In October, I wrote about Android permissions, and, based on its permissions, how to understand what an application may be doing. This month we will continue to explore some of the inner workings of the devious Android app, specifically, diving in to the realm of contact list access permissions.
I know, contacts are BORING, right? Maybe you will worry when an app tries to send a text message or connect to the Internet. Some of you may be thinking, “big deal, I am not a secret agent, celebrity or diplomat, who would want my contact list?” Well, you may not be a big deal in that respect, but you are important. And chances are that your friends and contacts are important to you. Would you want your contact list available to a complete stranger? Perhaps, someone who does not have the best intentions? You may not be a target, but rather the... read more >
I used to work at a super-secure government compound where there was a huge presence of boots, guns, fences and towers. My husband worked at a high-security state prison facility just down the road. I used to joke with him that to the naked eye, the only difference between the physical layouts of our places of employment was the direction the razor wire leaned at the top of the fences.
What worked well for both facilities was the physical defense-in-depth that was carefully planned and deployed. One site was designed to keep people from getting out. The other was designed to keep unauthorized people from getting in and unauthorized resources from getting out.
Both facilities deployed deterrence methods such as physical barriers and security lighting. They also used intrusion detection systems such as alarms and video surveillance. Access control methods included mechanical access (locks), electronic access (proximity systems) and identification systems (badges).... read more >
It’s officially cyber week. While Cyber Monday has come and gone, I think everyone can appreciate all of the latest, greatest gadgets and savings, and how our inboxes are bombarded and cluttered with the spam, charitable opportunities and too-good-to-be-true bargains that are so prevalent this time of year. That pretty well sums up this time of year, doesn't it? That also pretty well sums up every other day of the yearl? The volume may pale in comparison to this month-long marketing binge, but the scams and phishing attacks take place each and every day and we’re none the wiser. Solutionary blogger Rob Kraus wrote on this subject just prior to the holiday break and you can read more about it here.
The past two weeks have... read more >
Password database breaches are all the rage these days, appearing in the news on a regular basis. Huge databases with weak encryption are stolen, decrypted and added to massive repositories online. That data is taken one step further, blended into dictionary and rainbow tables for crackers to easily use worldwide. Some of the blame falls on the organization for not properly securing passwords but some falls on the users who choose weak and easily cracked passwords - not to mention sharing that same password across multiple services.
The latest example is this week’s news of a large Pony Botnet controller, which contained almost two million compromised accounts. The compromised accounts are from a variety of sites, and include, among others:
- 1,580,000 website login credentials...
It seems we can’t go anywhere or do anything these days without being inundated with advertisements trying to sell us car or homeowner’s insurance. As distracting as this may be, insurance has done a lot of good, but I’ve been wondering, when will we see an emphasis on insurance in the realm of cybersecurity?
Depending on where you live, insurance providers offer reduced premiums as an incentive for home improvements or driver safety education. You may also see premium reductions depending on your car’s safety features. You probably don’t want to spend much time talking about how your selection of roof shingle may have saved you on insurance, and I don’t blame you. Insurance and safety features aren’t meant to be seen or heard, but we certainly like knowing they’re there.
If you were buying a car today, would you spend several hours researching and discussing specific safety design features, or would you just look... read more >
Things to consider when evaluating third-party applications.
I haven't previously paid much attention to Google Apps. It's wasn't really on my radar since I am very careful about how I interact on the Internet. Once I was asked to write a blog about the security of Google Apps, I dove right in.
First, I decided to contact Google directly. It is always best to talk to a person, when possible, about these matters. They can often steer you in the right direction and answer questions that may not be easily found in the documentation. I called the number and within a few hours had a call back from a Google representative. This is what I learned:
- All work is backed up.
- Each user controls their own data. The Google representative told me, “When you put your data in Google Apps, you still own it, and it says that in our contracts.” ...
High-profile breaches make headlines, and so do awful passwords. There were two stories in the news that made headlines this week regarding passwords, and both leave readers shaking their heads. It was funny when Mel Brooks mocked poorly constructed combinations in Spaceballs. It’s not so funny 26 years later, because apparently our creativity has plateaued when it comes to creating passwords and combinations. In addition to Krebs, reports flew around the Web stating very clearly that roughly 1.2 million people need to go back and watch or re-watch the 1987 masterpiece and rethink their strategy when coming up with passwords – to be clear, “123456” is not a strong password and neither is “... read more >