What enterprises must learn from Sony’s security mistakes

Thursday, October 13th, 2011

You might have thought that a large enterprise such as Sony, having suffered a very high profile and therefore very embarrassing (not to mention brand damaging) security breach earlier this year as reported by IT Pro would have done everything it could to ensure there could be no further security shocks for users. You would have been wrong though, if the news that Sony has locked down 93,000 online accounts is anything to go by.

It would appear that a number of unauthorised access attempts had been registered earlier this week, over a three day period, which succeeded as far as verifying the valid sign-in information for more than 90,000 accounts concerning Sony Entertainment Network, Sony Online Entertainment and PlayStation Network users. Although the fact that Sony reacted reasonably quickly in reaction to the hack attempt, coupled with no credit card information being put at risk this time around, might sound like good news for the entertainment giants, I’m not convinced that’s the case.

(more…)

Is the Pope a Scientologist?

Wednesday, October 12th, 2011

Let me rephrase that question: is 97 percent of wireless data really secure? The answer, whichever way you look at it, is quite obviously no. Yet, according to the latest research from the Wi-Fi Alliance, some 97 percent of folk appear to firmly believe that data held on their wireless devices and networks is both safe and secure.

In the name of investigative journalism, and because I needed a loaf of bread, I ventured out in the howling wind and rain of the Pennines this morning with my Wi-Fi detector in hand. As I drove past (I may be dedicated but I’m not daft, and I wasn’t walking anywhere in this weather) the row of small businesses, a nice mix of retail and office-based ones, the software displayed the encryption status of the networks it discovered. Of the 18 networks I found in this very unscientific test, five were completely open and unsecured while one relied upon the totally broken WEP encryption methodology. That, rather handily, equates to a third of the Wi-Fi networks I found operating in one small business area being totally, and undeniably, screwed as far as data security is concerned.

(more…)

Socially unacceptable security joke

Tuesday, October 4th, 2011

What do you get if you cross 4,650 IT professionals with social media in the workplace? A lack of Infosec policy that leaves the enterprise at risk. Boom boom! OK, so it’s not the funniest punchline I’ve ever heard, but the level of social media risk that the average enterprise is leaving itself exposed to is, frankly, something of a joke.

The 4,650 IT professionals mentioned above were questioned as part of the Websense/Ponemon Global Survey on Social Media Risks which covered people with an average of 10 years hands-on IT experience, with the majority being of supervisor level or above and some 42 percent representing organisations that employ more than 5,000 people. Yet of this number, 68 percent are still saying that social media is posing a threat in the workplace courtesy of how the staff use it, with 76 percent of them admitting their enterprises don’t have the necessary controls in place to mitigate that risk. Here’s another ‘yet’ to add to the growing list: 56 percent of those asked reckoned that malware infections are increasing as a direct result of that uncontrolled social media use.

Well stuff me sideways on a child’s tricycle, when are people going to actually get the message? Scrap that, stupid question, obviously. 45 percent of those asked said their companies don’t even have a policy regarding acceptable use in the social media sphere. Worse still, of those that do have such a policy, it remains un-enforced in 79 percent of organisations. Double duh with knobs on.

(more…)

Don’t get fobbed off with chavvy security standards

Thursday, September 29th, 2011

I have to admit that I’m not much of a public transport person; the word ‘public’ being the clue as to why I prefer travelling in the chav-free environment of my eco-friendly little Fiat 500 whenever possible. However, when I do risk jumping on a bus, or have won the lottery and can afford a train journey, I am always near terminally confused by the various ticketing options. What I would want, were I a regular public transport using type would be some kind of secure token system that I could just wave at a reader device and be on my way. Such things exist, of course, but there are a myriad different types and standards which just serve to confuse things as much as the paper ticketing mess does. And if things are bad for the consumer of such things, they are even worse for the transport providers when faced with proprietary technologies that are not interoperable across devices,which can be hellish expensive to acquire, deploy and maintain and, worse of all, are not as secure as they could be.

(more…)

It’s not just technotards who dislike mobile commerce

Friday, September 23rd, 2011

I recently exclaimed “Leave my laptop alone. I MEAN IT!” here at IT Pro, and was surprised at the venom of smartphone and tablet users who not only disagreed with me that the laptop was far from dead, but suggested I should join it. Proving that I am either thick-skinned or just thick, I thought I’d repeat the claim that laptops are just, well, better at so many things. This time the thing in question being shopping, and this time I am far from alone in making the claim.

A new survey on mobile commerce habits, published by a strategic information management company called Stibo Systems, suggests that most consumers remain unsatisfied with m-commerce with only 27 percent apparently bucking that trend and a meagre 8.6 percent rating the experience as excellent. Falling into the 73 percent majority myself, a very active user of mobile devices but not a very satisfied mobile shopper, I have been taking a closer look at the findings revealed within the ridiculously long-winded titled Stibo Systems’ ‘UK Online Shopping Trends 2001: Product Information: the key to successful multi-channel retail strategy’ whitepaper.

(more…)

Children are being ‘gamed’ into stealing your data

Wednesday, September 21st, 2011

Children, often too young to be reading yet, are being targeted by cyber-scum in the latest wave of malware attacks. Why bother targeting young kids, you may ask? To get access to your data, I might reply.

According to security vendor BitDefender, online games are being used as a vehicle for spreading malware with a deliberate intention to bypass security checks by encouraging kids to install the software with big flashy click buttons. Many of the games concerned would seem to be of the ‘virtual pet’ or ’swipe to paint a picture’ variety, obviously aimed at the very youngest of children.

During the last week alone, researchers at BitDefender have uncovered half a dozen such examples of these Flash-based, very colourful and highly attractive to kids type games which come complete with Trojans that are designed to steer the youngsters towards sites which download and install malware capable of stealing financial data.

(more…)

NHS or ICO: which is crappiest?

Tuesday, September 13th, 2011

The news that the Information Commissioner’s Office (ICO) has determined that yet another NHS trust is in breach of the Data Protection Act comes as no real surprise to anyone who has been following the myriad security breaches suffered by the NHS during recent years. But what does surprise me is the apparent lack of concern that the ICO has failed, yet again, to really do anything about it.

The University Hospital of South Manchester NHS Foundation Trust is quite a big name, yet ironically the data that it lost was contained on a very small thing: an unencrypted USB stick. Oh sweet Jesus H Christ, you heard that right, the NHS is still allowing staff to use unencrypted USB sticks to shift data around on. I’m sure that there will be some who disagree with me and point out that the NHS trust in question was following the NHS Connecting for Health guidelines on data security and forbidding any such thing. Unfortunately folks, my definition of ‘allowing’ stands: if you have a policy which says one thing but comes with no real world method to enforce that thing, then when someone breaches your policy you have for all intent and purposes allowed it to happen. See what I mean? And so it was, that this particular NHS trust allowed a medical student working in the burns and plastics department to put data relating to the treatment of more than 80 patients around on his own USB stick for ‘research purposes’ which was, as I’ve said, not encrypted at all. Said student then lost the USB stick, and all the patient data upon it.

(more…)

Leave my laptop alone. I MEAN IT!!!

Thursday, September 8th, 2011

I did a bit of quick and dirty research with absolutely no statistical value and it revealed that headline writers love saying that the PC is dead, the laptop is dead, in fact anything other than the tablet and smartphone is dead. But is it true? I’m in the No Way Jose camp myself, and here’s why.

While the Office for National Statistics may have just issued a news release informing anyone who’s listening that 45 percent of all Internet users (well, all of those who they actually bothered to ask) have accessed the Internet by way of a mobile phone so far this year, and amongst 16-24 year olds that figure jumps to 71 percent, it doesn’t mean that they only go online that way. Nor does it imply that the laptop is dead, although I have already heard some media commentators extrapolating exactly that conclusion from this seemingly innocuous data. Some, who really should know better, have even seen the word ‘mobile phone’ and morphed it past a smartphone and into a tablet in order to support the laptop R.I.P argument.

(more…)

Research reveals senior security decision makers are dorks

Tuesday, September 6th, 2011

Sometimes I am not sure if I should be banging my head against the desk because of surveys that ‘reveal’ the obvious, or because there are businesses out there providing the ammunition for such research by refusing to remove their heads from their collective arses. Today I am leaning towards the latter as I read the new KPMG e-Crime report.

The survey itself was of 200 senior security decision makers, although I have to say that description seems almost laughable given the results, from global businesses including a bunch of FTSE 100 listed outfits. Here’s why my head is so sore, in a nutshell:

(more…)

TomTom loses the tweeting plot

Wednesday, August 31st, 2011

Is it just me, or does anyone else just want their satnav to tell them how to get between points A and B (possibly via C) as quickly as possible? I ask as I have a press release here that assures me TomTom is introducing a new feature that will satisfy that greatest of needs of the average motorist: the ability to automatically tell everyone on Twitter not only where you are going but when you are likely to arrive there.

Don’t worry, the press release reassuringly informs me, broadcasting my destination and ETA isn’t going to cause me to crash as the Twitter message is “pre-set by the user before they set off, so they can concentrate safely on the road without worrying about informing people when they’re going to arrive”. Well thank goodness for that, one less worry before I set off down the M62 again. Not!

(more…)