Categories ArchivesConsumer Security

Security Tips for Non-Techies standard

One of the most challenging things that I regularly do is explain my job and career choice to non-techie users. Ask my Mom what I do, and you might get one of the blankest stares you have ever seen thrown right back in your face. In fact, I think this general lack of security knowledge among users contributes tremendously to the success of attacks against consumers. How else do we have millions of drones waiting for commands on unsuspecting users machines? I’ve heard the following from family members before: But I bought an anti-virus program three years ago! Why do I have to pay for it every year? But I had to disable the security settings so I could play ...

Continue Reading

iCloud Security Questions standard

I admit it, I’m a fanboy. So on Monday, I was doing what I could to keep up with the WWDC Keynote. Unfortunately, that meant reading a live-blog between phone calls, but it got enough of the job done. I’m looking forward to many of the new features in Lion and iOS 5. One announcement that caught my attention was the new iCloud replacement/enhancement for MobileMe. From the website: iCloud stores your music, photos, apps, calendars, documents, and more. And wirelessly pushes them to all your devices — automatically. It’s the easiest way to manage your content. Because now you don’t have to. Preposition ending sentences aside, this is some pretty cool stuff. I’m already familiar with MobileMe as an ...

Continue Reading

Does Security Impede Innovation? standard

Depends on who you ask, I suppose. In my experience as a security professional I have seen some security organizations in big companies that were so well oiled that patches could be rolled out in a few days after release without any impact to the larger organization. I’ve also seen some that were virtually non-existent—victims of poor leadership or political agendas. Most programs I see fall somewhere in the middle of that continuum, but for the most part are not as functional as they could (should) be. Therefore, in those companies, information security is seen as an impediment to innovation and creative people find ways around them. Imagine for a minute that you were a data center manager looking to ...

Continue Reading

I don’t need to know, I can look it up! standard

The pace at which our society produces information is staggering. Even worse, the amount of value of that information is typically only apparent after slicing it up in a particular way. Those of us that are naturally curious and problem solvers have gotten quite good at knowing where to find certain information as opposed to memorizing it. There are certain things you sometimes just need to memorize. For example, driving laws. It’s much better to remember that you must always stop at a red light then having to look it up each time you approach an intersection. We have enough trouble with distracted drivers already. Those of us that have figured out this critical skill often become technical support for ...

Continue Reading

What about Mobile Payments? standard

Thanks to a reader who gave me an idea for a blog post! You can suggest your own topics here. Mobile payments means a lot of things to a lot of people. Is it paying for things with that fancy iPhone app? Is it a Wi-Fi or cellular linked payment terminal? Is it paying for things with your cell phone using either an SMS-based payment or a Near-Field Communication (NFC) transaction? For the purposes of this post, I want to focus solely on SMS-Based or NFC transactions that would originate from the buyer’s cell phone. AT&T, T-Mobile, and Verizon announced last week the formation of ISIS, a mobile payment network that looks to capitalize on the per-transaction revenue that can ...

Continue Reading

Do you know your IT? standard

This post is mostly going to apply to smaller companies as I would HOPE (tongue in cheek a bit here) that larger merchants wouldn’t have this problem. Small- and Medium-sized businesses (SMBs) have more advanced software tools available to them today than ever before. Cloud-based solutions allow for multi-million dollar software packages to be available to SMBs at affordable monthly subscription prices. This level of business analytics, automation, and intelligence can make a big difference in how a business competes.  What once would take dedicated headcount can now be automated and scaled. But with great power, comes great responsibility. SMBs that entrust their business or data to these third parties must invest time and effort to understand not only what ...

Continue Reading

Hey Friends, I’m Over Here! standard

I recently gave a presentation to a graduate advertising class about social media with ideas on how it might be used as a part of an overall marketing and advertising strategy1. One of the things I covered was the concept of geo-tagging and how it relates to social media. There are tremendous privacy concerns related to geo-tagging, but also interesting market opportunities as well. We ignored the unintended geo-tagging that occurs when people use location services in their mobile phones, or use cameras that are location aware and focused on check-in applications.  Some examples of these applications are the popular FourSquare and Gowalla2. Well, it seems Facebook has now joined the fun, and added Places. Included in the launch was ...

Continue Reading

Do Small Service Providers Scare You? standard

Take PCI off the table for a minute. Do you get nervous when dealing with a small service provider that performs some niche service for your company?  It doesn’t have to be cardholder data related, but it definitely needs to be some kind of data that is either regulated or is classified as something other than public—data like PII, healthcare, or even intellectual property. Smaller providers can sometimes provide higher or better security than larger ones, and that may be beneficial long term—especially when doing the value proposition. But in some cases, smaller providers are providing a niche service to a larger customer, and are operating on a skeleton crew.  Imagine if a company like Ford Motor Company selected Brando’s ...

Continue Reading

A Facebook Reality Check standard

It has been a pretty tough couple of weeks for Facebook. I find the reaction to the privacy controls and the people leaving Facebook in droves especially entertaining. People get fired over comments they put on Twitter, pictures they are tagged in on Facebook, and content posted online using their employer’s assets, yet we are still shocked when our online profiles are disclosed? The real shock to me is, how have we not figured this out yet? My first internet account was a Netcom shell account in the early 90s. Soon after, I had my very own Linux installation (kernel 1.2.8) running on my school’s network, and not long after that I figured out I could read all of the ...

Continue Reading

More Advice when using Public WiFi standard

Scott Carmichael from the great travel blog Gadling published a post yesterday with tips on keeping your data safe when connecting to public wireless hotspots.  There are some really good tips for everyone here, but I wanted to add to a few of the options. One of the recommendations is to get a 3G or 4G data card.  In working for a Telco for a few weeks, I did learn a thing or two about these networks and how laptops of employees can be locked down almost to be unusable.  This is definitely a fantastic recommendation but has two key drawbacks—cost and usability. While data cards can be obtained reasonably cheap, and depending on how you connect to the internet ...

Continue Reading

This is a unique website which will require a more modern browser to work!

Please upgrade today!