Archive
Seasonal Security…
In the spirit of the season, the Louisville Better Business Bureau printed 10 great tips about how to keep safe online and “in real life” this season. Though McAfee also regularly publish such information on our consumer sites, it’s interesting to get someone elses opinion on what the prevalent scams going on are.
So, ho-ho-ho and here we go with the information – be Safe online this holiday season!
1. H1N1 Email Virus – Internet scammers are sending fake emails all over the country to steal passwords and install a damaging virus on victims’ computers. The fraudulent email purportedly comes from a “State Vaccination H1N1 Program” and offers an official-looking but bogus link to the Website for the U.S. Centers for Disease Control and Prevention. The message says anyone 18 or older should click on the link to complete a personal profile because every adult “has to have his personal vaccination profile” on the CDC’s Website, whether they intend to be vaccinated or not. Read more…
Personal Data Breach Compensation Suit Thrown Out In Missouri..
A knock to the campaign to ensure companies take better care of our personal data occurred this when when John Amburgy lost his case against Express Scripts in Missouri, USA.
John alleged that he had spent significant time and effort in protecting
his identity following Express Scripts’ breach back in October 2008. They offered free credit report monitoring services to the people who’s PII/PHI they lost, but only to those who proved they had been victims of identity theft.
Yes, it seems you have to be a victim of identity theft because of Express Scripts breach before Express Scripts will offer you help in protecting and monitoring your identity… Read more…
Evil Maid, another nefarious trojan attack..
Last month Joanna Rutkowska posted a very interesting article showing a practical “Evil Maid” attack against the open-source TrueCrypt FDE product. The attack is reasonably simple, subvert the pre-boot authentication engine of the full-disk encryption product in question to add a password-sniffing routine, then wait for the unsuspecting user to authenticate to their machine and then retrieve the credentials at a later stage.
Evil Maid is simply hooking the pre-boot code of TrueCrypt and adding a routine to store the users password. Because the TrueCrypt code is quite simple, it’s a relatively easy thing to do, but the attack is theoretically valid regardless of this fact, just the effort to make the hook code increases with the sophistication of the pre-boot environment. Read more…
“Are Youse guys responsible for bleeding Anti Virus 2010?”
For those who know me, know I am a great lover of Google Voice – if you don’t know the service I advise you check it out, it has amazing features like call announcement and voice mail transcription. I use it to keep the marketeers away.
But tonight, I got a very interesting call from a nice guy called Andy from Queens, NYC, who in a traditional movie star accent which I can’t do justice to asked me “Are youse guys responsible for Anti Virus 2010?” Read more…
European Data Protection Law a possibility?
The Register recently reported that the European Commission is considering passing EU-wide laws on data breach notification, along the lines of those in place in the USA already. Viviane Reding, the Information Security Commissioner said
The Telecoms Reform has put the issue of mandatory notification of personal data breaches firmly on the European Policy agenda.
The committee formed from Europe’s national data protection watchdogs (The Article 29 Working Party) has apparently also backed the idea. Read more…
Mwa Ha Ha! Crack your 10 char password for under $3,000
A recent article from David Campbell also published on The Register reminded us that there’s a lot of computing power available for rent at the moment. Using a pretty standard brute force password cracker as a benchmark, and Amazon’s EC2 computing platform cost of $.30 per hour, he came up with some surprising, but perhaps unexpectedly low figures for how much money it takes to crack various strength passwords. Read more…
McAfee launches new Community Portal…
This week on the 4th November McAfee will go live with the new community forum (http://community.mcafee.com) . Designed to give customers a voice to discuss McAfee products, and to interact with each other and informal advisers within McAfee, the forum has grown to be quite dynamic over time. So much so that it was recently moved onto the excellent Jive platform, giving a lot more capacity and a greater feature set. The community does not replace the official support processes, but it’s a great way to discuss ideas and problems with your peers.
I’m the moderator for the Data Protection communities at the moment, so, if it’s of interest to you I’d love to see you on there – sign up is free for all. Launch date is the 4th November.
ChoicePoint fined an additional $275,000 for failures to have an effective security policy…
Following on from my story on repeat data loss offenders, tho week ChoicePoint has been fined $275,000 by the FTC for failures to have an adequate data security program in place. ChoicePoint lost the PII of 160,000 U.S residents in 2004 (which they were fined $15 million for), and another 13,750 in 2008 according to Grant Gross of IDG News Service.
Interestingly, this later breach could have been mitigated by a “key” electronic security tool they had in place to monitor the database, unfortunate for them though, it had been turned off. Read more…
Hacking Exposed – Son of Scoop.pl
After attending this mornings Hacking Exposed session at McAfee Focus 09, I was inspired to recreate Stuart McClure’s “Scoop.pl” script. I don’t have Python or Pearl installed on my machines, but I do have VBScript, and I do have Primalscript, so it seemed a simple thing to create this useful tool which helps you get the lowdown on what sites are present on a given URL. Read more…
Repeat Data Loss Offenders…
I was doing some data mining this week on the excellent DataLossDB.com site and it occurred to me to dig a little deeper into where the risky places to give your PII/PHI to are. I was hoping to find that some segments are cleaning up their act, but it seems not. The fact we’re seeing multiple entries by people could have two possible meanings: Read more…
Who?
 | EVP Cyber Product Innovation for Mastercard. Formally the Chief Technology Officer for Intel Secure Home Gateways, CTO for McAfee Enterprise Endpoint, CTO McAfee Innovation team, and Founder/CTO SafeBoot Corp. |
Simon Says - Musings of a Technology CTO 
Comments