Thursday, November 13, 2014

A Look Back…

The subtitle of my blog is “Finding the balance between access and security.”  What I attempted to do with my blog was to look at information security issues.  Cybersecurity professionals are always trying to find the right mix between making something secure enough and at the same time, accessible.  In this process, there are always compromises. Most of the time, the right place to be is close to the middle.  But some things don’t have a clear, generally agreed on solution.

In many of the posts, the issues are pretty straightforward and I took a strong position on one side of the issue.  For example, I really think WikiLeaks founder, Julian Assange was completely wrong to post a malware program on his website instead of giving it to security professionals who could work on a defense against the software (17 September).  In other posts, I stayed firmly in the middle.  In my post about ethical hackers being paid to find security flaws in software (1 September), I stated they provide a valuable service so we can defend against unethical hackers.

I encountered the topics for my blog in the radio programs I listen to and the blogs I subscribe to at work.  It didn’t seem difficult to find topics to write about. Most of the sources were IT tech blogs and they simply caught my attention.  I subscribe to about 8 weekly blogs on a variety of topics.  Most weeks I don’t read all of them.

Since I was generally commenting on someone else’s blog post, I feel that I wasn’t really adding anything new.  If I wasn’t required to blog for this class, I would comment on the blog with my opinion. Still, it was an enjoyable experience.   It’s a lot more fun to write about something I feel strongly about.  Doing so in a blog makes me think it through and organize my thoughts better.  On at least one occasion, I actually changed my opinion before I was done writing.  

Posted by at No comments:

Tuesday, November 11, 2014

Criminals Get Caught by Weak Security

Apparently, criminals need to be more concerned about security, too!  US and European law enforcement agencies recently took down 400 illegal websites, arrested 17 people and confiscated drugs, money and computer equipment.  The websites were all using Tor, a web anonymity application that is used for accessing the "dark web"-- webpages that are not indexed by normal web browsers like Google or Bing.  Because the websites aren't easily accessible, they are popular with people who want to circumvent laws.  This includes political activists.  It also includes people who sell child porn, stolen credit card information, illegal drugs and weapons.

Tor is a browser on the surface, but it has a suite of applications that work with it to anonymize the path the data takes, add layers of encryption and hide the identity of the sender.  The user can access the dark web using Tor, but it isn't secure unless you configure and activate the additional applications.  Adding additional security such as adding more hops or additional layers of encryption slows down the data transfer.  Apparently, some criminals got complacent or impatient.

The specifics of how the criminals were caught isn't explained in the blog post, but my best guess is they cut corners with their security.  In this case, it worked out for the forces of good!



Nieva, R. (2014, November 7). Police skirt Tor anonymity software in shutting down illegal websites - CNET [Web log post]. Retrieved from http://www.cnet.com/news/authorities-skirt-tor-anonymity-software-in-shutting-down-illegal-websites/
/
Posted by at No comments:

Thursday, November 6, 2014

Microsoft Gets a Little More Secure

I remember the early days of Microsoft Windows.  It was designed as a stand-alone operating system.  This made sense since the only way to connect to the Internet was through a modem and a phone line.  Dialup Internet access was expensive, too, so most didn't have access at first. As technology improved, security on a Windows PC didn't keep up.  We had to buy aftermarket anti-virus and malware software.  Just six years ago, Microsoft began offering free anti-virus software called Security Essentials for download on any Windows PC.  They're going to include more security features in Windows 10, the next generation of Windows scheduled for release in 2015.

According to Ed Bott of ZDNet, Windows 10 will be able to have 2 factor authentication built in, requiring a PIN or biometric, greatly reducing the threat of identity theft. The second factor will be the device - a tablet, laptop or PC.  It looks like this could be used for purchases with a cell phone and a PIN or fingerprint complete the transaction.  These features will also be available on enterprise computers as well, improving corporate security.  It looks like this will make bring-your-own-device secure enough to satisfy enterprise security professionals

Details will be coming as time goes by, but it's great to see Microsoft getting more serious about security.



Bott, E. (2014, October 22). Microsoft reveals audacious plans to tighten security with Windows 10.  Retreived from ZDNet; http://www.zdnet.com/microsoft-reveals-audacious-plans-to-tighten-security-with-windows-10-7000034963/?s_cid=e539&ttag=e539&ftag=TRE17cfd61

Posted by at No comments:
Subscribe to: Posts (Atom)