View From The Bunker
A blog about security and availability from some of the folk at Symantec

• Home
• About
• RSS
• Get in contact

• Search

  Search for:

• Pages

  • Anyone need help with their VCR? Thought not.
  • Keep Your Data Safe Tool
  • About
  • Get in Contact
  • Books
  • Internet Security Threat Report – Podcast
  • Symantec Fast Response TV Widget
  • Contributers:
    • Darren Thomson
    • Dominic Cook
    • Gareth Fraser-King
    • Guy Bunker
    • John W. Turner

• Recent Posts

  • And the Academy Award for the most dangerous search term goes to…
  • Importance of end-to-end encryption in the retail space
  • Lock Up Your Code
  • Storage Goes Wild…
  • UK ID fraud cases jump a third as malicious insiders turn to cybercrime
  • The Butterfly effect – Mariposa
  • The RSA Conference – Cloud, devices & social changing the game?
  • Financial Data and the Mobile Generation
  • Is online security hindered by computer jargon?
  • 2010s Top 25 Most Dangerous Programming Errors…

• Tags

  backup book bot botnet business continuity Cloud CNI conficker cyber-criminal data-loss Denial of service Downadup Education email encryption fraud Get Safe Online Identity impersonation InfoSec ISTR Las Vegas legislation Malicious insider passwords Phishing policy Privacy Ransomware Reputation RSA Conference security SMB SNIA social networking Spam Speaking StorageExpo underground economy USB Vision vulnerability website whaling wireless

• Blogroll

  • Bruce Schneier’s Blog
  • Get Safe Online (The Blog)
  • Gizmodo Gadget Blog
  • Jonathan Schwartz’s Blog
  • Phil Windley’s Technometria
  • Security Bloggers Network
  • Toby Stevens’ Data Trust Blog

• Multimedia

  • Symantec Guide to Scary Internet Stuff – Botnets
  • Symantec Guide to Scary Internet Stuff – Drive-by downloads
  • Symantec Guide to Scary Internet Stuff – No 5 Rogue AV
  • Symantec Guide to Scary Internet Stuff – No 6 Denial of Service Attacks
  • Symantec Guide to Scary Internet Stuff – No7 Pests on your PC
  • Symantec Guide to Scary Internet Stuff – No8 Losing your Data
  • Symantec Guide to Scary Internet Stuff – Phishing
  • Symantec Guide to Scary Internet Stuff – Underground Economy

• SYMC Blogs

  • Ask Marian Consumer Security Blog
  • Con Mallon’s Symantec Consumer Blog
  • Gareth’s BE Blog
  • Symantec French contributor
  • Symantec podcast channel
• 
• 

London Technology Fund Competition

I’ve been asked to be a judge at this year’s London Technology Fund competition – which should be rather fun. I spend a lot of time looking at new technologies, products, ideas and start-ups and it will be great to see a few ‘local’ ones.

So, if you are based in London, a potentially high growth seed, start-up or early stage technology company and looking for additional funding, then take a look at the competition – there’s a share of £1m investment funding along with training and lots of other reasons to give it a try.

Data Leaks For Dummies Is Now Available

My new book, “Data Leaks For Dummies”, written in conjunction with Gareth Fraser-King is now available from Amazon and all good bookstores in both the US and the UK. Many things you will find in the blog, you will also find in the book.

As with all “For Dummies” books, it offers practical advice for everyone who deals in sensitive or confidential information – from the CEO to data-entry personnel (who co-incidently tend to have access to more sensitive information than the CEO!) So, go out and order a copy today!

UK Orders
US Orders

The Last Straw?

Nigerian 419 scams continue and this time it is a high-profile government official who is the subject of the attack. Of course we have seen these scams before and we will no doubt see them again… you have to wonder if the people who broke into the email account knew who’s it was… if they did, then did they really think that Jack’s friends would believe that Jack would have been left all alone in Africa and in need of money…?!?!

Perhaps more seriously, it is time for people to look at the passwords they use and ensure that those they chose are ’strong’ rather than weak. So, don’t use spouse, children, pets names, don’t use mother’s maiden names or dates that can be readily found on the Internet. A little bit of thought will go a long way to ensuring that your account is not broken into – and your reputation put at risk.

I’ll Call You Right Back…

Phil Windley was on the receiving end of an SMS phish. In this case the message asked him to call a number and to confirm his credit card information… luckily for Phil, he knows when there is a scam going down – luckily for us he is also blogged about it, so the wider community knows about the scam.

The thing here is, well, you just can’t trust very much these days. If you have a call from the bank – it might not be them… so call them back using a number from your bank or credit card statement (not the one that they give you!). If you get an SMS – it might not be them… so once more, call them using a number you have rather than one they give you. If you get an email… then call them up – you get the picture by now.

The technology used in this case was pretty extensive – and goes to show how technology savvy today’s cyber-criminals are. They are also patient… I expect Phil will get another SMS in a few days asking whay he hasn’t confirmed his details… and then another… and another. Until they think of another way to steal information.

Of course, if it is your bank, then you could call in and visit them…

Survey Said… Ex-Employees Steal Data

We conducted a survey in the US on how many people take data with them when they leave the company… and the answer is 79%. While it is tough to take someone’s memory it’s not so hard to ensure that they are not walking out the door with obvious copies. 82% said that they were not checked when leaving… and a frightening 24% still had access to computer systems even after they had left – with 20% still having access more than a week later.

The other statistic that intrigued me was that of those people who took information, 67% said they used it to get a new job and 68% said they were going to use it in their new position.

It always used to be that executives left with their laptops and companies were not overly worried about some of their proprietary information walking out the door with ex-employees. However, in the current climate, it would no doubt pay dividends to initiate a more formal process to ensure that when an employee leaves, it doesn’t increase the risk of a data leak.

(And on the other side of the coin… it also might pay dividends to the new employer to ensure that inapproprite competitor information information isn’t arriving on their network with a new starter… as the fines for that have been rather large in the past!)

Privacy And The People

So people complained… and the rules were changed. This is all about FaceBook and their change of rules as to who owned the uploaded content – and the change back again to enable people to delete things they have changed their minds about. While this appears to be the answer to our privacy and copyright fears, people should realise that once their information is on the web – it will, most probably, be out there forever… whether they like it or not.

I applaud FaceBook’s openness on their policy but let’s not forget the various search engines that crawl the various sites and then cache the content (even after it’s gone from the original site), or the fact that it is so simple to copy an image and repost it elsewhere.

So, if there are things you would prefer not to put into the public domain – don’t post them on the Internet… not even for a minute… because someone or something will have taken a copy and who knows what will happen to it then – one thing is for sure, it won’t be forgotten or deleted.

(If you haven’t already visited the Internet Archive, then you should… it’s interesting to look back – and also shows what is kept!)

False Alarm… No Data At Risk After All!

With the various stories of web database attacks on security vendors it was only a matter of time before Symantec was approached with a potential vulnerability to it’s website. This happened yesterday… http://hackersblog.org/2009/02/19/symantec-response/

We take such approaches very seriously and having looked at the details and investigated the approach, found that we are not susceptible to the Blind SQL Injection attack. No information was put at risk at any time.

The upside of reporting potential vulnerabilities is that it forces companies to check on their security – the downside is that the media tends to sensationalise on potential news, write eye catching headlines which when proved unfounded are impossible to retract.

For Symantec damage limitation can be rapidly brought to bear as we have experts who can examine the threat and determine its legitimacy, but for many companies this is not possible. For these companies, it may takes days or weeks before they can clear their good name and in the meantime their reputation takes a massive hit. We live in tough enough economic times without the added burden of sensationalising unsubstantiated claims over security.

Delivering IT Without The Packaging

Supermarket packaging is under the microscope again… but it’s not just supermarkets and food which can reduce their packaging. Software is a great example of where packaging and more importantly delivery has changed. In 2008, Symantec delivered more than 70% of its products electronically and for those who still want a box and paper manuals - it’s now made from 100% recycled materials.

The best news about electronic delivery, and think of music and video here as well… you already have a backup offsite!

And One Charger To Charge Them All

Hurray, a standard has been agreed for mobile phone chargers… well, it’s a start anyway. So, now we have made a little progress here can we expand it to cover all the other things which need chargers? Cameras, MP3 players, video cameras, bluetooth headsets, the list seems to be endless – as do the chargers, which is just emphasised all the more when you go on holiday.

I’m sure, in the past it was beneficial for every manufacturer to have their own connector as some form of vendor lock-in, but surely not these days. Eco friendly is good, but it is also more efficient and less frustrating if there was a one size fits all – not just for the consumer, but also for the manufacturer.

A New Internet?

In an articlein the New York Times this weekend John Markoff asks if we need a new Internet to solve some of the issues that seem to be plaguing the one we have at present.

This request or discussion has been going on for a while and seems to crop up every time there is a large virus outbreak (Downadup / Conficker in this case) or a large Denial of Service (DoS) event. So… can it be done? Could we create a better Internet? Of course the answer is yes – but the real question is would we want to? Would we be able to transition from one to the other and would the issues in today’s Internet be unable to rear their ugly heads in the new one? That’s a more difficult question – and one in which the answers are probably no and no.

If we were to switch off the current Internet, global *everything* would grind to a halt while the transition to a new improved, more ’secure’ one happened – no more Internet banking or shopping, no more booking tickets, or transferring money, no more research for homework… it’s not looking good is it? Of course most would not be able to transition and if it used the same infrastructure, then at the end of the day DDoS would still be an issue. Even if we all had identity cards to allow us access to the new Internet (hopefully making it easier to track down cyber-criminals etc) we would still have problems – as soon as the cards had been cloned or a legitimate system had been hacked and taken over, then many of the problems that are around today will also be on the new version. Does this mean we shouldn’t consider a new Internet? No, of course not – but we need to make it an evolutionary approach to what we have and accept that it will never be perfect. Improving security on the Internet, in applications and in the way data is handled is critically important, we need effective reputation based services and vastly improved ID systems and management. As new systems are developed by ‘the good guys’ so ‘the bad guys’ will find a way to break them – the Internet is a war zone and the battles continuously rage. Moving the war to a new location won’t make the battles stop.

Next Page »

• Subscribe

  

  Enter your email address:

  Delivered by FeedBurner

• 
  

• 
  UK Orders
  US Orders

• 
  UK Orders
  US Orders

• Links, downloads and other resources

  Symantec UK
  Symantec Podcast Directory
  Symantec Security Response