Category Archives: Security Awareness

How’s the security of your local city web site?

Filed under Security Awareness

I saw this news article tonight and had to laugh…

“We all recognize that the Web site is important to the community,” Mayor Roy Robinson said. “We’ve tried to save money to build our own Web site. We should be designating a certain amount of money to maintain and protect it in a professional manner.”

Yeah, you get what you pay for guys! Basically, the local city web site got hacked. The article tried unsuccessfully to say that the main page was hacked and users were redirected to spyware/malware web sites. Trojan horse in a database…huh? Have to love the media interpretation of technical issues.

This is nothing new right? Think about this though…how many other local communities do the same thing to cut corners and save some cash? Sure it’s expensive to build and maintain a web site with security in mind but these days, can you really afford not to? I found a local city web site with security issues (while the one I found was a bit more serious) several weeks ago as an example. Next time you get a chance to talk to your local community ward representative ask them when they last had a security assessment done on the city web site, especially if they are offering services vital to the community.

Online Social Networks: 5 threats and 5 ways to use them safely

Filed under Security Awareness

Last night I gave a talk at the Northeast Ohio Information Security Forum called “Online Social Networks: 5 threats and 5 ways to use them safely”. I spent the last few months doing research on various social networks specifically MySpace, Facebook, LinkedIn. Many of us either use these sites or know others that do. Users of these sites have been increasing at a dramatic rate for several years. For example, MySpace was the most visited website in the US with more than 114 million global visitors in 2007, and Facebook increased its global unique visitor numbers by 270% last year alone. With this massive increase in social network usage, online social networking is now becoming the fastest growing area of privacy concerns and security threats.

My talk went over the top 5 emerging threats to online social networks and I also talked about 5 ways you can use these sites safely. You can download my presentation here. Be safe out there! 🙂

The Honey Stick Project: Tracking Mobile Storage Devices

Filed under Security Awareness

<%image(20080319-honey_pot.jpg|99|110|Honey Pot!)%>

Here is a pretty cool project that I stumbled upon over at Security Catalyst. The concept is to have a “Honey Pot for mobile storage devices” but each mobile storage device (USB key, iPod, etc…) in reality becomes it’s own “Honey Stick” where the researcher can safely track how many people are plugging these devices into their computers. The hope is that by leaving these devices around in public areas, someone will pick them up..and plug them in. There is even a psychological aspect to this because the researcher, Scott Wright, is actually finding people that want to return these found devices to the owner!

While there may be some privacy concerns conducting this type of public experiment…Scott seems to have done his homework on this project thus far. I am looking forward to reading more about his results as the experiment continues. He has results for his first “stream” here. Check out the Honey Stick Project web site for full details and information.