James Mickens explains the dismal state of computer security. It’s complicated.
An effort to fix Internet confidentiality and security starts with defining the approach and who’s responsibility is it anyway. Unfortunately it is even less clear who to trust in the modern world.
WordPress is one of the most popular content management systems for publishing information online. Over 20% of sites use WordPress so it is a popular target for attacks.
WordPress.tv has some videos on WordPress security to help people improve the security of their sites.
Notice the kid in the front row. You can never start too early to learn about this important topic.
I like the videos which provide concrete steps for improving security. A lot can be done by doing updates to fix small details that are a source for attacks.
xkcd nails what is wrong with this picture in computer administration by visualizing what is really at risk vs. what is protected. At the very least if all your services are on your user account, especially if you have remember passwords activated for sensitive services, you should have a screen saving password that is invoked whenever you are not using the account.
Although Mac malware is almost non-existent, that is no reason to become complacent and think the Mac is completely immune. A trojan named Flashback with several variants that supports remote control of a Mac has infected over 600,000 Macs by exploiting a vulnerability in Java. It can be activated by inadvertently visiting certain web sites that then trigger what looks like a Flash software update.
To be safe you should do 2 things:
1. Download and install the Mac system update for Java to protect against any future infections by this trojan
2. Enter at least a couple of terminal commands to determine if you have already been infected.
This TidBITS link provides the default read terminal commands to detect the infection and instructions for its removal if you have already been affected. Note that this trojan works in stealth mode so you might not see any symptoms even if you are infected. Do the tests just for peace of mind that your computer isn’t part of a botnet.
The risk factor blog has a summary of the new cyberwarfare rules being established by the US government.
A summary by an IEEE risk analyst shows that there is a trend of more cyber attacks with greater impact that are getting publicized including attacks against security vendors themselves. The attack on Treasury Board in Canada was notable in the extended denial of Internet service that had to be invoked in dealing with the incident. Also notable was that the source of the attack from China and the Chinese embassy was specifically identified.
A survey of 2000 small businesses in the US and UK shows a gap between security awareness and action.
Security software company AVG surveyed a sample of 2,000 SMBs in the United States and United Kingdom and found that not only do more than half have no security guidelines, but that “1 in 7 have no Internet security software or solutions in place at all.”
Notably, 83% of respondents in AVG’s survey said they were aware of the importance of Internet security, yet not all of them had preventative solutions in place.
67% of respondents are considering moving to cloud-based services in the future.
The results for Canadian small businesses are probably similar or perhaps worse since Canada has often lagged in technology deployment.
Not surprisingly another survey from a security vendor (Panda Security, a company specializing in cloud security) shows that 33% of 315 SMBs surveyed have been infected with malware – mostly through social networks like Facebook.
Symantec and Panda have cloud based anti-malware services suitable for small business and AVG provides free anti-virus software for personal computers.
Another expose on the ineffectiveness of airport security. The extra mile would be to suggest what should be done for a difficult problem of delivering effective security while not overly inconveniencing people and jeopardizing air travel business. This article at least mentions a few things that have worked and makes some suggestions. At the same time people are complaining more and more about the invasiveness of airport scans.
Beckstrom’s law says the value of the network is not the square of the number of nodes, it is the difference between the value of the transactions and the costs.
as a formula:
V = B – C’ – SI – L
V is Value
B is Benefit
C’ is the remaining Costs
SI is the Security Investment and
L is the Losses
The formula makes sense. The trick is sensibly quantifying the variables.