Talk Security
Steven Sprague
Brian Berger
Ed Green
Len Veil
Lark Allen
Greg Kazmierczak
Robert Thibadeau
Joseph Souren
Take Control of Social Media: Own What You Post to the Cloud with Scrambls
Globally, more than 800 million users are on Facebook. Twitter has upwards of 200 million, LinkedIn 120 million, Flickr 51 million, and Foursquare 10 million. We live in a world saturated with social media.
Most of us realize that as soon as we hit “share,” the content millions of us pour into the cloud every day then belongs to someone else (i.e. Facebook, Twitter, etc.). It’s something we accept as a price for the services we receive in return. This shift of ownership raises questions about social media control: Who are we trusting to manage and govern the personal information that we don’t want publicly shared?
Debate Over the Alleged Cyberattack on an Illinois Water Utility Should be a National Conversation
Late last week, reports emerged that hackers had compromised the Supervisory Control and Data Acquisition (SCADA) system of an Illinois water utility and destroyed a pump. The reports stirred something of a debate as to whether or not an attack occurred, and it now it appears unlikely that we’ll ever learn the full story.
However, amidst that debate a more salient point has emerged. Namely, cybersecurity experts agree the threat of an attack on SCADA systems is very real and should be prepared for. As Tiffany Strauchs Rad, a SCADA vulnerability expert, told SecurityNewsDaily: “Industrial control facilities using SCADA and ICS should be alert to these risks regardless of whether this particular instance was a malicious attack or not. Over the past decade, a lot of information security research has elucidated many of these vulnerabilities. It is not an over-exaggeration to state that there are many facilities that could be at risk.”
Cyber-attack in Norway Illustrates that Damage Control is Still Favored Over Damage Prevention
Headlines about last week’s cyber-attack on Norway’s oil and defense industries didn’t vary among the dozen or so media outlets that ran the story outside Norway’s borders. Even though the breach could prove to be the most extensive case of data espionage in Norway’s history, most English-language media on the Continent and abroad weren’t inspired to do more than simply echo the Associated Press story, which itself drew largely from an official statement from Norway’s National Security Authority. Finally, a scan of French and Polish coverage didn’t illustrate much deeper interest, except to note the attacks circumvented anti-virus software. Industry publications focused on IT provided some larger context for such breaches, but neglected to look past the symptomatic issues the attack raised and consider the disease.
To briefly reiterate the details, hackers successfully stole data from several undisclosed organizations in Norway’s oil, gas, energy and defense industries, and sent it digitally from the country. The Authority further disclosed there were at least ten different attacks over the past year alone, yet it acknowledges those attacks were only recently detected. So, the number could be much higher.
Interoperability and Security in the Cloud Boil Down to Standards
Cloud computing and consumerization of IT are two of the 800-pound gorillas currently dominating IT discussions today. Together they comprise a simple, alluring idea: People can use any device they want to access the Internet and data from anywhere.
Unfortunately, this vision poses some frustratingly complex questions of execution. Two of the biggest are, how do I know who’s accessing my networks and data and, more importantly, can I trust them? That’s because despite the pervasive marketing hype, people don’t really mean just any device – they mean any known device.
Paradigm Reboot: Advance of the APT
Remember the 90’s when the term “paradigm shift” first became fashionable argot among business elites? Well, it’s a new century now, and the term aptly describes fundamental changes underway in network security.
Fueling today’s shift is a marked rise in Advanced Persistent Threats (APTs) that, unlike viruses and malware, are not easily detected by 20th Century approaches to network security, such as black listing and scanning. Government entities and commercial enterprises alike are beginning to understand that identifying and removing APTs requires a new, and indeed opposite, approach: namely, white listing.
Twitter Feed
- RT @TheNextWeb: Scrambls lends your social media messages a bit more privacy http://t.co/GsALLRqo by @jemimah_knight
- Reading @govcomputernews: “Windows 8 a step forward in security, researcher says” #infosec $WAVX http://t.co/VX8CrUtz
- helping kids share safely online: scrambls at the CA PTA conference. http://t.co/Q7gCB0To $WAVX @scramblsUSA
- RT @scramblsUSA: Scrambls 2012 Child Safety Award http://t.co/7GO5khht
- New survey finds that many Canadian businesses are not using #encryption to protect customers’ personal data $WAVX http://t.co/QmnOYTI0
- RT @TheNextWeb: Scrambls lends your social media messages a bit more privacy http://t.co/GsALLRqo by @jemimah_knight
