National Cyber Security Awareness Month

Apparently it is National Cyber Security Awareness Month in the USA for the month of October. The they have some good banners and posters that might be of interest that could be used elsewhere.



There also appears to be a selection of Tip sheets that might be worthwhile looking at.

• Tip Sheets Documents:

• Gaming Tips for Kids

  
  
• Gaming Tips for Parents

  
  
• Internet Safety and Security Tips For Parents

  
  
• Mobile Tips

  
  
• Social Networking Tips

  
  

Map Based Passwords

Not entirely sure i think this is a great idea but map based passwords have been proposed as an alternative to regular passwords.

Apparently a user memorises a spot on a map but i can't help feeling that a map of London is going to attract a large number of people choosing the London Eye as their location. This method makes shoulder surfing easier i would have thought as a quick glimpse of a map would probably show where a user has chosen, especially if the location is fairly sparse.

Still, beats users writing it down and sticking it on the bottom of the keyboard..........

eEye Digital Security zero day tracker

eEye Digital Security have a Zero-Day tracker page to catalogue the latest zero-day exploits and vulnerabilities.


Link to zero day tracker here

How to tell what version of Ubuntu you are running.

Installed Ubuntu and forgotten what version it is? Upgraded so many times not sure what variant of Ubuntu it now is?

>> cat /etc/issue

Ubuntu 10.04.1 LTS

Really Really persistent cookies

Extremely persistent browser cookies:

evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they've removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.

Specifically, when creating a new cookie, it uses the following storage mechanisms when available:

• Standard HTTP Cookies
• Local Shared Objects (Flash Cookies)
• Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
• Storing cookies in Web History (seriously. see FAQ)
• HTML5 Session Storage
• HTML5 Local Storage
• HTML5 Global Storage
• HTML5 Database Storage via SQLite

And the arms race continues....

Five Irrefutable Laws of Information Security

Apparently these come from the CISO of Intel. Look pretty good to me.

1. Information wants to be free. Once data lands on the endpoint, it’s free. There is a much higher likelihood that data will end up in the wrong hands if it’s on an endpoint. Consequently, be careful about what you allow to be stored on the endpoint. Implement policies that restrict data leakage on endpoints and USB devices.
2. Code wants to be wrong. No matter how hard developers and engineers try, code always has flaws and bugs that open up vulnerabilities. Frequent and consistent patching is essential to keep your network protected to the highest degree possible.
3. Services want to be on. Employees, partners, and customers all want access to your network. Self-service utilities and applications are no doubt a great resource but they can also be the point of vulnerabilities. Frequently test and probe the security capabilities of these types of applications, and regularly look for vulnerabilities and weaknesses that may be exploited by any external or internal user.
4. Users want to click. Whenever users see a button, they click on it! Email borne viruses and malicious websites are the source of many viruses and breaches to network security. Educating your end users is an ongoing effort. People forget. They get lazy and have to be reminded about the dangers that lurk on the internet.
5. Security features want to be bypassed. Sometimes a security feature can be bypassed (even when enabled) depending upon if the state of a laptop is in standby mode, for example. Always review with your IT staff if any security feature can be bypassed by any means.

Recent twitter post

Now i get twitter................

Online safety sites for families

A couple of websites with some information on how to keep your family safe on the Internet.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=87583728-ef14-4703-a649-0fd34bd19d13&displayLang=en

Www.google.co.uk/familysafety

Interesting article

I came across this article as a great metaphor for how people think about security. Original post from http://erratasec.blogspot.com/

Thursday, September 02, 2010
A False Sense of Security
Posted by Robert Graham at 5:14 PM

This article describing Hurricane Earl shows a woman putting a pattern of duct tape on the window. Does this duct tape really help?

No, of course not. Duct tape does nothing to stop the glass for shattering, and does almost nothing to stop fragments flying around.

What it does give people is a false sense of security. For whatever reason, they’ve decided not to buy hurricane shutters (even though they live in a hurricane zone) and not board up their windows with plywood. But they can’t just do nothing, so they resort to sympathetic magic like taping up windows. At least they are putting something on their windows.

Such ignorance is not just useless, but in some cases, can be harmful. Some people believe they should leave their windows open a crack during a hurricane, in order to equalize pressure. The opposite is true: this makes it more likely that the hurricane will pop your roof off. The reason is that wind traveling over your roof creates low pressure above, and wind entering your house creates high pressure inside. This lifts your roof off, in precisely the same manner it lifts an airplane wing when flying.

There are obvious analogies with cybersecurity. People do things, like install anti-virus, firewalls, or WEP, because “doing something” makes them feel good. But they haven’t thought through the cause-and-effect whether doing such things actually work.

0 comments:

Post a Comment

Links to this post

Create a Link

Older Post Home
Subscribe to: Post Comments (Atom)