Security: Opinions

Much outrage has been expressed about Google's new privacy policy. People are acting as if they are shocked that Google would consolidate the personal information it gathers from its customers through all of its varied services. What is shocking to me is that none of these people, including members of Congress, seemed to see it coming.

It seems like only yesterday I was writing an article about the merits of cloud computing, storing your precious irreplaceable data and photos online. At the time it was topical as the Victorian Black Saturday fires had devastated parts of the state. Many treasured memories were lost forever. I thought about online storage and backups once again when the floods and then cyclones ripped through Queensland recently.

While it doesn't quite rank up there with dumping hundreds of millions of gallons of crude oil into the ocean while your CEO goes yachting, Google's huge Wi-Fi spying "oops" may become the search giant's BP moment.

It seems many things in our industry come in vertical stacks. We have vertical network stacks, we have vertical protocol stacks and now we have vertical cloud stacks.

Does it all come down to patch management? As a security manager, I pursue many initiatives, striving to protect the company on many fronts. But patch management is a key metric of our risk exposure, since there is a direct correlation between security incidents and patch compliance. So, in a way, it does all come down to something as basic as patch management, because if we fail there, we can't be secure.

Quit Facebook Day may have flopped when it comes to creating a mass exodus of Facebook users, but those who care about privacy owe a debt of gratitude to the failed movement.

Information security was always an esoteric field but with personal computing came personal security issues, culminating in the identity theft problem that concerns even the most techno-phobic of consumers. It's about to get much worse.

Looking through the holidays into 2010 there are four clear priorities for risk management that cut across all tiers with financial institutions. Over the last year the pendulum has swung from the exotic to the pragmatic, from chaos to order within financial services. The four priorities for risk in 2010 can be derived from the word D.A.T.A.(data, analysis, transparency, accuracy).

Over the past seven months, I have led a team of IT representatives in making sure that all mobile devices are aligned with our new security policy. I thought this was going to be straightforward -- a few mouse clicks to check off some boxes, and our policy would be in effect on our entire inventory of mobile devices.

In April 2004 I wrote my first article on the topic of virtualization security. I was trying to bring attention to the security aspects of this "new" technology that was getting quite a bit of hype at the time. The hope was that this time security would not be an afterthought, that we would reverse the equine-escape/egress-closure sequence. The naïvete of youth!

A Symantec/Ponemon report points to an ominous byproduct of the economic crisis: laid-off employees stealing data in acts of vengeance. Bill Brenner is skeptical of this report's news value.

George Peppard said as his character Hannibal Smith on The A-Team, "I love it when a plan comes together." Several trends, if not a plan, are coming together in interesting ways in technology for small businesses. Mix equal parts of online applications, netbooks, and constant wireless networking together, and you get new ways to do more work in more places for less money.

In these days of economic recession, with cyber crime on the rise, it's more important than ever for IT leaders to make the most of their security budget.

Whom can you trust? In security, many of us nurture a healthy sense of paranoia and tend to be distrustful. But as human beings, as social beings, we form bonds of trust with those around us.

Via the RISKS mailing list comes an interesting tale of poor online account management at a major online retailer. According to Graham Bennett, accounts with Amazon display an odd behaviour that doesn't seem to have attracted much attention in the past.

Heard about a competitor's security being breached? Then you're probably next. In fact, you may already be owned.

In terms of malicious insiders committing fraud, can anything "really" be done?

If you needed any more reminders about why it isn't a good idea to use external mail services to conduct critical business, the recent break-in to US Republican Vice-Presidential candidate Sarah Palin's gov.palin@yahoo.com Yahoo inbox should be it. Of note is that following the disclosure of the inboxes the compromised address and another address, gov.sarah@yahoo.com, have been suspended.

Last week Microsoft released MS08-055 [1], patching a remote code execution vulnerability affecting the handling of onenote:// URLs in different versions of Office. What was surprising about the patch is that the vulnerability being fixed only bore a passing resemblance to the one that was notified to Microsoft in March of this year.

The proliferation and popularity of collaborative Web 2.0 sites – there are around 250,000 new registrations to Facebook everyday – has changed the threat landscape and the way businesses need to think about security. Each year, newer technologies and weapons are being unleashed to leave Web users surprised, annoyed and at greater risk.‘Whaling’ or ‘spear phishing’, is one such threat and refers to phishing scams which specifically target high-worth individuals.