Cached Credentials & Data Loss

By Guy Bunker | July 22, 2010 | Leave a Comment 

Guy Bunker

There have been a couple of stories in the news recently about cached credentials. In essence, you enter your username and password and it enables you to, in this case, easily buy things from the online shop. Making it easier to use compromises the security and here meant that someone else could readily buy stuff when they shouldn’t have been able to.

Move to the business environment… what sort of compromises do you make with your security in the name of user convenience? When it comes to enterprise applications, especially those on mobile devices and / or accessed through a web browser, what is your policy on cookies and caching? If someone were to pick up your mobile phone, or iPad how easy would it be to get access to your data?

Now is the time to revise security policies and usage polices, especially where the IT equipment is used by the employee. Ensure passwords are required when the devices are switched on, have auto-lock policies after a short period of time (5-10 minutes should be ample) and review cookie credential caching for enterprise apps.

Guy Bunker

Is today really Black Thursday for Cyber Attackers?

By admin | July 15, 2010 | 1 Comment 

admin

dv1163013Today the Domain Name System Security Extensions (DNSSEC) protocol public key gets added to the ‘root’ name servers. Some commentators such as Alex Pawlik quoted in ZD Net predict it will be a ‘Black Thursday’ for cyber attackers with malicious DNS re-directs becoming a thing of the past. I’m not so sure we should talk about this in terms of it being a panacea but it’s certainly a step in the right direction.

The implementation of DNSSEC has been a long time in coming and each milestone passed is a very necessary step in the right direction. The signing of responses from the 13 root zone server clusters today should be seen in that context—it’s a start and a very big start. However, any expectation that this milestone marks the date that the Internet suddenly becomes safe is exaggerated.

To be effective, DNSSEC needs to be implemented down the whole DNS chain, from the root down to your ISP or company, so there are still many more milestones to be achieved before DNSSEC can achieve some of its promise, even if cyber criminals don’t identify ways around the signed response safeguard.

Kevin Hogan

From The Heart Of The Data-Centre…

By Guy Bunker | July 13, 2010 | Leave a Comment 

Guy Bunker

In a recent announcement by SAP, they say that they will ‘push all useful data to mobile devices’. Good news… but not entirely unexpected, the smart-phone of today is just as powerful as the laptop of yesteryear and much easier to carry. However, security and usage policies are sorely lacking in enterprises of all sizes.

I wrote previously on keeping up with the user and what they install on their smart-phones, this just emphasises the point further. If all data is available, even that from the heart of the data-centre, then the security should be as strong as that you usually have for the data-centre… policies for appropriate usage, data-loss-prevention and anti-malware to name a few. Remote device management including data wipe should be considered, and even encryption for the device and any removable media (aka memory cards).

The data-centre has arrived in your pocket… but does the CIO/CISO realise it… and if they do, have they done anything to protect it… yet?

Guy Bunker

World Cup 2010 spam sees nine fold increase on Germany 2006

By admin | July 9, 2010 | Leave a Comment 

admin

Vuvuzelas weren’t the only annoyance during this World Cup. Symantec’s July State of Spam and Phishing report reveals that the volume of messages with World Cup keywords in the subject line is more than nine times higher during this tournament compared to that in 2006. Not only this but there’s also been a substantial increase in gaming sites and betting brands that have been ‘spoofed’ to capitalise on the popularity of the World Cup.

The top 10 subject lines matching news headlines recently are:

  1. FIFA World Cup South Africa… bad news
  2. World Cup: Uruguay Beats South Korea 2-1
  3. Germany beats England 4-1 in World Cup
  4. ONGOING FIFA WORLD CUP LOTTERY SOUTH AFRICA 2010.
  5. World Cup: Germany Defeats England 4-1
  6. SOUTH AFRICAN WORLD CUP 2010.
  7. Oil spill teams keep wary eye on storm in Gulf
  8. World Cup: Argentina Beats Mexico 3-1
  9. Ghana beat US, reach first World Cup quarter-final
  10. World leaders slam North Korea, Iran

The following trends are also all highlighted in the July 2010 report:

  • Fraudulent gaming sites providing fake FIFA offers
  • Symantec analysts found that health-related online pharmacy image spam to be the be particularly difficult to curtail and dubbed Spamonster since despite being blocked by Symantec, it continues to show up in filters.
  • Symantec observed phishing websites spoofing Google’s social networking site Orkut. The phishing websites took advantage of the celebration of special occasions.
  • The top Subject line of the month was “Outlook Setup Notification.” Other top headlines include “Reset your Facebook password” and “Reset your Twitter password.”

Link to new report: State of Spam and Phishing

Who Has Your Data? In The Cloud, It’s Not You…

By Guy Bunker | July 5, 2010 | 1 Comment 

Guy Bunker

The news last week was that EMC was closing its Atmos cloud storage service with immediate effect – you can keep using it for developmental purposes but that’s about all.

Why did it close? Industry analysts said that it never took off, and recent surveys show that it is still a way off becoming mainstream.

So… what if you have data in a cloud service provider and it decides to shut down the service? EMC isn’t the first to do this, and it won’t be the last – you do need a contingency plan. In this case, there is a grace period where you can get your data out – but, as a simple task, workout how much data you have and how much bandwidth and figure out how long it would take to get the information out. This is a simplistic view as everyone else will also be trying to get their data, so bandwidth is going to be under severe strain (the equivalent of a run on the banks…) Do you have enough local storage to hold it all and if you have data being processed by an application, then will you be able to get your hands on the application as well?

Let’s assume you did manage to get your data out, then how long will it take to get it reloaded onto another service provider’s cloud and get the application back up and running?

Business Continuity / Disaster Recovery needs to take into account outsourced (out-tasked) IT services and have contingency plans for service outages and shutdowns – planning should start now… after all there’s no time like the present.

Guy Bunker