Link Hygiene - the same old risks apply to newly launched services like Ping for iTunes (ScottWright)
posted Sun September 5th 2010 @ 11:57 AM

As each major player in today's technology and Web-connected world makes a move to get a bigger piece of the social networking pie, they take on new risks they haven't seen before. But if they only looked around, they'd be able to see and learn from the mistakes of others.

This week Apple launched "Ping", a new social network that serves the iTunes community. But they don't seem to have learned much from those that have ventured into this space before them. The Ping forums are being bombarded with spam posts containing phishing links. As blogger Chester Wisniewski, from antivirus maker Sophos points out, "Did they not see this coming?" (click HERE).

While Apple should have anticipated the problems, and tried a bit harder to protect legitimate users from this unwanted content, my advice to users is the same as for any social network: Use good link hygiene.

What is Good Link Hygiene?
Read More »

If you want something important to get done, give it to somebody who's always busy [Dilbert] (ScottWright)
posted Mon June 21st 2010 @ 6:35 AM

I heard the above tip in a time management course many years ago. This may sound counter-intuitive to many people, and you have to be careful about how you use this advice. It's not necessarily the people who always complain that they are busy you need to look for, it's the ones you know are always "doing something important". So, Dilbert's assessment below about the guy who takes on the work too readily is a little narrow-minded, but there can be some truth in it. Read More »

Keep 'em separated - surfing and online banking computers (ScottWright)
posted Wed June 9th 2010 @ 7:10 AM

I've written about this before, but I sense the focus of much discussion in the next year or so will be the risks of doing banking online - both for business and personal purposes. The growth in online banking fraud is still increasing, due in large part to malicious software infections from web surfing that later capture your user names, account numbers and passwords during online banking logins. Brian Krebs has raised another good point about separating web browsing from online banking activities, and has generated a lot of comments on his blog from people who have strong opinions about what kind of computers are safest for online banking - a point that seems somewhat irrelevant to me.
Read More »

Improve security efficiency through data classification (ScottWright)
posted Mon May 31st 2010 @ 10:44 AM

Management often only starts to take an interest in security when there is an incident or a scare that could have cost the organization money – or management it’s credibility. Unfortunately, by this time, it is hard to “fix” the problem in a meaningful and lasting way. By taking a pro-active approach to Data Classification – one of the earliest steps in any security program – fixing a specific security issue becomes much easier. Here’s why… Read More »

Quitfacebookday.com happens on May 31, 2010 - Should you quit, too? (ScottWright)
posted Thu May 20th 2010 @ 9:01 AM

It seems like maybe I talk too much about Facebook security. But it's a growing issue in the news these days. As you can see from the image next to this blog post on my website, one of the most searched terms in Google is now "How do I delete my Facebook account?" (In fact, as of today, if you type "Delete" into a Google search, the top suggestion is "Facebook account") So, I'm debating quitting Facebook on May 31 with the others who are disgusted with the site's disregard for privacy and security. (See http://www.quitfacebookday.com)

My reasons include:
Read More »

Think about the optics of collecting personal information [Dilbert] (ScottWright)
posted Sat May 15th 2010 @ 9:25 AM

No doubt, one of the most common situations in which you find yourself divulging personal information is when you are speaking to a customer service representative. But when you think about it, doesn't this interaction seem a bit "one-sided" in terms of who gets the value most of the time? Read More »

Greed and laziness make the masses vulnerable. [Dilbert] (ScottWright)
posted Thu May 13th 2010 @ 7:22 AM

Wally has a plan, but doesn't realize Identity Thieves could take advantage of his greed and laziness to cause him more damage than reward. While this example from Dilbert takes things to the extreme for Wally, it's a good illustration of how Identity Thieves can take advantage of peoples' laziness when it comes to security, and think ahead of the masses. Read More »

Figuratively, today’s Internal Audit teams must track and herd zoo animals. Security pros can help. (ScottWright)
posted Wed May 12th 2010 @ 9:03 AM

Recently, I was reviewing the Canadian Financial Administration Act (FAA) and Federal Accountability Act (FedAA, or sometimes also called the FAA) for an initiative I've taken on.  As a result I couldn't help but notice the wide range of challenges faced by internal audit teams. It struck me that many people don’t realize the range of responsibilities and activities that are usually taken on by their internal audit team, and how this critical governance function has an important relationship to security and privacy. And like zoo keepers who track and herd different types of zoo animals, some parts of an organization are easier to work with than others; and the challenges include more than just the simple things we might expect, like counting them and feeding them. Read More »

Your software probably needs to be updated 75 times a year - are you sure yours is up to date? (ScottWright)
posted Fri May 7th 2010 @ 7:10 AM

Many of the most important risks we face today are related to computers that are not properly protected against attacks. If you run Microsoft Windows or use Adobe Reader, you really need to make sure these software programs are updating themselves automatically, even if you aren't the one who knows how to make it happen. If you aren't prepared to check for and install software updates 75 times a year, on average, you need to make sure automatic updates are turned on for all the software you use.
Read More »

A few quick but important statistics about malware (stats provided by Trend) (ScottWright)
posted Tue April 27th 2010 @ 8:01 PM

I attended an interesting event yesterday that was hosted by Trend Micro, here in Ottawa. Talks were given by Jirka Danek (Government of Canada CTO), as well as Eva Chen (one of Trend's founders) and Raimund Genes (Trend CTO). While there was some great discussion around cloud security - a key focus of Trend's business model - there were some very memorable malware statistics from Raimund and Eva that I think are important for everyone to take special notice of. Read More »