After a long period of apparent stagnation, Mozilla Messaging, a wholly owned subsidiary of the Mozilla Foundation, has released the long-awaited Thunderbird 3 – its free, open-source email client. Thunderbird has been my favorite email client for several years now, as it does everything that Outlook Express or Windows Mail does (as far as I am concerned) and has a better track record for security, runs faster, and works on Windows, Mac OS X, and Linux. (more…)
Archive for the ‘Internet’ Category
Software Review: Thunderbird 3
Tuesday, December 15th, 2009Google Public DNS
Friday, December 4th, 2009Yesterday, Google announced its latest service: Google Public DNS. This service appears to be similar to the also-free OpenDNS. (more…)
What is the Purpose of Information Security? 60 Minutes Knows
Wednesday, November 11th, 2009I do not watch television, but a friend of mine pointed me to this week’s episode of CBS’ news documentary program 60 Minutes. This is a very good, low-tech illustration of the potential security threats which information security professionals are battling. This is the kind of stuff we are trying to prevent when we throw around terms like “malware,” “firewalls,” “intrusion prevention,” “audits,” and “security policy.”
While the show focuses on threats to the federal government and utilities, the same exact threats and methods of attack face every small business network on the Internet as well.
Bank Sued for Losses Due to Alleged Weak Security
Tuesday, September 29th, 2009In a previous post, I wrote how small businesses are being scammed by European cyber-hackers. In a related story, Computerworld reports how Pacto Construction Co. in Portland, ME is suing Ocean Bank of Delaware because the company lost hundreds of thousands of dollars due to allegedly weak security on the part of Ocean’s online banking system.
The main alleged weakness is the lack of two-factor authentication by Ocean Bank. While I am not sure that this places all of the blame in Ocean’s hands, and I think that Patco should be at least partially responsible for their losses if it is found that their own systems were compromised, a victory by the plaintiff in this case could set an interesting precedent to financial institutions who have not implemented strong authentication mechanisms in their online services. Banks and credit unions – take note! However, a victory by the defendant will likely send a very different signal, more to the tune of “If you bank online, you take your chances.” Small businesses and individuals – take note!
This week’s Data Security Podcast also has an excellent interview with the attorney who filed the suit on behalf of Patco.
Further Evidence That Personal Internet Use Should Be Restricted at Work
Wednesday, September 23rd, 2009This week’s Data Security Podcast had two items that really piqued my interest. The first was an article about an Ohio hospital which suffered data loss due to a malware infection. The malware was sent by the boyfriend of a hospital worker. Apparently he intended to follow his girlfriend’s movements on the Internet on her home PC. What he did not count on was her opening her email at work, and subsequently infecting a hospital computer. Quoting the PC World article,
“Between March 19 and March 28 the spyware sent more than 1,000 screen captures … via e-mail. They included details of medical procedures, diagnostic notes and other confidential information relating to 62 hospital patients. He was also able to obtain e-mail and financial records of four other hospital employees as well…”
This incident goes a long way to show that the biggest threat can often come from inside. Yes, while the boyfriend was the root cause, had the hospital employee not been allowed to access her personal email from work, her system would not have been infected in the first place.
In a separate news article, Panda Security reports that a hacker site is offering to crack Facebook accounts for the low low price of $100. Setting aside the question of whether the site is a “legitimate” hacking site (who’s to say they won’t just take your $100 and walk away?), I found it interesting that a Facebook account is now worth 3 times the street price of a social security or bank account number, which my sources say are going for $20-35 a piece.
Hardware Review: Astaro Security Gateway ASG110/120
Friday, September 18th, 2009The Astaro Security Gateway is a product we have been using for a few years with various clients as a UTM (Unified Threat Management) device. It offers a number of features that they require, including network security, email security, and web surfing security. (more…)
Small Businesses Losing Millions to European Cyber-Gangs
Friday, August 28th, 2009This week, the Washingon Post reported a fascinating story on how “organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States.” They appear to be targeting small businesses for the simple reason that they are easier nuts to crack than large financial institutions. (more…)
AT&T: We Don’t Want Your Business
Friday, August 21st, 2009This week, at a client’s request, I am reviewing their entire telecommunications spending. I decided to look at four different vendors to compare their offerings. The first one I looked at was AT&T, to see if they had a comparable long distance package. (more…)
How do Web Content Filters Work?
Friday, July 17th, 2009We sometimes get support requests from frustrated clients who are in some way prevented from accomplishing a task because of system security policies. Unfortunately, they sometimes think that we have done this deliberately to make their job difficult. One of my jobs as a security professional is to explain to my clients just what security measures we take to protect them, and why. Today, I’ll try to explain how web content filters do their job and why they are important. (more…)
“XYZ Technology is Dead.”
Friday, July 10th, 2009I frequently hear security professionals and pundits proclaim that such and such a technology “is dead.” Lately, I’ve heard that “antivirus is dead,” “Intrusion Prevention Systems (IPS) are dead.” A while back it was “firewalls are dead,” and “SSL is dead.” People who utter phrases like this are doing a disservice to the security community. (more…)