Adriana Lukas's Library tagged security → View Popular

Filter:
All
Annotated

05 Nov 09

Links » Another Protocol Bites The Dust

www.links.org/?p=780 - Preview

authentication SSL crypto HTTPS opensource security

15 Oct 09

The pocket spy: Will your smartphone rat you out? - tech - 14 October 2009 - New Scientist

not good

www.newscientist.com/...ur-smartphone-rat-you-out.html - Preview

spy security mobile data forensic surveillance privacy

08 Oct 09

DDoS attack rains down on Amazon cloud • The Register

"The lesson here is: 'Don’t bet the farm on a single cloud provider,'" says Craig Balding, founder of cloudsecurity.org and a security practitioner at a Fortune 500 company. "It's common sense really. But people get lulled into thinking they site is always going to be available [when they host with a single provider]."

www.theregister.co.uk/...amazon_bitbucket_outage - Preview

ddos cloudcomputing security amazon bitbucket ownership data

23 Sep 09

Moserware: A Stick Figure Guide to the Advanced Encryption Standard (AES)

this is very very cool. worth going to the end even if you think not interested in crypto - one of the most important pieces of technology/know-how to make communication on the internet/web private and secure. seems cartoons are a good way to get people keep reading. :)

www.moserware.com/...-figure-guide-to-advanced.html - Preview

encryption cryptography AES security communications privacy cartoon

01 Sep 09

Multi-Factor Authentication

It is an opt-in account feature that requires a valid six-digit, single-use code from an authentication device in your physical possession in addition to your standard AWS account credentials before access is granted to your AWS account settings.

aws.amazon.com/mfa - Preview

amazon authentication applications id security cloudcomputing

29 Aug 09

Bill would give president emergency control of Internet | Politics and Law - CNET News

not good

news.cnet.com/8301-13578_3-10320096-38.html - Preview

security politics technology president US internet FAIL

25 Aug 09

Information Security: Why Cybercriminals Are Smiling - Knowledge@Wharton

knowledge.wharton.upenn.edu/article.cfm - Preview

information security privacy identity cybercrime online financial

otherwise sophisticated business entities regularly fail to secure key information assets and that many companies are struggling with incorporating information security practices into their operations.
there seems to be a process-based failure under way. It's in companies' interests, internally and externally, to secure their information assets. Internally, when a company experiences a data breach, it is potentially compromising trade-secret protection on key intangible assets. Externally, it is going to get bad publicity and trust will diminish among customers, business partners and even its own employees. So securing information assets is a win/win.
18 more annotations...
- Information security [has been] generally viewed as the province of IT departments, and at one point that may have made sense. But at this point, IT security needs to have a process approach, [coming] from the top layers of a company and a culture of security [should be] filtered through the company's lower layers.
  - no shit sherlock. there is no such thing as 'security', there is data integrity, privacy and levels of exposure tolerance. Security is just an umbrella name for all these, and separating it from the core business means losing it. - on 2009-08-24
  Add Sticky Note
- When a company possesses sensitive information, each subsequent sharing of that information creates another dependency, another point of risk. A compromise anywhere in the chain of possession ... is the equivalent of a compromise along every point. So the banks in the TJX case were not pleased, the customers who had data compromised were not pleased and TJX had regulatory action [launched] against it because of that breach.
  - good point about the sharing of information creating a dependency, a point of risk. which in other words is 'weakest link' type of argument. - on 2009-08-24
  Add Sticky Note
- Twenty years ago, there weren't databases full of such rich consumer information as we have today. The ease of sharing information through the Internet generates targets for information criminals. At this point, the identity-theft economy is on par with or surpassing the [illegal] drug economy.
- In many countries where cyber criminals live, the acts that they're engaging in aren't illegal, and their governments are not going to extradite these individuals.... On top of that is the lack of a reciprocal regime for recognizing judgments in other countries, which predates the Internet.... We just never resolved the convention on jurisdiction and judgments to allow us to have our judgments in our courts efficiently enforced in other countries.
- Matwyshyn: Very much so. First, as you mentioned ... individuals voluntarily disclose a significant amount of information. But if you ask them, they'll say they're very concerned about their privacy. When [such] contradictory behavior [is combined] with difficulty in using privacy settings on websites, [people] sometimes don't realize how much information is readily available to the public.
- But there is a bit of a contradiction between users' behavior and users' stated preferences on privacy.
- A corollary concern for information security, as a result of social networks such as Facebook, is that platforms on those networks enable developers to generate interesting, fun, new applications for users to interact. There's really no information security vetting of those applications by the central platform provider, Facebook in this case. The applications request information on a users' entire portfolio of friends and then all of those people have data that is possessed by the application provider. What the application provider is using that data for and the extent of secure storage that [it] uses are unknown [to users] and Facebook or another social networking site is not going to [publicize] it. It's not in their interest to do so because they'd rather not be associated with that relationship. They just want to provide the platform. But most users don't realize or don't analyze the extent of information sharing that happens through, for example, the applications....
- So unlike [with] television, where you're reacting passively to stereotypes and roles and so forth, the Internet is a very active medium and it will likely have, if we get to research this more, the same ... [if perhaps not more] impact on children ... than parents themselves.
- the act requires verifiable parental consent for any data collection and storage from a child under the age of 13. As Diana mentioned, many children, particularly at age 13, are far more technologically adept than their parents. And what is verifiable parental consent? Originally [legislators] wanted faxed transmissions to demonstrate a parent's approval. But they created an email exception. Well, as any smart 13 year old will tell you, you can forge your parent's email about as easily as you can forge a note that you were just at the doctors to get out of study hall. Consequently the ability to verify the identity of the person giving consent is something that has been circumvented by children who [are determined] to get access to a Web service or website.
- We've distributed the information to a great extent, yet we still expect it to have the same level of confidentiality that [it once had]. [Just the] knowledge of a credit card number and its expiration date allows a criminal [for all intents and purposes to] print money at the expense of that [credit card holder]. We are essentially doing something that's not entirely consistent with the nature of the information.
- [All] security breaches are ultimately caused by a failure in a process or implementation of a security policy. But the damage [from financial information breaches] does have a unique, unusual root cause [in] that financial information cannot at once both be distributed to thousands of entities and be so valuable that mere knowledge or access to it is enough to cause monetary losses. We can't have it both ways.
  
  It's not so much that the breaches are surprising. It's that when a breach occurs, the fact that there is no damage control and containment are impossible is a function of how we ... use financial information.
- Knowledge@Wharton: So financial information is unique in the sense that it is both confidential and widely disseminated?
  
  Paya: Exactly, that's the paradox.
- Best practice is to make sure that your secrets have short shelf lives and can be frequently renewed. That's not something generally followed with consumer data. Credit cards have multi-year expiration periods and Social Security numbers are indefinite [since] you have one for life.
- The lesson from the offline world is ... acknowledging the fact that the longer a secret exists, the greater the probability of a breach of confidentiality. So try to limit that window of time. That's a lesson that hasn't quite carried over to the consumer financial data, because much of [it] has a very long shelf life.
- The biggest mistake ... is not having a clear handle on where the information lives. The design of large systems calls for a lot of redundancy. Data is copied, duplicated, backed up, sometimes sent to different partners, data warehouses, shipped off site in case some catastrophic event destroys your data center. So data has a tendency to replicate itself. And one of the big challenges is when companies lose track of where the information is. It's very hard to point to a particular computer or a particular rack and say, "This is where all the credit cards live." .... The problem is that the more spread out they are, the more points of failure you have to worry about.... The first challenge [arises by] not having an inventory of what you're collecting, even if you know where you collect it, not knowing where exactly you put it.
- PricewaterhouseCoopers, which did a survey of chief information officers, chief security officers, high-ranking ... decision makers.... One of the startling [findings] is that a large number, approximately 30%, of the respondents could not provide information about where all of their information assets were stored and this is self-reported.
- We're talking about at the state level, resources will be coordinated to protect families and where people work, now that the genie is out of the bottle.
  - oh dear, please, let not the state be involved! - on 2009-08-25
  Add Sticky Note
- At the tactical level, my advice in terms of risk management is doing more with less. The less data you have, the less your risk is. If you don't need the data, don't collect it. If you don't need it anymore, erase it, delete it, shred it. Make sure that fewer systems have access to the data, and fewer people have access to the data. The more you can design a system so that you can do more with the same amount of data, the better you'll manage your risks.

23 Jul 09

Lesson From Tor Hack: Anonymity and Privacy Aren't the Same

excellent exposition of Tor, what it does and what it doesn't and why anonymity and encryption go hand in hand.

www.schneier.com/essay-182.html - Preview

anonymity tor security internet politics privacy hackers

Tor is a free tool that allows people to use the internet anonymously. Basically, by joining Tor you join a network of computers around the world that pass internet traffic randomly amongst each other before sending it out to wherever it is going. Imagine a tight huddle of people passing letters around. Once in a while a letter leaves the huddle, sent off to some destination. If you can't see what's going on inside the huddle, you can't tell who sent what letter based on watching letters leave the huddle.
The communications between Tor nodes are encrypted in a layered protocol -- hence the onion analogy -- but the traffic that leaves the Tor network is in the clear. It has to be.
2 more annotations...
- Presumably, most of these organizations are using Tor to hide their network traffic from their host countries' spies. But because anyone can join the Tor network, Tor users necessarily pass their traffic to organizations they might not trust: various intelligence agencies, hacker groups, criminal organizations and so on.
- One of the tools developed by Dark Web is a technique called Writeprint, which automatically extracts thousands of multilingual, structural, and semantic features to determine who is creating "anonymous" content online. Writeprint can look at a posting on an online bulletin board, for example, and compare it with writings found elsewhere on the Internet. By analyzing these certain features, it can determine with more than 95 percent accuracy if the author has produced other content in the past.

22 Jul 09

The Anatomy Of The Twitter Attack

www.techcrunch.com/...-anatomy-of-the-twitter-attack - Preview

twitter security hacker cloud passwords socialmedia techcrunch

Surveillance Self-Defense International | Electronic Frontier Foundation

read and pass on!

www.eff.org/...nce-self-defense-international - Preview

defense security survellaince EFF tips

25 May 09

Blackmail fears over stolen RAF data files - Telegraph

www.telegraph.co.uk/...ver-stolen-RAF-data-files.html - Preview

raf blackmail data security government

10 May 09

Hackers darkened cities, CIA says

so security by obscurity. Arrgh!

www.securityfocus.com/666 - Preview

security stupid hackers government

The makers of industrial control and monitoring systems -- of which the most well-known type is supervisory control and data acquisition (SCADA) systems -- have largely depended on the obscurity of the devices and software to keep the systems secure.

Reports: Thief holds Virginia medical data ransom

oh boy, oh boy, oh boy.

www.securityfocus.com/957 - Preview

medicalrecord health hacking security ransom attack

07 May 09

10 Privacy Settings Every Facebook User Should Know

excellent howto about facebook 'privacy'. amazing how complicated the settings can get, innit?

www.allfacebook.com/...facebook-privacy - Preview

facebook privacy security socialmedia Settings

27 Apr 09

The Sorry State Of Online Privacy - washingtonpost.com

or change the way people manage and control their data.

www.washingtonpost.com/...AR2009042601208.html - Preview

data platform privacy security cloudcomputing individual

20 Apr 09

The Cloud Is Hype, the Conversation the Same, Transparency Is Key

www.schneier.com/news-083.html - Preview

security cloudcomputing transparency hype delicious

Yep, that's right. These things are important. If you are concerned, ask the questions, but these are the same questions as you would ask about using gmail. I mean why weren't we having these discussions when gmail first showed up. DOS attacks, provicay concerns, security concerns, who has access to my data. What happens when bad things happen. This is no different to a conversation about gmail. It is actually no different to a conversation on a shared account on a bulletin board system. We could have had this conversation 25 years ago. These really are the same conversations. What is different are the method of access and the technology and protocols, but from a human level and a security level – they are the same issues. You know, I use an ISP: are they vulnerable to DOS attacks? What are the privacy measures they have in place? How do I know that no one else can read my email?

14 Apr 09

Software improves p2p privacy by hiding in the crowd

www.physorg.com/news158419063.html - Preview

privacy internet security p2p download anonymity network filesharing mining delicious

06 Apr 09

xkcd - A Webcomic - Security Question

xkcd.com/565 - Preview

security technology geek humor comics xkcd government delicious

27 Mar 09

Browser Add-on Locks out Targeted Advertising - Business Center - PC World

TACO anyone?

www.pcworld.com/..._out_targeted_advertising.html - Preview

advertising internet security plugin privacy targetting delicious

18 Mar 09

Legacy Locker - The safe and secure way to pass your online accounts to your friends and loved ones.

www.legacylocker.com - Preview

VRMLabs reviews applications VRM death online security delicious

1 - 20 of 134 Next › Last »

Showing 20▼ items per page

Selected Tags

security

Related Tags

Top Contributors

Click in to find related links.

Groups interested in security

CIPP Information Privacy & Security News

Members (9)

bookmarks (787)
WPPS NEWS

Members (5)

bookmarks (438)
IB ITGS

Members (120)

bookmarks (643)

Related Lists on Diigo

Free Security Software

Free security software to h...

Items: 22 | Visits: 113

Created by: Matt G.
Defensive Web Programming

Links that came up during S...

Items: 16 | Visits: 181

Created by: Joel Bennett
Online Security

Everything related to onlin...

Items: 4 | Visits: 137

Created by: Call Me What You Want

Diigo is about better ways to research, share and collaborate on information. Learn more »

Join Diigo

Adriana Lukas's Library tagged security → View Popular

Links » Another Protocol Bites The Dust

The pocket spy: Will your smartphone rat you out? - tech - 14 October 2009 - New Scientist

DDoS attack rains down on Amazon cloud • The Register

Moserware: A Stick Figure Guide to the Advanced Encryption Standard (AES)

Multi-Factor Authentication

Bill would give president emergency control of Internet | Politics and Law - CNET News

Information Security: Why Cybercriminals Are Smiling - Knowledge@Wharton

Lesson From Tor Hack: Anonymity and Privacy Aren't the Same

The Anatomy Of The Twitter Attack

Surveillance Self-Defense International | Electronic Frontier Foundation

Blackmail fears over stolen RAF data files - Telegraph

Hackers darkened cities, CIA says

Reports: Thief holds Virginia medical data ransom

10 Privacy Settings Every Facebook User Should Know

The Sorry State Of Online Privacy - washingtonpost.com

The Cloud Is Hype, the Conversation the Same, Transparency Is Key

Software improves p2p privacy by hiding in the crowd

xkcd - A Webcomic - Security Question

Browser Add-on Locks out Targeted Advertising - Business Center - PC World

Legacy Locker - The safe and secure way to pass your online accounts to your friends and loved ones.

Selected Tags

Related Tags

Sponsored Links

Top Contributors

Groups interested in security

CIPP Information Privacy & Security News

WPPS NEWS

IB ITGS

Free Security Software

Defensive Web Programming

Online Security