In case you missed a previous post or two on the topic of why end users should not have administrative rights over their PCs, BeyondTrust has released a very compelling report on this issue. But first, let me ask the reader a few questions. (more…)
Archive for the ‘Policies’ Category
Still Think You Want Those Admin Rights Over Your PC? Think Again.
Monday, May 10th, 2010Password Quiz
Monday, February 22nd, 2010This month’s SANS Ouch! (Vol.7 No. 2) newsletter asks the question “What is your Password IQ?” (more…)
ABA Recommends Dedicated PC for Online Banking
Friday, January 22nd, 2010Earlier this month the American Bankers Association (ABA) has issued practical, simple advice which could dramatically enhance everyone’s online banking security. And, I predict, it won’t make any difference because people are unlikely to do it. (more…)
What the Google/China Hack Means to You
Sunday, January 17th, 2010Friends and listeners to the Fresh Ubuntu Podcast will know that I frequently raise concerns about Google and the information that it acquires about all of us. My concerns normally are along the lines of “just imagine what Google can do with all of that information.” However, I’ve never brought up what could be an even bigger concern: “What if someone else were to get a hold of all of that information?” (more…)
Bank Sued for Losses Due to Alleged Weak Security
Tuesday, September 29th, 2009In a previous post, I wrote how small businesses are being scammed by European cyber-hackers. In a related story, Computerworld reports how Pacto Construction Co. in Portland, ME is suing Ocean Bank of Delaware because the company lost hundreds of thousands of dollars due to allegedly weak security on the part of Ocean’s online banking system.
The main alleged weakness is the lack of two-factor authentication by Ocean Bank. While I am not sure that this places all of the blame in Ocean’s hands, and I think that Patco should be at least partially responsible for their losses if it is found that their own systems were compromised, a victory by the plaintiff in this case could set an interesting precedent to financial institutions who have not implemented strong authentication mechanisms in their online services. Banks and credit unions – take note! However, a victory by the defendant will likely send a very different signal, more to the tune of “If you bank online, you take your chances.” Small businesses and individuals – take note!
This week’s Data Security Podcast also has an excellent interview with the attorney who filed the suit on behalf of Patco.
Further Evidence That Personal Internet Use Should Be Restricted at Work
Wednesday, September 23rd, 2009This week’s Data Security Podcast had two items that really piqued my interest. The first was an article about an Ohio hospital which suffered data loss due to a malware infection. The malware was sent by the boyfriend of a hospital worker. Apparently he intended to follow his girlfriend’s movements on the Internet on her home PC. What he did not count on was her opening her email at work, and subsequently infecting a hospital computer. Quoting the PC World article,
“Between March 19 and March 28 the spyware sent more than 1,000 screen captures … via e-mail. They included details of medical procedures, diagnostic notes and other confidential information relating to 62 hospital patients. He was also able to obtain e-mail and financial records of four other hospital employees as well…”
This incident goes a long way to show that the biggest threat can often come from inside. Yes, while the boyfriend was the root cause, had the hospital employee not been allowed to access her personal email from work, her system would not have been infected in the first place.
In a separate news article, Panda Security reports that a hacker site is offering to crack Facebook accounts for the low low price of $100. Setting aside the question of whether the site is a “legitimate” hacking site (who’s to say they won’t just take your $100 and walk away?), I found it interesting that a Facebook account is now worth 3 times the street price of a social security or bank account number, which my sources say are going for $20-35 a piece.
Using Microsoft Outlook to Access Other Users’ Mailboxes
Friday, June 12th, 2009If you have a Microsoft Exchange server at your business, Microsoft Outlook has the ability to access more than one mailbox at a time. This is a useful feature if multiple users need to share access to the same email address, or if someone needs to cover another person’s email (when an auto-responder won’t suffice) while on vacation. (more…)