to have longer passwords, then users will write them down on notes for people to find.
SOLUTION: Invest in a secure password manager that is based on smartcard technology.
JUSTIN WILLIAMS: Twitter hacking points out need to secure information
Back in May, Twitter was hacked by someone who got into the accounts of several of the company’s employees. The hacker also gained access to the Twitter accounts of several high-profile users.
Besides just snooping around, the hacker gathered hundreds of documents from Twitter’s Google Docs account — including employee lists, credit card numbers, contracts, meeting notes and salaries. Last week those documents ended up in the hands of TechCrunch, a popular Internet blog, which posted many of the documents outlining Twitter’s business strategies and financial forecasts.
How did the hacker gain access to this information? Relatively easily, actually. He acquired a Twitter employee’s Google password, which gave him access to e-mail, Google Docs and more. He didn’t use a dictionary attack or guess the password. Instead, he used the password recovery features of Gmail which will e-mail the password to a secondary e-mail account. In this case, the secondary account was an expired Hotmail account that, when reregistered, had the recovery e-mail from Google waiting there.
While your e-mail and secrets may not be as tantalizing as Twitter’s, this episode should serve as a reminder to think hard about how secure your computing practices are.
First and foremost you want to make sure you have a good password — a mixture of letters, numbers and symbols. It also should have a mixture of upper and lowercase letters. You want to avoid common words and names because they can be cracked fairly easily by trying to log in using every word in the dictionary.
You also should have a unique password for each Web site you visit. Having a unique password per site gives you an extra layer of protection should that account be compromised because the intruder won’t be able to access any other sites you may use.
Remembering dozens of passwords isn’t practical, so I recommend using a password manager that integrates with your Web browser. On the Mac, I swear by 1Password (agilewebsolutions.com/products/1Password). I let it generate and manage all my passwords, personal information and online credit cards. I also use 1Password to fill out online forms for me through its integrated browser plug-in. RoboForm (www.roboform.com) offers an excellent alternative to 1Password for the Windows platform. It seamlessly integrates with both XP and Vista machines and works in Firefox and Internet Explorer.
Twitter’s misfortune is a reminder of good password practices, but it also may be a warning sign of what the future holds for cloud computing. The blow to Twitter would have been much less if the company had not been storing all of its sensitive documents and information in Google Docs, an online equivalent to Microsoft Office. If you can’t imagine something getting in the hands of wrongdoers, it is probably better to keep it stored locally in your home or office instead of on a server somewhere on the Internet.
Justin Williams is the owner of Second Gear, a local Web and software development firm. He can be reached at justin@secondgearllc.com.
Security Talk #8 – Cyber Crime Protection
By · CommentsTodd Stefan – President of Talon Cyber Tec – discusses how business owners can protect their business from cyber crimes. Proper security also allows business owners to qualify for data breach insurance. 
Protecting Your Company From An Online Data Breach
By · CommentsWhy do data thieves attack corporate computer networks? Well, to paraphrase Willie Sutton, it’s because that’s where the data is. As I said in a previously blog, a data breach is usually done in one of two ways.
A data thief will either employ physical means, such as dumpster diving, social engineering or a simple break-in; or via the internet. No business today can afford to be left behind technologically, meaning that in every corporate environment there are computers, networks and electronically stored information.
Data Breach Cost Heartland Millions
By · CommentsHeartland Payment Systems security breach contributed reported Q1 earnings revealing a $2.5 million loss where the data breach accounted for $12.6 million. A large fine levied by MasterCard accounted for most of these costs. CEO Bob Carr said the company’s work to address post-breach fallout was a costly diversion and they are implenting a costly end-to-end encryption system to help prevent future breaches. Click here to read the entire article from Associated Press.
How Thieves Physically Steal Your Data!
By · CommentsBasically, the theft of sensitive information from companies can happen in two ways: physical data breaches or online breaches of security. Physical identity theft refers to cases where the identity thief needs to get in close to their targets or to the information they are trying to obtain. These sorts of identity theft efforts include dumpster diving to search for documents which contain information such as account numbers, social security card or credit card numbers, addresses and like. Basically, any information which contains personally identifying information on a customer, vendor or employee is of use to identity thieves. Mail may be stolen or thieves may pose as company representatives over the phone in an effort to extract information from unwary employees.
Here are top fifteen ways in which corporate information is stolen by physical means: Read More→
Swine Flu and Computer Viruses
By · CommentsAs the world is in fear of the Swine flu virus writers and spam sources are taking advantage of this opportunity to infect computers as well. 2% of all spam currently is related to Swine Flu, generating internet congestion on email providers. Part of what makes a virus writer successful in delivering attacks and establishing avenues of propagation is feeding on current fears and enticing users to open up emails or web links believing they are legitimate information sources. Successful cyber attacks are as much as a technical feat as well as understanding the psychology of potential victims.
Red Flag Expert Interview
By · CommentsI am preparing to interview two Red Flag Rule experts about how companies comply to this new FTC mandate that goes into effect in May ‘09.
If you have any specific questions you would like me to ask, please click here to submit your questions.
Passwords Don’t Have To Threaten Business Security
By · CommentsThe emergence of the World Wide Web as a global, around the clock marketplace has opened a multitude of new opportunities to businesses which have never before been seen. Computers and global communication networks have brought vendors, customers and markets together in new and beneficial ways. Along with all of the benefits which business has gained from the information age come some downsides. New crimes have not been created by new technology, but rather new technology has given new tools to criminals to commit the same crimes as they always have. The difference is that criminals now have a global reach, just as businesses do. In the U.S. at least, the responsibility for protecting consumers from having their personal information pilfered is placed upon businesses.
Cutting Information Security in Hard Times is Dangerous
By · CommentsAlthough some analysts actually expect security spending to rise this year — at least as a percentage of total IT spending — some CIOs are giving serious thought to the once-unthinkable idea of trimming security budgets as businesses look to cut costs during this global recession. Before you start trimming here are five points to consider.
The risk of cutting security is that a security breach can be disastrous. The Ponemon Institute pegs the average cost of a data breach at $6.7 million.
When implementing a security solution, here are five areas to consider before investing:
