We all get e-mails from well-meaning family members and friends. A huge virus is going around. Don't open this or your hard drive will be destroyed.
But something really is going around. Three different people I know were affected by a virus that cracked their free e-mail account and then sent out e-mails with their address books with a link to a website. Social media sites, such as twitter.com, have also been affected by this virus. The link contains a virus that reads both Outlook and proprietary address books (such as that of AOL) and send out e-mails.
How do you prevent it? Use a complex password and change it often. When you create or change your password, use upper case and lower case letters as well as numbers and punctuation, such as underscores or dots). Another good idea is to create an e-mail address on a free e-mail service and use this e-mail for all your junk e-mails. Finally, keep your spam filter on high. Somehow, e-mails from disreputable people and companies will get through, but it's one of the best measures you can take.
Speaking of hacking, some high profile hospitals in New York City admitted that patient data was compromised. Somehow it got on an open server. Hospital officials claim that no information was used inappropriately, but that remains to be seen. The real danger is not that someone is going to sell information about a celebrity's health problems to the National Enquirer, but that patients are at risk of identity theft. All a perpetrator needs is a name, address, social security number and date of birth. For a while it was available on an open server at large hospitals in one of the biggest cities in the nation. This is why they need to hire experienced security analysts and keep up to date on security software.
Imagine if there were a virus that sucked out a hospital's patient database. If that hospital were in a large city where people go to for the top specialized care, identity theft would be made easier and more widespread than ever. If you can, give only the last two or four digits of your Social Security number when asked for it by a doctor's office or medical institution. Don't make it easier for local amateurs to steal your identity. You don't know how safe your doctor's computer system really is.
Tuesday, September 28, 2010
Wednesday, September 22, 2010
Google's Breach of Trust
Google's recent internal security breach is raising questions about cloud computing. While Google claims they trust the company's Site Reliability Engineers, the fact is that the company does not have enough control over the employees who have access to its systems. Naturally, Google is trying to contain costs, but this is one of many areas where corporate decision-makers have to choose both their priorities and their misery. The company claims it regularly upgrades its security controls by auditing logs, but it won't define regularly. Is it regularly as in daily, weekly, monthly, quarterly, annually or regular when there's a problem?
In my experience as a consultant between full-time employment, I can see where there are gaps. Someone accepts an assignment for three months or six months, or even two years. If the pay isn't worth his while, he is going to keep one foot on the gas pedal, ready to take off as soon as a better offer comes in. If a company relies on consultants, the hiring managers must know that there is not going to be any loyalty on the part of the contract worker. Why would there be? What Samuel Goldwyn said about a contract not being worth the paper it's printed on was a laughable remark some 70 years ago. It turns out Goldwyn was a prophet. I had a one-year contract become worthless after nine months. I wasn't singled out. At various networking meetings, I met four other victims of the same company with the same contract. And, no, we were not spying on minors or tapping into call logs. We were putting out fires.
Cloud computing isn't going away. Companies that are thinking about using it are going to have to take security measures very, very seriously. What Google's David Barksdale did was unpleasant and immoral, but it's nothing compared to what can and does happen.
For the past several years, I've worked to prevent identity thefts. In order to prevent people from hacking into bank accounts and medical records so that they can get another person's name, address and social security, I've installed and tested various intrusion detection systems. Sometimes a company doesn't want to spend the money on upgrades, but here's what happens. Suddenly there's an announcement that ABC Financial Corporation or XZY Bank is offering free credit monitoring to its customers "because its data may have been compromised." Now you know what you mean by compromise. And that credit monitoring is only free for customers, not for the corporation. Where's the savings? it's certainly not financial. And the company's reputation among its customers has also been compromised. There's no free monitoring for that.
http://www.readwriteweb.com/cloud/2010/09/googles-internal-security-brea.php
In my experience as a consultant between full-time employment, I can see where there are gaps. Someone accepts an assignment for three months or six months, or even two years. If the pay isn't worth his while, he is going to keep one foot on the gas pedal, ready to take off as soon as a better offer comes in. If a company relies on consultants, the hiring managers must know that there is not going to be any loyalty on the part of the contract worker. Why would there be? What Samuel Goldwyn said about a contract not being worth the paper it's printed on was a laughable remark some 70 years ago. It turns out Goldwyn was a prophet. I had a one-year contract become worthless after nine months. I wasn't singled out. At various networking meetings, I met four other victims of the same company with the same contract. And, no, we were not spying on minors or tapping into call logs. We were putting out fires.
Cloud computing isn't going away. Companies that are thinking about using it are going to have to take security measures very, very seriously. What Google's David Barksdale did was unpleasant and immoral, but it's nothing compared to what can and does happen.
For the past several years, I've worked to prevent identity thefts. In order to prevent people from hacking into bank accounts and medical records so that they can get another person's name, address and social security, I've installed and tested various intrusion detection systems. Sometimes a company doesn't want to spend the money on upgrades, but here's what happens. Suddenly there's an announcement that ABC Financial Corporation or XZY Bank is offering free credit monitoring to its customers "because its data may have been compromised." Now you know what you mean by compromise. And that credit monitoring is only free for customers, not for the corporation. Where's the savings? it's certainly not financial. And the company's reputation among its customers has also been compromised. There's no free monitoring for that.
http://www.readwriteweb.com/cloud/2010/09/googles-internal-security-brea.php
Subscribe to:
Posts (Atom)