Security Bytes –March 2015– Net Neutrality?
This month I wish to offer a view on something that I feel is crucial to the continuation of a free and secure Internet for the future. In the early days of the Internet the United States was the pioneer of many of the technologies that we use on the Internet every day. No one could have ever envisioned that the world would be so “connected” in such a short period of time nor could one foresee the influence being “networked” has on every day life.
We have seen the Internet used for good and bad purposes and until now the Internet as we know it (in the United States) has always been virtually unregulated by any one authority with regard to content carried and delivered to end users. All of the companies, Internet service providers and others that connect to the Internet have essentially followed the guidelines of the IETF ( Internet Engineering Task Force ) to ensure that the technology they use can effectively communicate, however no single governing body has implemented any rules for the content that can be delivered on the Internet.
Security Bytes – Feb 2015 – Full Drive Encryption? Is it needed?
This month I want to address the notion of full drive encryption and how it can help assure that your private data remains private. Over the past few years I have always been talking about how to keep you information safe while browsing and transacting on the Internet. We have also become aware that as we become more dependent upon the devices we use every day, the loss of a device or laptop may potentially be crippling unless the data on that device is properly secured.
Some of you may work for a company that issued you a laptop for work and that laptop usually will have some form of full drive encryption to ensure that the data remains private. We have reached the time where everyone should consider doing the same for their own personal computers as well.
Apple, and Microsoft offer their own built in solutions respectably called FileVault and BitLocker. These encryption services are built into the operating system and DO work quite well, however there is some suspicion that Governments may be able circumvent the “built in” encryption with a hidden back door into the operating system. There are also numerous 3rd party apps that can also provide a very good level of security that are provided from vendors like Symantec, Sophos, and Kaspersky. Of course with all these utilities , you have to place a level of trust in a vendor. Apple’s FileVault is used by the NSA for their own employees and is also very capable, however one should be very careful to ensure that proper steps are followed to secure the rest of the operating system to further boost security. Keep in mind that you have to place trust in Apple!
Security Bytes - Dec 2014 - XP's Final Demise
Microsoft officially retired support for Windows XP April 8th, 2014 and many people have continued to be diehards and still use XP despite the last Microsoft software updates rolling out nearly 8 months ago! There have also been posts on some websites how to still receive some updates for XP by making it emulate XP embedded point of sale systems that are still supported by Microsoft. People that choose to do take this path risk the uncertainty if the patch will work and if the patch may break compatibility with software they use. In any case, the outcome is clear: It is time to stop using Windows XP and move on to a newer operating system that is still supported by Microsoft.
The two specific vulnerabilities that are not passed down to XP are:
· Microsoft Security Bulletin MS14-066 – Classified as Critical
· Microsoft Security Bulletin MS14-065 – Classified as Critical
Both of these are showstoppers for any XP user and if a patch is not applied for these, one risks the potential of their machine being subverted by a hacker that will have the ability to run any code of their choosing on that machine. Basically this is a bad situation for anyone to be in since the loss of control over your machine can expose you to significant threats...
Security Bytes - Jan 2015 - New Year's Revelations
It is another new year and once again the importance of security is at the forefront of the news. In the past year many security related stories have come to light that were considered outlandish by many people. Prior to Edward Snowden’s revelations, many people never believed the stories that our government was spying on individuals and businesses. Since Snowden’s releases there have been many other security breaches at many online retailers and other major businesses. All of these instances further reinforce the need for everyone to take their own responsibility for their information security online.
It simply amazes me at how so many people just blindly place their trust in the hands of the vendors they purchase their computers from. You may read that statement and say “Why not, I am paying good money for my computer and I expect security.” Lets compare that statement to buying a new car. You go to the car dealer that matches your needs to a vehicle and gives you the best deal. Nowhere in that transaction does one expect that car manufacturer or dealer to prevent you from getting into an accident! It is understood that anyone purchasing a vehicle has a basic understanding of how to drive safely to protect themselves and others around you. The same standard does not exist yet for technology because people blindly place trust in vendors and don’t take the time to really learn how to “Drive” ( use ) their technology properly / Safely.
Security Bytes - November Payment Tokens
The past month has been a flurry of new tech handheld releases from various vendors including Apple, Google, as well as many of the other smartphone vendors. Many of the devices that have been released offer feature rich software and promises of keeping us more secure with every new generation of software and hardware. In light of the latest news of credit card breaches at many online and in store vendors, it is very timely that smartphone vendors are making a valiant effort to produce software and hardware that can be trusted to becomes a true digital wallet.
For many years consumers have been waiting for the opportunity to have a device with which one can purchase items with a single click or a wave of the device near a reader and without the need to present any other identity to the vendor at the time of purchase. Just think about the possibility this introduces from dining out to not worrying about handing over your credit card to someone and having them walk away with it momentarily out of your sight. All of the new phone vendors propose solutions to this security quandary with solutions that include biometric recognition (fingerprint scanner) or pin code entry on the device to confirm intent to access credit card information.
The next question that comes to mind is:
How does the information stored on the device stay secure?