streetwise security edge, ustream, townhall, security, news, radio, channel, technology, business
HOME
PAGE
MEMBER RESOURCES
ABOUT US
FORUMS
PARTNERS
PRODUCTS & SERVICES
FREE RESOURCES
LOGIN
HERE
JOIN
NOW!
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

To see the list of all blogs, including Scott Wright's Security Views Blog and the Streetwise Security Zone Podcast click HERE. You also can subscribe via an RSS reader, or check the "Watch This" box in the left column to receive news by email of new articles.


Watch this Blog Notify me by e-mail any time a new post is made to this blog.


Group Administrator

"ScottWright"

The Townhall sessions are a series of video netcasts I did as an experiment to demonstrate the possibilities for live or recorded security awareness shows. Unfortunately, I haven't had the time to make it a regular feature.

Streetwise Safe Web Surfing - Audio Training Program (1 hour)
Product ID: 00000003

Learn how to avoid loss of time and money caused by computer infections and the many online risks you face every day at work and at home. With all of the risks associated with Web Surfing these days, you really need a simp ... More »

Non-Member Price: $5.99 $4.99

January 2010 Posts

Archives
  Streetwise Security Zone Townhall Sessions
Blog Entry

Top 10 Insecurity Predictions for 2010

Thursday, January 7th 2010 @ 10:45 PM (not yet rated)    post viewed 1523 times

Get the Flash player to see this player or just click here to access this file without streaming.

click to download this audio file

Streetwise Security Edge - Episode 1: January 4, 2010

In this episode:

1 - Introduction to this video podcast series - what's it all about and who am I

2 - Internet posting policies for employees

3 - Top 10 Insecurity Predictions for 2010

4 - Securosis and Security Incite merge

5 - Google Calendar vulnerabilities

6 - Rebecca Herold and the Smart Grid



In this inaugural video podcast, I recorded the session live, with an audience on Ustream. 

Here are a few examples of Internet posting policies referred to during the podcast:

http://www.af.mil/shared/media/document/AFD-090406-036.pdf 

 http://blogs.cisco.com/news/comments/ciscos_internet_postings_policy  

 http://www.exchange.telstra.com.au/training/flip.html


Jonathan Abolins provides us with a Top 10 Insecurity Predictions for 2010. What do you think of this somewhat "tongue-in-cheek" list?:

Top 10 or So List – Security Predictions for 2010

10. Scareware continues to be a problem. The bogus anti-virus warnings
get so good at impersonating real anti-virus software warning
messages, many people stop trusting ANY warning message and buy a new
PC instead.

9 . New variant of scareware appears; it's called “angstware”.  It
works by wearing down the victims with a series of varied warnings
about all kinds of possible threats, mostly bogus ones. Once the
victim is worn down, the “angstware” flashes an offer: "Wouldn't it
easier to click here and get it over?"

8. Cloud computing will become more popular. Info security in the
cloud will become a big issue as data gets "lost in the fog".
Computing meteorology emerges as a job niche.

7. Cyberwar anxiety will grow in 2010. Attribution (determining who
did the attack) will be a big challenge. Unfortunately, there will be
cyber-hawks who'll say they know the source of an attack. Result:
Ready, FIRE, … oops... aim.

6. Regarding the problem with unencrypted video transmitted by US
military drones being intercepted by insurgents:
  The Good News: The US military will fix its UAV drone's unencrypted
video leaks with the help of digital rights management tools used by
Hollywood.
   The Bad News: The Taliban can view the unencrypted videos by
piping the signals through a slightly hacked $50 DVD player.
   The Weird News:A Congressman blames the DVD player manufacturer
for “undermining" US security.

5. A pair of graduate students introduce "Qapla'" the first computer
programming language that uses the Klingon language for its commands.
Functions are started with the "tagh" command and the language
includes the "ngoqDe'" encryption module. Hard core Star Trek fans
rejoice. Nobody else notices.

4. The registrations of domains with non-Latin character names helps
make the Internet more accessible to people around the world. It also
opens opportunities for crooks with swapping look-alike characters in
domain names. Security folks will have some catching up to do. Among
the initial questions, “What are Latin characters? I didn't take Latin
in school.”

3. Social network sites will provide more sets of security challenges
as people learn how easy it is to “friend fiends” and to make various
privacy & security goofs. Among them, people will sign up to join a
“Mafia Family” type of social network game, only to learn that they've
signed up with a real crime organisation.

2. Business people still not using separate computer systems for
online banking and for general Web browsing.  The big surprise will
come when a country's national bank admits this mistake when it's
discovered that all the assets went to entities in Russia. The country
switches to using the rouble as its standard currency.

1. Deja vu all over again. People repeating the mistakes of 2009,
which are reshashes of mistakes of 2008, and so on to the beginnings
of humanity.

Please feel free to leave a comment below, send an email to scott@streetwise-security-zone.com or call 1-613-693-0997. Remember to join us on Mondays at 4:00pm at http://www.ustream.tv/channel/streetwise-security-edge

I am now offering monthly briefings, tailored to organizations that want to build and sustain security awareness for staff. Just because your security team is too busy to do its own training and awareness doesn't mean you can't have an economical way to address human security risks. Please call or email me at the coordinates below...

Scott Wright

The Streetwise Security Coach

Join the Streetwise Security Zone at:
http://www.streetwise-security-zone.com/join.html

Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Twitter ID: http://www.twitter.com/streetsec

To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.

 

 

Site Meter

 rate this post: very bad poor average good fantastic!
Comments

ScottWright
Group Administrator		ScottWright said on Thursday, January 7th 2010 @ 11:06 PM:

Being the first episode, I recognize, in retrospect that there were a few minor glitches. The audio recording seems to have been coming through the built-in mic instead of my headset, and my webcam inset window covers up the slide titles in my Powerpoint presentation. Next time, I'll move the window to the bottom where it will be less intrusive.

Any other improvements that would make the show better, in your view?


ScottWright
Group Administrator		ScottWright said on Sunday, January 10th 2010 @ 7:22 AM:

Note that my comments in this episode on the news about a secure USB drive being hacked were not as complete as I would have liked. In the following link, Bruce Schneier provides some important details that explain how even the FIPS 140 certified devices are susceptible to having simple vulnerabilities that make you wonder what good the certification is. The bottom line is that the certification only certifies certain aspects of the device's behavior regarding cryptography. When these kinds of devices have vulnerabilities, it's usually outside the scope of the certified parts of the device - often in the password management portion, which is strangely not part of the crypto operation.

http://www.schneier.com/blog/archives/2010/01/fips_140-2_leve.html