October marks the 10th anniversary of National Cyber Security Awareness Month, a public education campaign spearheaded by our colleagues at the National Cyber Security Alliance. It’s somewhat disheartening to consider the lack of progress made in cyber security over the last 10 years; cyber criminals continue to wreak havoc stealing personal identities, corporate IP, and even national secrets.
We have all heard by now about the hack of security journalist Matt Honan’s iCloud account, aided by Apple’s support personnel.
The hackers, who go by the name Clan Vv3 and Phobia, were able to gain access to Honan’s iCloud account by obtaining information from various public sources, including getting the last four digits of his credit card by exploiting security gaps at Amazon,
Social media introduces risk – no doubt about it. As security pros, our first inclination is to of course ban it’s use on our networks altogether because it’s the safest approach. But, it’s also the wrong one.
Like it or not, social media has forever changed the way we do business, for the better.
For hackers, social media is the top malware delivery vehicle of choice right now. And why not? Social networking sites are where the people are – and their information is readily available. Sadly, many unsuspecting people fail to realize that by creating a Facebook page, they are literally handing bad guys all the necessary needed to hack their bank account.
Ah, another day, another dollar marketing misstep in the unfortunate context of a crisis communications. Actually, ‘misstep’ for many companies in the age of social communications is far too lighthearted a term to use. Consider the news headlines devoted to the Sony data breach of 100 million user records. This seemingly never-ending saga is yet another reminder that in today’s networked world,
95 percent of companies use Twitter and Facebook. Learn about the latest risks these web 2.0 applications bring into your organization and how to manage them.
Education is still key to IT security. Just look at users’ passwords. The New York Times reported last week on a study that exposed the overwhelming simplicity of users’ password choices.
According to the study, which was conducted by Imperva, 20 percent of Web users choose a very simplistic password that can be easily guessed — such as “123456.” The Imperva study looked at a list of 32 million passwords that an unknown hacker stole last year from a company involved in developing software for social media sites like Facebook and MySpace.
What’s all the fuss about the latest changes on Facebook? Simply put, the changes mean that nearly everything that you place on your Facebook page can now potentially be made available to anyone surfing the Internet.
The latest Facebook changes are purported to be an enhancement to make the social networking site easier for people who are looking for you using a search engine like Bing or Google to find you on Facebook.
It certainly seems that not a week goes by without hearing about yet another attack on Facebook users. Last week it was a phishing scam driven by a botnet, and this week, we have two new and different phishing scams — one cleverly tricking users into revealing their passwords and another installing malware that quietly waits for the user to start a banking transaction only to steal their login credentials.
Over the past months it has been interesting to watch the furor over certain End-User License Agreements and the definition of data ownership. Most draconian was the idea that once posted by a user, the data transferred ownership to the social networking site. This of course has huge implications to an individual user, especially for professionals that use social sites to propagate their content.
The current Twitter cross-site-scripting vulnerability (Twitter XSS vulnerability) should not be a surprise to anyone given how new the Twitter platform is. For millions of its users including myself, we have all seen our fair share of bugs and issues such as Twitter downtime for maintenance, lost profile pictures, misdelivered direct messages and publicly revealed “friends-only” messages.
Twitter has aggressively and successfully focused on developing features and building applications to drive user numbers, and it has grown in leaps and bounds internationally. But, this DDoS attack should give business pause to consider how much effort they should continue to put into adopting and embracing Twitter. Does Twitter have the security model to protect that investment?
Miscellaneous interesting news/tidbits I’ve run across whilst trying to keep up with/clean out my inbox …
Twitter Propaganda Posters. Thanks to the good folks at bOING bOING, I learned about these posters. Very cool, very funny … but there’s also a serious side to it: if your organization is going to take advantage of new social media tools such as Blogs and Twitter and such (and I think in most cases you should),
According to this by Maryland-based blogger/attorney Judd Legum, the state Office of Legislative Information Services there banned access to Facebook and MySpace last week. And not for the usual time-wasting or inappropriate usage reasons. Nope, it was the “significant increase in viruses and malware … [which they] have determined … are originating from pages hosted on Facebook and MySpace.”