Meta

Register
Login
Site Admin
Logout

Archives

Congressman Twitters Security Breach

Even with the best policies and practices in place, everything hinges on the end user. This weekend, Congressman Hoekstra Twittered secret Iraqi travel plans, showing how easily private information is disseminated and security may be [...]

February 9th, 2009 | Tags: , , , , , , , , , , , , | Category: Information Security, Privacy | Leave a comment

Privacy and Messaging through Postini

Postini is Google’s 2006 acquisition for secure messaging, and a direct competitor to IronPort. All of their offerings surround Software As A Service (SAAS), matching directly with Google’s overall technology strategy. They provide several services, including web security, anti-spam/malware, mail filtering, and archival with indexing. The Data Leakage Prevention capabilities provide privacy protections through outbound communication filters. Additionally, there are management tools and continuity procedures appropriate for enterprise use.

Postini’s background technology stems from threat assessment and message parsing capabilities, grown through several years as a primary mail provider. There are two major patents, with a variety of [...]

June 6th, 2008 | Tags: , , , , , , , , | Category: Compliance & Regulations, Information Security, Privacy, Uncategorized | Leave a comment

Password hacking with chocolate: Are women more susceptible to social engineering?

The Mitnick attack. The 10 attack. Social Engineering. Each of these emphasize how readily people part with valuable information to someone posing as an IT staffer, a very attractive member of the opposite sex, or someone friendly. You may now add candy bars and women…

No matter how you slice it, the weakest point in any security program ends up being the end user. User training seems to work with frequency of message, but without hearing the importance of security it seems quickly forgotten.

That is of course, unless the message starts at the top with a strong corporate policy, well understood [...]

April 24th, 2008 | Tags: , , , , , , , , | Category: CIPP, Hacking, Information Security, Privacy | Leave a comment

eDiscovery – Could the obvious approach put too much private information into one spot?

Electronic Discovery, or eDiscovery, is the digital analog to a court request for documents and files pertaining to a proceeding. As with anything digital, the courts expect discovery times in days and weeks, versus the months (years) given for paper files. Punishments for failure to produce could be regulatory, legislative, or may even include court based consequences such as contempt charges. In a recent survey by Information Security Magazine, only 28 percent of respondents knew how they would handle an eDiscovery request. Even knowing where to look seems a daunting task. I have trouble at [...]

April 23rd, 2008 | Tags: , , , , , , , , , , , | Category: Compliance & Regulations, Hacking, Information Security, Privacy | Leave a comment

Hacking attack targets epileptics

I find ‘America’s Funniest Videos’ entertaining. I get ‘Jackass’… They scare people, gross them out, or generally bewilder. But they don’t intentionally go out and drop toilet bowls on people’s heads or put others lives in danger.

What I don’t get is the recent hack of the Epilepsy Foundation forums, changing posts so that they displayed flashing strobes and trippy patterns. I find this behavior reprehensible. To sully a non-profit’s reputation, and attack unsuspecting seizure disorder suffers, many of whom may be incapcitated by the strobes or patterns. Thankfully most of them probably don’t know what happened, essentially blacking [...]

April 20th, 2008 | Tags: , , , , | Category: Hacking, Information Security | Leave a comment