Archive for the ‘Security’ Category
Friday, March 18th, 2011
RSA is a big deal in information security. They are the company that develops those little dongles that generate seemingly random numbers every minute which people carry around on their keychain and use them to log in to online systems more securely. RSA estimates that they have apprioxmately 40,000,000 of these units in production right now, and, while these tokens are gaining in popularity for arguably less-important services like World of Warcraft, they are seeing adoption among end-users for sites such as Paypal.com.
And they’ve been compromised by an APT.
What does this mean for you? It’s still too soon to tell. RSA’s open letter to customers is a bit vague as to exactly what happened, and understandably so, as they probably don’t even know yet themselves.
Wired.com has a short writeup on what is known so far, and quotes several suggestions issued by RSA to their customers. The following is a subset of the list of recommendations RSA has provided to customers. I have included and paraphrased principles that apply specifically to small businesess, but this list is very similar to the main list of concerns for large enterprises and, many principles that we’ve blogged about here ourselves in the past.
- Increase focus on security for social media applications.
- Enforce strong password and pin policies.
- Follow the rule of least privilege.
- Re-educate employees on the importance of avoiding suspicious emails, and remind them not to provide user names or other credentials to anyone without verifying that person’s identity and authority.
- Pay special attention to security around their active directories, making full use of their SIEM products and also implementing two-factor authentication to control access to active directories.
- Watch closely for changes in user privilege levels and access rights using security monitoring technologies such as SIEM.
- Harden, closely monitor, and limit remote and physical access to infrastructure that is hosting critical security software.
- Examine help desk practices for information leakage that could help an attacker perform a social engineering attack.
- Update security products and the operating systems hosting them with the latest patches.
In the coming weeks, we will be addressing each of these topics individually, as this post just goes to underscore the importance of basic security best practices.
Posted in Internet, Security | Comments Off
Friday, March 4th, 2011
Last night, while perusing my Facebook security settings for another blog post, I was surprised to find that the option to “Browse Facebook on a secure connection (https) whenever possible” was no longer checked! (more…)
Posted in Internet, Security, Social Networking | Comments Off
Thursday, March 3rd, 2011
Yesterday, I was greeted by the message shown in the first image of the following gallery, informing me that my Facebook account protection status was Low. I was not at all surprised that this was little more than another ploy by Facebook to get more of my private data. (more…)
Posted in Privacy, Security, Social Networking | Comments Off
Friday, February 18th, 2011
Last week, Google took a very important step in improving security on their systems’ accounts, including Gmail: 2-Factor Authentication. (more…)
Posted in Email, Internet, Security | Comments Off
Thursday, February 3rd, 2011
 Facebook Security Settings Recently added to my Facebook account’s “Account Security” setting under “Account Settings,” was an option to send an email when a new computer logs on to Facebook. (more…)
Posted in Internet, Security, Social Networking, Web Browsers | Comments Off
Tuesday, December 14th, 2010
This week Gawker Media, owner of several very popular websites, had their user database compromised. (more…)
Posted in Internet, Security | Comments Off
Thursday, December 2nd, 2010
What is a web browser? Everybody uses a web browser to access the Internet. That fact alone makes the web browser a tempting target for
Bad Guys who want to take over your computer and use it for their own nefarious purposes by installing malicious software, or “malware.” (more…)
Posted in Desktop Software, Internet, Security, Web Browsers | Comments Off
Wednesday, November 3rd, 2010
While traveling on vacation, I experienced who real-world security measures, neither of them having to do with the TSA.
The first was having my credit card declined in an airport in Houston. I’d used it the previous day in Boston and Vermont, and I guess that was enough to raise their suspicions. Although it was mildly inconvenient, I was able to finish the transaction a minute later with another card, and I recognize the fact that this was a security measure designed to protect not only the card company, but myself from fraudulent charges. This is not unlike having a computer account locked after too many invalid logon attempts.
 Shortly thereafter, I logged in to Facebook on my iPhone. Facebook decided that my IP address looked a little suspicious, given that I had just logged in from Boston a few hours before. I logged in, verified my account and was able to proceed. I then had the pleasure of repeating this process minutes later, as Facebook then realized I was in Brazil. Again, the inconvenience of having to simply log back in to Facebook again to prove my identify was minor, and the added security gained from having to do so was worth it.
Given the alternatives of having unauthorized charges on my credit card or having my Facebook account compromised, I’d much rather endure an occasional minor inconvenience.
Posted in Internet, Security, Social Networking | Comments Off
|
|
