Security Bytes – September, 2015 – Security Primer Update.
Over the past few years I have talked about numerous security sites and tools to assist all my readers to achieve better security online. This month I wish to share a site that I believe is a very good compilation of most of the things I have been talking about. What I like about this site is that the author takes a very objective approach to all his topics and the suggestions he makes are in line with industry best practices. Please note however not to immediately be scared by some of the one liners the site has in its headlines.
The site is: privacytools.io
In my time consulting on security, I have come across people many times that say “I have nothing to hide!” In fact, many times I have caught myself saying almost the same thing, however I caveat it to say If I get government subpoena to disclose I will comply so long as I know how my privacy is being handled. What many people do not realize is that Governments around the world are trying to outlaw encryption and want to set up equipment on ISP (Internet Service Provider) networks to capture all traffic so that they can analyze what is going through connections.
Security Bytes – August, 2015 – Keyless entry hacking.
This month, I wish to address a topic that has come to my attention that many affect many of my readers in one way or another. Many new vehicles have the convenience of keyless entry key fobs that make the process of entering and starting a vehicle very easy and convenient. We all think that because these systems are engineered by big auto manufactures they should be worry free and function without flaws, however time has shown us how imperfections can be found and fixes are needed due to proper manufacturing or improper installation.
Recent research had has shown that keyless entry systems can be hacked and not only can cars be unlocked but also driven away without any damage to the vehicle.
Security Bytes – June, 2015 – Planes, Trains and Automobiles..Hackable?
This month I wish to address a topic that has been push to the forefront of mainstream news as of late. There have been various reports of hackers and security researchers finding flaws in the security of the entertainment systems on a plane. The “hacker” was able to gain access to the plane’s flight systems and actually claimed that he could have manipulated aircraft systems if he wanted to. While this alarming, it should also be taken very seriously as a wake up call to all the things we take for granted. Hopefully, aircraft engineers will take this information and create better internal electronic systems for planes to mitigate this threat.
This threat is NOT limited to aircraft! Back in February 60 Minutes had a story on car hacking where one of their producers was in a car on a test track that was purposely hacked via its built in cellular communications and the hacker managed to disable the braking system in the car totally remotely! This is also alarming and the auto industry has taken this warning seriously. Currently there is NO reason to stop driving your car or not fly on any planes because these “hacks” are not easy to accomplish. In fact they require an advanced level of technical knowledge of the systems involved.
Security Bytes – July, 2015 – Password database breaches.
This month has had its share of interesting events. In many of my past articles, I talked about using strong passwords to safeguard your information and also to store those passwords in a secure as sword management application. On June 15, there was a breach at Lastpass, one of the online password management sites that I talked about in some of my previous articles. Despite the fact that this sounds like horrible news to most, the silver lining is that all user password databases are encrypted and it would prove nearly impossible for anyone to decrypt the contents of the stolen password data assuming that the master password is strong. Keep in mind however that it is still important to use a strong password or pass phrase to secure your password database with. Many of the online password database providers do provide adequate security with regard to the level of encryption they offer however they have minimal control on the type of password / pass phrase one may choose to encrypt their database with. As I have explained in many previous articles, if one must create one master password to rule them all, it should be long enough to provide adequate security but also memorable so you can easily use it when you need it. It is for this exact reason that I personally do not use any online password storage sites. I manage synchronizing my passwords between all my devices manually. While this is a bit cumbersome, it puts ME solely in charge of its success or failure.
Security Bytes – May, 2015 – Complacency Timebomb.
This month I wish to address an issue I have seen over an over again in the field and in post exploit reports that I read.
Many organizations take a reactionary approach to security based in immediate need and possibly due to a breach or solving problems as they arise instead of taking a proactive approach. I must say that I have also fallen into the reactionary grouping in the past as well. It is very easy to treat any form of security from physical ( Locks , doors, cameras, etc.) to technological ( Firewalls, security policy, etc ) as a set it and forget it approach. Once one overlooks the need to audit security policies and make appropriate changes they fall into the complacent category and leave themselves open to possible vulnerabilities!