Who Did That?

Bharrat Jagdeo, the president of Guyana has asked police to find out who has put up a Facebook site masquerading as him… I have written about the troubles of impersonation on social networking sites on several occasions before and the problem is that this is only going to get worse.

“On the Internet no-one knows you’re are a dog”… and the same is true today, it’s just today not only may you be a dog, but you also could be impersonating someone else. This has been true for a long while and so cracking down on chat rooms has been somewhat of a priority. However, we may now see renewed interest as the impersonators move to government officials and celebrities and more legislation and technology comes into being to prevent it from happening (quite so easily). Think of a celebrity and put it into any social networking site and it will return with multiple entries… OK, so if you are looking for John Smith then you will find many hundreds or thousands of entries but the same is true for celebrities with more unique name. Herein lies the problem… your name is not you. You might think that it is, and unfortunately your friends might think that it is - but it isn’t. Anyone could have the same name or, if they really wanted to, change their name to be the same as yours.

There have been a number of relatively low profile cases of cases against impersonators and hoaxers using social networking sites as their means to an ends, but this will no doubt get worse before it gets better. 2009 with its gloomy economic outlook may well be the time when fraudulent use of other people’s reputation takes off. In the mean time, you should keep an eye on your on-line profile and the associated reputation and double check that what has just arrived from ‘a friend’ really has come from the person you thought it was - just to make sure that it doesn’t come back to bite you.

January 5, 2009 | Filed Under Reputation, security | Leave a Comment 

Bah Humbug…

Tis the season to be jolly and all that, but should I open any of these e-cards? I seem to be getting stacks of e-cards this year for Christmas. Most of them are from news feeds I subscribe to, or at least they look like they are, but should I open them? The answer is that I don’t. OK, so most are from news feeds, and while I would like to think that I’m special as a reader, I know that this is just a piece of junk mail, that quite frankly I could do without. Furthermore with the latest zero day exploit in Internet Explorer making headline news then I am happy to reduce my risk and not open the card. I may miss out on some fancy flash animation, but at least I know where I am… and it’s not on some strange site that is purporting to host a special greeting ‘just for me’.

On that note… it’s only a week until Christmas. So, Happy Christmas, or Hanukkah or Kwanzaa or anything else you celebrate to you all. Take care and may 2009 be a good year for you all.

December 17, 2008 | Filed Under announcements, security | Leave a Comment 

2009: Chaos In The Clouds?

We live in uncertain economic times where money is tough… but the cloud and more importantly, services within the cloud appears to offer value for money. You pay for what you use and so on. But… will this lead to chaos?

A decade or so ago the likes of PC World started to make a big impact on business computing. You could nip down there in the lunch break and buy a wireless router or a printer, pop back to the office and have it all connected up to the corporate network. Hurray. Well, not actually because the IT department eventually got wind of it, OK so it took several years, and decided that IT equipment in the office should be owned and managed by them in order to reduce the management cost, complexity and risk. So, the rogue wireless hubs slowly disappeared (some too slowly as the war driving and data loss incidents have shown) but they went.

Move on to 2009… budgets are tough but businesses still want to deliver new services. Will ‘the cloud’ become the next PC World equivalent, people rushing out to buy services outside of the IT department? As with ten years ago, all appears to be fine while it works - but when it doesn’t, what then? Even when it is working, the service acquired might not be up to scratch with corporate policy when it comes to having data outside the organization.

So… in the last couple of weeks of 2008, IT departments and CIOs need to think carefully about the cloud and how it can be used within their organizations - ahead of the business units. Develop, distribute and educate staff on policies around Information Protection and data loss prevention. Put a process together to rapidly respond to requests for new services which live in the cloud. There is still time to avoid the chaos… and use the cloud to business advantage.

December 9, 2008 | Filed Under Cloud computing, Information Policy | Leave a Comment 

Apple? You Are Not Immune…

Finally Apple has started pushing the fact that their users should take precautions against viruses and other nasties out there on the Internet. There have always been viruses out there but not many compared to those on the PC… But with the increase in popularity there is an increase in activities by cyber-criminals to target the platform. Why… well its simple, the increase in use makes it worthwhile for the criminals to spend the effort, time and money to exploit a vulnerability.

So… protect yourself today rather than wait. After all, peace of mind comes cheaply with a bit a anti-virus / anti-malware software and takes only a few minutes to download and install.

PS Next year we expect to see other new platforms being targeted, iPhones and the Google phone being top of the list… why, because they are popular, always connected and people have information that is worth money stored on them…

December 5, 2008 | Filed Under cyber-crime, security | Leave a Comment 

Tis The Season To Be… Careful

Our old friend Koobface is back - just as ugly as ever. This is a browser based attack and is targeting FaceBook users. It works like this… the cyber-criminal hacks a page on a social networking site and effectively sends the ‘friends’ a link saying they should visit a link (for a movie in this case)… the friend, visits the link and is asked to install something in order to see the movie (or pictures or anything really). Because it came from a ‘friend’ they do and that’s the machine infected. 1-0 Cyber-criminals.

What to do? Well, its simple really - don’t install stuff you really don’t know where its coming from. If it says its from Adobe or Microsoft, then go to their websites to download it, don’t just click the link - just in case.

But hey, this is aimed at end-users should I worry at work… YES. Many employers allow their employees to access FaceBook so it would be a work machine that is infected… and the chances are there is a lot more of interest to a cyber-criminal on a work machine than a home one. So… send out an email to employees today - warn them of the problem and how to protect themselves at work and at home.

Ensure that your anti-virus, anti-phishing anti-malware is up to date. The holidays are a lucrative time for cyber-criminals as they know people want to see pictures and grab a bargain - so protect yourself… Today.

December 5, 2008 | Filed Under cyber-crime, security | Leave a Comment 

Time To Innovate?

So the economy is tough, budgets are being cut - what to do? Well, now is the time to revisit budgets and look at whether you can squeeze more out of the money you have. Cost Containment has become the buzz word of the moment and I am speaking at a couple of seminars we are sponsoring on ‘Rapid Cost Containment‘. When times are tough, it is the time to look at all you can do to prepare for the uptick - after all when it does come you won’t have the time to look at infrastructures and architectures you will be running to make sure IT keeps up with the need to support the business and bring in as much money as possible. There is nothing like a shoestring budget to focus the mind and help you think differently how you do stuff… so now is the time for innovation.

December 1, 2008 | Filed Under Green IT, Speaking, announcements | Leave a Comment 

Moving Forwards To Morro

So Microsoft have announced that OneCare is going away and being replaced by a new ‘free’, lightweight offering ‘Morro’. Why has OneCare gone away? Well, it never really made a dent in the market as its protection was substandard and it hogged resources… consumers voted with their feet and sought protection elsewhere.

Will the new cut-down version be any better? In short, no. It wasn’t seen as good before and this is less than it was!

The world of security and threats is moving more rapidly than ever. It is now widely recognised that anti-virus is just one aspect and to increase security you need to take a more holistic approach with personal firewalls, intrusion detection and prevention systems, anti-phishing, rootkit detection and additional security around usernames and passwords, especially for things like internet banking and online shopping. Companies like Symantec have made their name from staying ahead of the cyber-criminals and continuously innovating to create a complete solution, not just for the consumer (our Norton brand - PC World’s got some great deals) but also for the enterprise. A Global Intelligence Network of more than 40,000 nodes, two million dummy email accounts and an extensive honeypot network watches constantly for threats across the world and security experts create updates to protect against the risks - which can be delivered to you every few minutes if you want. You need expertise and investment to do this, OneCare couldn’t do it, Morro won’t either - we have built our reputation around it.

With the credit-crunch biting more people are turning to the Internet to do their shopping and they need to have confidence that their systems and information are safe. There is an old adage that “what you pay for is what you get”, when the security solution is incomplete, you are at risk. Period. You can use multiple products (including free ones) to get a complete solution or you can buy an integrated solution… the decision is yours. Whatever you do, do something and stay safe online.

PS If you want a free anti-virus product, which has the Symantec name behind it, go to the PCTools website!

November 27, 2008 | Filed Under security | Leave a Comment 

Going Green And Saving The Economy

So, today is pre-budget day. For those of you outside the UK… we have a yearly budget in which the government sets things like tax and in recent years there has been the opportunity to make some minor course direction changes in the middle, with the pre-budget. Except, this time, with the global economy such as it is, the changes are more like U-turns. However, there was still a call for the environment with the chancellor saying that the economic recovery must “support our environmental objectives”, with the transition to a “low-carbon world continuing”.

So we still need to save power where we can. In the home this means switching off items which are not being used, and really switching them off, not just leaving them on stand-by, replace lightbulbs with energy saving ones etc. But how about the enterprise? Actually when it comes to IT, switching of desktops and printers at the end of the day can make a huge difference - within Symantec we use one of our own products and have a power policy for desktops which switches them off out of hours (so, if you forget when you go home, it will do it for you)… How much does that one policy change make? Estimated savings are $800,000 per year… and 6 million kilowatts of energy!

November 24, 2008 | Filed Under Green IT | 1 Comment 

The Underground Economy

Symantec published its report into the Underground Economy today. It makes for some interesting reading. Not least as to how ‘big’ and widespread it is.

EMEA is second to the USA in terms of underground economy servers. While the top advertiser has more than $144,000 worth of goods for sale. If you translate this into potential worth (ie, you empty the bank accounts and max out the credit cards on offer) then it is worth a staggering $6.4 million!

Nearly 70,000 unique advertisers were seen in the 12 months, on the observed underground servers, which is a lot of cyber-criminals no matter how you count it. Total value of goods offered… $276 million with an exploit value of more than $6 billion. Big business… which is why this is not some student sitting at home, but rather organised crime with Trojan creators, web exploiters, exploit experts, traffic sellers, fraudsters and rogue hosting companies.

November 24, 2008 | Filed Under announcements, cyber-crime, security | Leave a Comment 

Get Safe Online Week… Part II

So, we are halfway through the Get Safe Online Week and the report is out. There are a few interesting numbers in there… for example, more than a third of people have, or know someone who has, been a victim of a computer virus attack. The most concerning statistic is that for phishing attacks. This year it was 23% who fell foul of the phishers… BUT… this is in comparison to only 8% last year. A huge increase.

So, if you get an email from someone you don’t know advertising something that looks too good to be true… that’s a phishing attack. If you get something purporting to be from your bank or credit card company asking to confirm your details… that’s a phishing attack. If you get an Instant Message with a URL in as a random message from ‘a friend’… that could well be a phish. If you see a strange looking URL on a social networking site… be cautious… that could be a phish.

Visit the website, there are some great hints and tips on there - tell your friends, educate your children. Get Safe… Online.

 

November 19, 2008 | Filed Under Education, security | Leave a Comment 

Next Page »