Remember banking before the Internet? You received printed bank statements in the mail and had to manually reconcile the information with the written register in your checkbook. I don’t miss it, but I also recognize the convenience of accessing my financial data through a bank website comes with some serious security considerations. According to a new consumer survey from Kaspersky Labs, I am not alone.
Kaspersky conducted an online survey between May and June of this year and gathered information from users in 23 countries around the world. The findings were eye opening.
First, more than three fourths of the survey respondents use multiple devices and/or platforms to connect to the Internet. More than a quarter indicated they actually prefer to access the Internet from a tablet or smartphone, and nine out of 10 revealed they store sensitive information on all of their devices.
At the Black Hat security conference in Las Vegas earlier this month, researchers demonstrated how a Nest thermostat can be hacked, to show how easily connected appliances—the household technologies that make up the Internet of Things—can be compromised. When you look beyond the demo's hyperbolic headlines, it turns out the hack requires physical access to the Nest device, but the questions remains, “How vulnearable is IoT?”
To find out, David Jacoby, a security researcher with Kaspersky Lab, hacked his own living room.
In a blog post detailing the exercise, Jacoby describes the array of connected devices in his home. He has two different NAS (network-attached storage) units, a smart TV, satellite receiver, printer, and the router from his Internet provider. Aside from the NAS units, it's all technology you can find in just about any house.
Most businesses have embraced mobile technologies, but many are still on the low end of the mobile maturity curve. Good Technology has published its second-quarter Mobility Index Report, and it reveals some interesting trends regarding the mobile platforms and apps businesses are deploying.
Good Technology aggregated data from customers around the world and monitored app and device activations to determine overall trends, as well as which platforms and apps are most popular among Good customers.
According to the report, iOS accounted for 88 percent of app activations. As impressive as that is, it represents a 4 percent drop from the previous quarter. That drop in iOS apps was swallowed up by Android, which claimed 12 percent of the enterprise app activations this quarter.
Data breach after data breach has illustrated just how weak and ineffective passwords can be for protecting accounts and sensitive information. Many sites and services have implemented secondary security protocols and two-factor authentication, but users frequently use information and email accounts that can be easily compromised—giving attackers a simple way to access your information.
One common secondary protocol is to have users supply an alternate email address. Sites and services will use the primary email address 99 percent of the time, but if something happens with that email account, or additional verification is necessary to prove you are really you, a message will be sent to the alternate email address. That alternate email address is often a weak link attackers can exploit.
Don’t let the word “virtual” in virtual servers fool you. You’re the only one who knows it’s virtual. From the perspective of the virtual server itself, the devices connected to it, applications running on it, end-users connecting to it, or security threats trying to compromise it, the server is very, very real. A new survey from Kaspersky Labs found that many IT professionals understand that securing virtual environments is important, but don’t fully understand the threats or how to properly defend against them.
Kaspersky Lab surveyed nearly 4,000 IT professionals around the world to gather research for the Global IT Security Risks Survey 2014—Virtualization report. Security concerns were cited by 43 percent of respondents as a significant barrier to implementing virtualization, and 41 percent stated that managing security solutions within virtual environments is a struggle.
Those numbers aren’t horrible, but could be better. Where things take a turn for the worse is when Kaspersky Labs asked the IT professionals about their awareness of the security threats facing virtual environments and how to defend against them. According to Kaspersky, 36 percent claim that security concerns facing virtual servers are significantly lower than those for physical servers, and 46 percent believe the virtual environment can be adequately protected using conventional security solutions. More than half of the survey respondents indicated their company has only partially implemented security solutions in the virtual environment.
Congress has been pursuing an investigation into alleged misconduct at the IRS, and as a part of that investigation it requested emails from former IRS director Lois Lerner for the timeframe in question. The response Congress got was those emails—along with any archive or backups of those emails—have been erased and are no longer available. There are legal and compliance requirements organizations must abide by when it comes to retention of information, and the IRS apparently dropped the ball.
Dr. Barbara Rembiesa, president and founder of IAITAM (International Association of Information Technology Asset Managers), didn’t pull any punches when talking about the plausibility of the claim that the emails have been destroyed. She is quoted in an IAITAM blog post stating, “The notion that these emails just magically vanished makes no sense whatsoever. That is not how IT asset management at major businesses and government institutions works in this country.”
According to Rembiesa, there are some serious questions to be asked of how the IRS handled the situation, and the answers could prove to be a bit of a smoking gun for the larger investigation.
I wrote yesterday about a report from Microsoft researchers, which goes against established password security best practices. The new guidance from the Microsoft researchers makes sense to me, because it fits how I handle password management already. However, at least one security expert feels that there is a fatal flaw that makes the new password advice impractical: You.
Almost every aspect of computer security and privacy seems to come back to that one fundamental issue. You—the user—are the weakest link in the security chain. No matter how effective a security process or tool has the potential to be, user error can undermine the whole thing and render the security useless.
In a nutshell, the Microsoft researchers assert that the default advice to use unique, complex passwords for every site and service you use doesn’t work. Users can’t remember that many complex passwords, so instead they opt to ignore the advice entirely and use the same often ridiculously simple password everywhere, increasing their exposure to risk and compromise. What the Microsoft researchers propose is that people group credentials based on their importance or access to sensitive data and feel free to re-use simple passwords for accounts that don’t really matter.