A recent study by Cisco has revealed that some countries do not take information security as seriously as one might expect. According to the article the awareness level is tied up with culture. Some corporations allow third-parties entrance into their facilities with no oversight of their activity once inside. Talking about corporate matters with family and strangers are also shockingly common in some nations. Personal use of computers is also present, presenting a security risk. Marie Hattar cites one interesting example: work mobile phones. A lot of companies give corporate cell phones to employees that are used around the clock, even when the employee is not at work. According to Hattar, combined with young workers, these are "completely blurring between what's personal and what's your work life." Another shocking detail is that a large amount of employees make settings changes that make their information less secure. According to the report, "[a] majority of IT professionals said employees accessing unauthorized websites and programs contributed to up to 25% of corporate data leakage. IT pros in the U.S., Brazil and India were the most likely to express this view." One important issue that needs to be considered is what to do about data shared between nations when the cultural security standards are different? How to companies address these situations?
Source articles:
http://news.cnet.com/8301-1009_3-10054314-83.html
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1332760,00.html#
http://www.forbes.com/technology/2008/09/29/outsourcing-data-breaches-security-tech-cx_ag_0930outsource.html
Tuesday, September 30, 2008
Midterm and Assignment 3 Updates
I've posted the lecture notes from the last week's discussion of symmetric cryptography and Monday's discussion of asymmetric cryptography to the web.
The website we used in class today to create a MD5 hash may be useful to you for assignment 3.
Finally, you should take a look at the review sheet and practice test for the midterm. The actual exam will consist of between 8-10 questions similar in style to those on the review sheet. Assignment 3 is also a good source of sample material that you should review.
The website we used in class today to create a MD5 hash may be useful to you for assignment 3.
Finally, you should take a look at the review sheet and practice test for the midterm. The actual exam will consist of between 8-10 questions similar in style to those on the review sheet. Assignment 3 is also a good source of sample material that you should review.
Sunday, September 28, 2008
Hacking For Fun?
On the first day if class this year we were introduced to not only information security but also the threats to the security of computers. Specifically we talked about Hackers and the three main classes- White hat, black hat and grey hat. But my question is what if there is another class of grey hat hackers? I am talking about a group of people who although may create a mess for other people to deal with an clean up but still are just doing stupid things that are just an inconvenience to people if nothing else.
One specific group of these hackers call themselves g00ns. I have fallen victim to one of their attacks on a popular lacrosse forum that rerouted all requests to the forum homepage to a Bob Marley fan site. Although I was frustrated and inconvenienced by what they did I also realized the comic value of what they did and moved on without giving what had happened a second thought. They did eventually restore the url so that the site could be located, so no harm no foul in my opinion.
There are petitions that want to bring legal actions against these mischievous little punks such as http://www.petitiononline.com/ccd0722/petition.html. It seems that they don't attack large organizations and for the most part they are just around to bother people and have what they consider fun. My question for everyone is what would you consider these hackers to be and why most people find them so offensive.
One specific group of these hackers call themselves g00ns. I have fallen victim to one of their attacks on a popular lacrosse forum that rerouted all requests to the forum homepage to a Bob Marley fan site. Although I was frustrated and inconvenienced by what they did I also realized the comic value of what they did and moved on without giving what had happened a second thought. They did eventually restore the url so that the site could be located, so no harm no foul in my opinion.
There are petitions that want to bring legal actions against these mischievous little punks such as http://www.petitiononline.com/ccd0722/petition.html. It seems that they don't attack large organizations and for the most part they are just around to bother people and have what they consider fun. My question for everyone is what would you consider these hackers to be and why most people find them so offensive.
Malware Grabs Personal Banking Data
Thanks to the trend of dropping prices for malware programs, certain Trojan horse programs are posing new threats to the online banking industry.
The particular malware program referenced in this online article is called Limbo. Limbo has dropped in price to $350, “down from about $1,000 a year ago and $5,000 two years ago.” As a result of this decrease in cost, Limbo and similar malware programs have become available to a wider variety of fraudsters, and there concerns about an increased number of online bank frauds.
Specifically, Limbo “integrates itself into a Web browser using a technique called HTML injection,” and operates when users access online banking sites. Since Limbo is so closely integrated into the web browser, “it can operate even while the user is at the real bank site and can actually change the layout of that site.”
Unfortunately—other than that they are asked for personal information which has never been requested before—there are no clues to users that they are under attack. So, Limbo can easily trick users into releasing personal information such as credit card numbers, bank account numbers, social security numbers, and PINs.
Even more unfortunate is how easy it is for such malware to get onto users’ computers. According to the article, Limbo can get onto your computer through “many paths, including both pop-up messages that ask you to download an add-on program and methods that are invisible to the user.” To combat this new security threat, software programmers are working on ways for anti-malware programs to screen for malware that use HTML injection and block said malware from running.
Until such updates are available, I suggest being vigilant. If you are banking online and your bank suddenly asks for new personal information that it has never requested before, you should be cautious. I would also suggest not downloading any software programs that you aren’t certain are safe. I realize that this kind of vigilance should be practiced regardless, but I thought I’d mention it anyway.
The particular malware program referenced in this online article is called Limbo. Limbo has dropped in price to $350, “down from about $1,000 a year ago and $5,000 two years ago.” As a result of this decrease in cost, Limbo and similar malware programs have become available to a wider variety of fraudsters, and there concerns about an increased number of online bank frauds.
Specifically, Limbo “integrates itself into a Web browser using a technique called HTML injection,” and operates when users access online banking sites. Since Limbo is so closely integrated into the web browser, “it can operate even while the user is at the real bank site and can actually change the layout of that site.”
Unfortunately—other than that they are asked for personal information which has never been requested before—there are no clues to users that they are under attack. So, Limbo can easily trick users into releasing personal information such as credit card numbers, bank account numbers, social security numbers, and PINs.
Even more unfortunate is how easy it is for such malware to get onto users’ computers. According to the article, Limbo can get onto your computer through “many paths, including both pop-up messages that ask you to download an add-on program and methods that are invisible to the user.” To combat this new security threat, software programmers are working on ways for anti-malware programs to screen for malware that use HTML injection and block said malware from running.
Until such updates are available, I suggest being vigilant. If you are banking online and your bank suddenly asks for new personal information that it has never requested before, you should be cautious. I would also suggest not downloading any software programs that you aren’t certain are safe. I realize that this kind of vigilance should be practiced regardless, but I thought I’d mention it anyway.
Tuesday, September 23, 2008
Blog Spammers
Since we have our own blog here, I thought I'd ask a few questions about blog spammers. Basically, how and why do they do what they do? One blog that I help manage is for a company that runs a virtual trading platform for investors. Every single day I receive comments on any number of recent blog posts from blog spammers, who usually post nothing more than jumbled words and web sites. The better spammers post a few words having to do with investing along with their web site, which usually is not relevant at all. Finally, the best of the best link to websites promising great stock tips and investing information along with form messages like, "I just added your blog to my blogroll" or "The market is tanking! Our government is so stupid, isn't it?"
First and foremost, how do they build the programs that produce all of this spam? What do they actually look like? How long do they take to make? I'm presuming that all of these spammers, especially those who post only jumbled words and websites, can't reproduce these messages manually over and over again on blogs like ours day after day. Second, I'm having a hard time trying to get inside these spammers' heads. Why do they do this? Does history show that the main goal of blog spam is to find additional clicks for their sites or to acquire sensitive information from blog administrators? I can't imagine that the marginal difference of a few misguided clicks every day could substantially improve a site's authority or advertising bottom line, so for now I'm betting on the attacking reasoning. Third, whatever the aims behind these efforts are, how successful has blog spam been in achieving them? Given the amount of spam that I have seen every single day, it seems that they have, unfortunately, been very worthwhile. Finally, what is the best way to protect against these annoying and threatening messages? It seems like these guys walk through the provided blog spam protectors (on WordPress, at least) and I have no idea how to set up anything else.
What does everyone think?
Brendan
First and foremost, how do they build the programs that produce all of this spam? What do they actually look like? How long do they take to make? I'm presuming that all of these spammers, especially those who post only jumbled words and websites, can't reproduce these messages manually over and over again on blogs like ours day after day. Second, I'm having a hard time trying to get inside these spammers' heads. Why do they do this? Does history show that the main goal of blog spam is to find additional clicks for their sites or to acquire sensitive information from blog administrators? I can't imagine that the marginal difference of a few misguided clicks every day could substantially improve a site's authority or advertising bottom line, so for now I'm betting on the attacking reasoning. Third, whatever the aims behind these efforts are, how successful has blog spam been in achieving them? Given the amount of spam that I have seen every single day, it seems that they have, unfortunately, been very worthwhile. Finally, what is the best way to protect against these annoying and threatening messages? It seems like these guys walk through the provided blog spam protectors (on WordPress, at least) and I have no idea how to set up anything else.
What does everyone think?
Brendan
Wednesday, September 17, 2008
Sarah Palin's E-mail Hacked?
News reports today indicate that WikiLeaks has published personal e-mails allegedly stolen from vice-presidential candidate Sarah Palin's Yahoo account.
That's certainly an interesting twist in the election. I couldn't get the WikiLeaks site to load this afternoon. I'm guessing the sudden rush of interest overwhelmed their servers.
That's certainly an interesting twist in the election. I couldn't get the WikiLeaks site to load this afternoon. I'm guessing the sudden rush of interest overwhelmed their servers.
Friday, September 12, 2008
E-Voting Security
It is a known fact that the security of e-voting machines is too easily compromised and resultantly, vulnerable to fraud. Recently, there is cause for worry as a new threat surfaces. Smartmatic is a foreign company (based in Venezuela) which owns one of the most used voting machines in the United States. This is a private company and one which is, in some ways, running US elections. The urgent issue here is that the software which it uses to count the votes is held as a "trade secret" - one which allows no one to review the source code and is kept secret from voters. There is no room for auditing the company and it is under the control of foreign entities. This seems very bothersome. Venezualan president Hugo Chavez comes to mind - for the results of that very election have been questioned.
Some US jurisdictions have opted to return to the paper ballot method due to the fact that it is more accountable. Without paper trails, how can one verify the accuracy of such machines?
Another concern deals with voting machines with wireless communications. Theoretically, a hacker could infect the system with a virus or alter the software all from a remote location. Voter fraud is a very serious issue and one which some states are trying to alleviate the issue by banning machines with wireless capabilities completely.
Some US jurisdictions have opted to return to the paper ballot method due to the fact that it is more accountable. Without paper trails, how can one verify the accuracy of such machines?
Another concern deals with voting machines with wireless communications. Theoretically, a hacker could infect the system with a virus or alter the software all from a remote location. Voter fraud is a very serious issue and one which some states are trying to alleviate the issue by banning machines with wireless capabilities completely.
What Canadian Banks Are Doing That U.S. Banks Should Be
An article recently appeared in the
With the ever increasing number of clients making transactions online, Canadian Banks are taking greater precautions to protect the sensitive financial and personal information of their clients. In 2006, CIBC, TD Bank, BMO Bank of
In addition to the precautions that the banks are taking, they also warn their customers about protecting themselves. Banks stress that they will never ask their customers for things such as a password since they already have the information. Clients should also make sure that a sight is valid by verifying the SSL certificate. This is a good way to avoid Phishing attacks as well as searching for the bank’s URL instead following a link sent in an email.
Protecting the confidentiality of sensitive financial and personal information is becoming a major concern. Knowing that some banks are taking greater cautions to protect our information breeds confidence in those banks, but what about all the others? It makes me wonder why they are not taking the same measures to protect their clients. According to another article in The Business Journal, the U.S. Government has established laws that will require banks to protect their costumers from identity theft. However, a study found that only a third of banks meet these standards. One can only hope the government will enforce these laws and protect our valuable information. It may be difficult to find a balance between protecting clients’ information and maintaining online banking as a convenient way to making transactions, but I think most people would be willing to have to go through a few additional security measures if it meant they could be more confident in the confidentiality of their information.
How secure are our dorm rooms?
After watching the Myth Busters' video on hacking into the fingerprint scanner, I thought, if that isn't very secure.. how secure are our dorm rooms? After researching online... I found out they aren't secure at all.
First of all, we all know that if we forget our ID, there is always someone to let us into the main door of the dorm, so not very secure.
Second I looked up how secure door locks are, assuming we take the next step and lock our individual door, it still isn't very secure.
If you consider a door lock as a technology, it basically works like this. Inside the lock are pins that move when the correct key is placed inside the lock. The key has different sized ridges so that it may slide over the pins and moves only the correct pins which allows the bolt to move, thus unlocking the door.
The security goals of the lock is obviously to keep everyone but the correct key owner out of the room. We only want one type of key to work per lock, and when we use the correct key we expect it to open the door.
Known ways an attacker could get in, could be to physically take the correct key from us and use it. However they don't even have to do that. There is a certain key that when combined with the correct technique, will open just about any door. This key is called a bump key and is easy to make. A bump key is a key in which each ridge is cut to the lowest setting, meaning it doesn't matter which pin needs to move to unlock the lock, since the bump key is capable of moving a pin in any setting. In order to open the door, you slide the bump key all the way in, pull it out one notch and then hit the end of the key(bump the key) and the door will unlock if performed correctly. PLUS there are a million youtube videos on how to do this and how to make the bump key. Here is one example http://www.youtube.com/watch?v=pwTVBWCijEQ
So what do we do now, since anyone could use a bump key to get into our room? Some experts say that some locks are now made to prevent against the bump key. Others say that in conjunction with an alarm system, your security increases. (ref. following video)
Here is a video that appeared on the news addressing this question:
http://www.youtube.com/watch?v=hr23tpWX8lM
Since we have no control over the types of locks the university uses, and we can't have personal alarm systems, in order to protect your stuff here are my solutions: make friends who watch your room and lock up valuables inside your room.
Is this really a problem at ND? I think it is a very minimal concern since there are always people in the dorm and it would be hard to do this unnoticed. Also I think that campus is generally very safe. However, I think this is an important security issue to think about once we graduate and own our own homes.
First of all, we all know that if we forget our ID, there is always someone to let us into the main door of the dorm, so not very secure.
Second I looked up how secure door locks are, assuming we take the next step and lock our individual door, it still isn't very secure.
If you consider a door lock as a technology, it basically works like this. Inside the lock are pins that move when the correct key is placed inside the lock. The key has different sized ridges so that it may slide over the pins and moves only the correct pins which allows the bolt to move, thus unlocking the door.
The security goals of the lock is obviously to keep everyone but the correct key owner out of the room. We only want one type of key to work per lock, and when we use the correct key we expect it to open the door.
Known ways an attacker could get in, could be to physically take the correct key from us and use it. However they don't even have to do that. There is a certain key that when combined with the correct technique, will open just about any door. This key is called a bump key and is easy to make. A bump key is a key in which each ridge is cut to the lowest setting, meaning it doesn't matter which pin needs to move to unlock the lock, since the bump key is capable of moving a pin in any setting. In order to open the door, you slide the bump key all the way in, pull it out one notch and then hit the end of the key(bump the key) and the door will unlock if performed correctly. PLUS there are a million youtube videos on how to do this and how to make the bump key. Here is one example http://www.youtube.com/watch?v=pwTVBWCijEQ
So what do we do now, since anyone could use a bump key to get into our room? Some experts say that some locks are now made to prevent against the bump key. Others say that in conjunction with an alarm system, your security increases. (ref. following video)
Here is a video that appeared on the news addressing this question:
http://www.youtube.com/watch?v=hr23tpWX8lM
Since we have no control over the types of locks the university uses, and we can't have personal alarm systems, in order to protect your stuff here are my solutions: make friends who watch your room and lock up valuables inside your room.
Is this really a problem at ND? I think it is a very minimal concern since there are always people in the dorm and it would be hard to do this unnoticed. Also I think that campus is generally very safe. However, I think this is an important security issue to think about once we graduate and own our own homes.
Thursday, September 11, 2008
News Report: United Airlines Glitch
One of the biggest technology stories in the news this past week has been the Google glitch that caused the United Airlines stock to plummet. The event occured on Monday, when an old newspaper article about United Airlines filing for bankruptcy (which they did in 2002) appeared in a South Florida paper and, as a result of GoogleBot, spread like wildfire. The consequences were enormous. Because traders believed that United Airlines was filing for bankruptcy a second time, the stock plummetted from $12 to $3 in a matter of hours. Though the truth eventually came out, this created huge confusion.
In the past week a lot of information has come out regarding who is to blame. The newspaper that the article came from (the Tribune) blames GoogleBot for this confusion. The GoogleBot searches for news stories and mistook the Most Popular Article for a current article, and it immeadiatley reached the Google newsfeed. The Tribune also claims that it had asked Google to stop using GoogleBot on its page after it had found problems with the program.
Although this article doesn't directly relate to the hacking portion of security, there are definite concerns. First of all, some articles question the amount we rely on both Google, as well as automated computer programs (such as this article from the New York Times http://thelede.blogs.nytimes.com/2008/09/10/a-stock-killer-fueled-by-algorithm-after-algorithm/index.html?scp=2&sq=united%20airlines&st=cse). With so many automated systems, one mistake can have a huge impact on so many things. This is a security threat in a way, as we are unable to determine the integrity of the data and information we access through certain systems. In addition, there is a threat to News agencies who are trying to protect their integrity. Whether it was their fault or not, the Tribune is getting a lot of bad press. Though they asked Googlebot to stop searching their webpage, they did nothing else to secure the site. This could become a security concern for any newspaper after this event, which means there could be a need to protect against GoogleBot.
Here is a link to another of the many articles on this:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9114462&taxonomyId=17&intsrc=kc_top
-Katie R.
In the past week a lot of information has come out regarding who is to blame. The newspaper that the article came from (the Tribune) blames GoogleBot for this confusion. The GoogleBot searches for news stories and mistook the Most Popular Article for a current article, and it immeadiatley reached the Google newsfeed. The Tribune also claims that it had asked Google to stop using GoogleBot on its page after it had found problems with the program.
Although this article doesn't directly relate to the hacking portion of security, there are definite concerns. First of all, some articles question the amount we rely on both Google, as well as automated computer programs (such as this article from the New York Times http://thelede.blogs.nytimes.com/2008/09/10/a-stock-killer-fueled-by-algorithm-after-algorithm/index.html?scp=2&sq=united%20airlines&st=cse). With so many automated systems, one mistake can have a huge impact on so many things. This is a security threat in a way, as we are unable to determine the integrity of the data and information we access through certain systems. In addition, there is a threat to News agencies who are trying to protect their integrity. Whether it was their fault or not, the Tribune is getting a lot of bad press. Though they asked Googlebot to stop searching their webpage, they did nothing else to secure the site. This could become a security concern for any newspaper after this event, which means there could be a need to protect against GoogleBot.
Here is a link to another of the many articles on this:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9114462&taxonomyId=17&intsrc=kc_top
-Katie R.
Mythbusters Muzzled? RFID Security and Credit Cards
Interesting article about Mythbusters possibly being muzzled when they attempted to do a piece on RFID credit card security. If true, it's a good example of the type of negative effect that can be generated by security through obscurity.
This would definitely make an interesting security analysis if someone's interested!
This would definitely make an interesting security analysis if someone's interested!
Wednesday, September 10, 2008
Microsoft Data Center; Is Location a Good Idea?
As an Iowan, I've been following this story for awhile since it has been in my local news, but Microsoft just announced their plan to build a $500 million data center in West Des Moines, IA. The center will employ 50-75 people and will focus mainly on online services for customers (Hotmail, Live Search, etc.) and according to the Governor of Iowa, it will be one of the most "modern facilities in the world," in terms of capability and energy efficiency (DSM Register / Computerworld).
According to the Des Moines Register, West Des Moines was selected for the following reasons:
1. Low energy and business costs in the state.
2. Governor Culver recently signed tax incentives on computer towers and other technology worth up to $3 million per year.
3. Des Moines ranks in the top-10 for lowest cost for data centers, and its proximity to national universities (Iowa State and Nebraska-Omaha).
What got me thinking about this Microsoft Project was their reasoning behind the location selection; obviously the above reasons provide incentives. However, after discussing Hurricane Gustav in class, and the need for quantitative and qualitative risk assessments regarding the assets involved with a data center of this size; I can't help but wonder if Microsoft has a plan B (or at least some hefty insurance).
This past year, much of Iowa experienced what meteorologists described as a "100-year flood," which if you ask Iowans is a misleading name, because we had much the same flooding only 15 years ago in 1993. With the Raccoon River (which overflowed its banks in 1993 and 2008) flowing though the city of West Des Moines, and the proposed Microsoft Data Center nearby, I would be very interested to see the qualitative risk assessments and risk analysis done by Microsoft to place a $500 million facility in the area. Added on to that is the propensity for tornados in the Midwest, and it seems like an illogical place to build a data center that would be immobile in a tornado and ill equipped to defend or recoup losses from a flood (electricity+water=FAIL). I'm all for high-tech jobs and more business in my backyard, but would government incentives and tax breaks really be enough to make up for the possible monetary and data loss in a situation like this?
Computer World Article:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9113202&intsrc=hm_list
Des Moines Register Article:
http://www.desmoinesregister.com/apps/pbcs.dll/article?AID=/20080821/BUSINESS/80821020
Hacking the Vote
The Hacking the Vote talk will take place on October 7th at 7PM in room 138 DeBartolo. You should consider this part of the class and the material in the talk is fair game for exams, etc. If you have a conflict, please let me know.
To make up for the out-of-class session, we will not have class on Monday, October 6th.
An abstract of the talk appears below:
The Internet plays a major role in fundraising, communication, and grassroots political organization for this year’s Presidential Election. States and counties across the country now depend upon electronic voting technology to securely and accurately count ballots. Individual voters trust that these systems will simultaneously preserve the secrecy of their ballots and protect the integrity of the democratic electoral process. Is this trust well-founded? Recent events indicate that these activities may jeopardize the very foundation of our political system. In this talk, we will examine the risks surrounding the integration of technology into all phases of the political process: campaigning, fundraising, voting and privacy and look at examples of these practices undermining the political process.
To make up for the out-of-class session, we will not have class on Monday, October 6th.
An abstract of the talk appears below:
The Internet plays a major role in fundraising, communication, and grassroots political organization for this year’s Presidential Election. States and counties across the country now depend upon electronic voting technology to securely and accurately count ballots. Individual voters trust that these systems will simultaneously preserve the secrecy of their ballots and protect the integrity of the democratic electoral process. Is this trust well-founded? Recent events indicate that these activities may jeopardize the very foundation of our political system. In this talk, we will examine the risks surrounding the integration of technology into all phases of the political process: campaigning, fundraising, voting and privacy and look at examples of these practices undermining the political process.
Friday, September 5, 2008
Citibank slices salami
"Between 1992 and 2003, Citibank employed a computerized 'credit sweep' process to automatically remove positive or credit balances from credit-card customer accounts."
Full Article
The state of California has ordered Citibank to pay $14 million in fines and restitution for skimming positive balances away from customers and depositing the money in an executive bonus account.
Clearly it would seem that the biggest problem in this case is the total undermining of the relationship between Citi and its customers. Below is perhaps the most disturbing part of the article: "In the words of a Citibank executive, “Stealing from our customers is a business decision, not a legal decision.” The same executive later said that the sweep program could not be stopped because it would reduce the executive bonus pool, Brown charged."
The general public has, over time, grown relatively comfortable with the proliferation of, and reliance upon computer systems. Without a second thought, people trust the computer systems to maintain accurate records. In this instance, the computer system did exactly what it was supposed to. Unfortunately, it was programmed to steal.
So in a sense the integrity of the computer system was never comprised. Clearly, however, the integrity of the company leaves much to be desired.
Consumers, then, should not think of information security as something to be left to the IT department of large corporation. It should not be accepted simply as being an 'https' address or the catchy little icon from "hackersafe" (now mcaffe), verisign or other third party testers.
I'm not saying that information security can't be those things. Rather, such elements must be bolstered by personal vigilance, not only in web-browsing, but more importantly in tracking personal finances and standing up for oneself when a company like Citibank targets consumers.
Full Article
The state of California has ordered Citibank to pay $14 million in fines and restitution for skimming positive balances away from customers and depositing the money in an executive bonus account.
Clearly it would seem that the biggest problem in this case is the total undermining of the relationship between Citi and its customers. Below is perhaps the most disturbing part of the article: "In the words of a Citibank executive, “Stealing from our customers is a business decision, not a legal decision.” The same executive later said that the sweep program could not be stopped because it would reduce the executive bonus pool, Brown charged."
The general public has, over time, grown relatively comfortable with the proliferation of, and reliance upon computer systems. Without a second thought, people trust the computer systems to maintain accurate records. In this instance, the computer system did exactly what it was supposed to. Unfortunately, it was programmed to steal.
So in a sense the integrity of the computer system was never comprised. Clearly, however, the integrity of the company leaves much to be desired.
Consumers, then, should not think of information security as something to be left to the IT department of large corporation. It should not be accepted simply as being an 'https' address or the catchy little icon from "hackersafe" (now mcaffe), verisign or other third party testers.
I'm not saying that information security can't be those things. Rather, such elements must be bolstered by personal vigilance, not only in web-browsing, but more importantly in tracking personal finances and standing up for oneself when a company like Citibank targets consumers.
Assignment 2 Available
Assignment 2 is now available. It's not due until September 29th, but I wanted to give you some extra lead time as you have the option to work in groups of two on this assignment.
Tuesday, September 2, 2008
Interesting Topic
If someone's looking for a blog post topic... First come, first served.
Malware infects space station laptop
Malware infects space station laptop
Gustav Phishing - It Didn't Take Long
From ComputerWorld:
Online scammers prep for Gustav, say researchers
"Nearly 100 domains related to Hurricane Gustav have been registered in the past 48 hours, security experts said Sunday, some of which may be used by bogus charity and relief scams after the storm strikes the U.S. Gulf Coast."
Read the full article
Online scammers prep for Gustav, say researchers
"Nearly 100 domains related to Hurricane Gustav have been registered in the past 48 hours, security experts said Sunday, some of which may be used by bogus charity and relief scams after the storm strikes the U.S. Gulf Coast."
Read the full article
Subscribe to:
Posts (Atom)
Posts
