Currently browsing Posts Tagged “information security”

Page 1 of 1

Twitter Settles Charges that it Failed to Protect Consumers’ Personal Information; Company Will Establish Independently Audited Information Security Program

Posted by Rich Chuckrey in Shorts

, , , , , ,

It’s said and done now, but really, shame on Twitter. These are just some painfully obvious and blatant information assurance mistakes. And to consider these security errors occurred on a massive lifestreaming site such as Twitter. Unthinkable.

The FTC:

According to the FTC’s complaint, Twitter was vulnerable to these attacks because it failed to take reasonable steps to prevent unauthorized administrative control of its system, including:

  • requiring employees to use hard-to-guess administrative passwords that are not used for other programs, websites, or networks;
  • prohibiting employees from storing administrative passwords in plain text within their personal e-mail accounts;
  • suspending or disabling administrative passwords after a reasonable number of unsuccessful login attempts;
  • providing an administrative login webpage that is made known only to authorized persons and is separate from the login page for users;
  • enforcing periodic changes of administrative passwords by, for example, setting them to expire every 90 days;
  • restricting access to administrative controls to employees whose jobs required it; and
  • imposing other reasonable restrictions on administrative access, such as by restricting access to specified IP addresses.

    • It’s easy to overlook information security basics such as what the FTC found Twitter had done. But seriously, these steps listed above are not that painstaking to take care of. This should be a lesson-learned for all folks attached to the IT industry.

    “Untrained” or Uncertified IT Workers Are Not the Primary Security Problem

    Posted by Rich Chuckrey in Shorts

    , , , , , ,

    I came across this little gem of a post on IT security and can’t agree more with Mr. Bejtlich’s assessment. Here’s what he had to say on IT security and uncertified IT workers:

    The myth is this: “If we just had a better trained and more professional IT corps, digital security would improve.”

    Instead of spending money first on IT workers, educate their management, throughout the organization, on the security risks in their public and private lives.

    The balance between security and business is common gray area that’s unlikely to go away in the near future. Differing ideals and philosophies towards security spread through all levels of corporate staffing and that difference in opinion often leads to security configuration extremes.

    Perceptions of IT security range from paranoia to irresponsibility. Just as Richard Bejtlich blogs, the best case for striking a balance between the two is when all parties involved are educated and have a clear understanding of security and its necessity within the business.

    ALERT: Facebook Adware Now Spreading: “Distracting Beach Babes”

    Posted by Rich Chuckrey in Shorts

    , , , , , , ,

    Techmiso - ALERT: Facebook Adware Now Spreading: "Distracting Beach Babes"

    Two weeks in a row we are seeing the spread of salacious malware on Facebook. Steer clear of Facebook’s “Distracting Beach Babes.”

    Gramah Cluley makes a curious point on his award winning security blog regarding the timing of malware:

    I’m beginning to wonder if the cybercriminals deliberately launch these campaigns on the weekends, imagining that anti-virus researchers and Facebook’s own security team might be snoozing.

    Security Clearance

    Posted by Rich Chuckrey in Articles

    , , , , ,

    Security clearances are not your sugar-coated M&Ms handed out on Halloween night to neighborhood kids tricking and treating. The United States government takes painstaking steps to determine a person’s [or an agency's] eligibility to access sensitive information and in turn issues a certificate of qualification.

    But what have clearances come to stand for? Are they just a showpiece for employment eligibility or power play? Or worse yet, have clearances become an excuse to act inappropriately.

    Continue

    TechMiso © Copyright 2012. All Rights Reserved.

    Designed & developed by We Are Pixel8.

    Back to Top