Infiltrate, Exfiltrate, and… Inject?
This is a blog about spying in the Internet era. While activists would have you believe that it’s all about online personas, there is still a lot of cloak-and-dagger up close and personal spying going on. When Edward Snowden dumped his files, many Western spy agencies had to pull back agents because their covers were blown. […]
The Invasion Of The Biometric Identity Snatchers
What happens when someone copies your fingerprints or makes a contact lens with a copy of your iris? If someone steals your biometrics, they may be able to prove that they’re you. If you like being “you” – and you’d rather not share that distinction with anyone else – the new world of biometrics is definitely worth thinking about.
Would Encryption Have Prevented The Target Hack?
Security professionals need to be performing the same kinds of risk analysis and business impact analysis that business continuity professionals have been doing for dozens of years. As part of that risk analysis you need to determine your most important information, its lifetime, and whether or not you are properly protecting it.
Is There a Target On My Back?
Target didn’t know they were hacked until they learned about it from a third-party forensics firm. How could Target not know that its own systems were hacked? You might be surprised how many companies have no clue…
Are You Putting Your Organization At Risk?
In today’s always-on world, not only are employees talking about your latest secret project in public, they probably are working on it. Does this make your company an easy target for industrial espionage? The answer probably is yes.
Anonymous Hacks FBI Conference Call On Cyber Pirates
Anonymous posted a 16-minute recording of a call in which U.S. and foreign law enforcement officials discussed two alleged teenage members. Pundits say there was an email hack. FBI says someone forwarded the concall email. No matter how it happened, it needs to be prevented from happening again.
What Does “Data Loss” Mean To You?
Protecting your data against loss means protecting it against a spectrum of risks. If you are worried about corruption or deletion of data, then you should be thinking about replication and backup. If you are worried about your data falling into the wrong hands, then you should be thinking about data encryption solutions along with access controls and separation of duties. Last but not least, if you are worried about regulatory compliance or eDiscovery, then you might also have a requirement to store your data in a provably read-only form.
Dereliction of Data Protection – By a Law Enforcement Union
If you are not from the San Francisco Bay Area, you may not know that hackers gained access to the website operated by The Bay Area Rapid Transit (BART) Police Officers’ Association, then stole and posted personal information on more than 100 officers. The officers’ home and email addresses were leaked along with passwords. This […]
Why Encryption Might Not Stop Data Theft
The most secure encryption system in the world might not have prevented the Sony and Epsilon data thefts. Encryption is totally useless if an attacker can get to the data as an authorized user. Separation of duties is paramount when it comes to protecting data from disclosure.
What Can We Learn From the RSA Hack?
The security professionals who work for RSA are some of the best in the business. If they’re so good and RSA still got hacked, what does that portend for your organization?
