Welcome!

Blog Feed Post

Cyber Security 2014: An Oxymoron

Cyber Security 2014

If we learned anything this past year, it’s that information we store online is exceptionally vulnerable. Our metadata (the data that describes who we are and what we do) is in the hands of people who are about as successful at protecting it as 1850′s bankers were at protecting money in the Old West. Sure, the metal safe looked strong and secure, but a motived bank robber with a stick of dynamite had all the tools required. In just the past few weeks hackers have had their way with Target Stores, Snapchat and thousands of other “targets of opportunity” that you will never hear about.

How do they do it? Every way you can imagine (and a bunch of ways you can’t).

We can start with the government. It’s not strictly hacking; it’s more like manhandling, but… by now it should be abundantly clear that the NSA has access to everything that it wants to have access to. Everything on your iPhone, your Wi-Fi signal, laptops you bought online, your private cell phone conversations, your email address books… the list goes on and on and on. At this point, anything the NSA wants to know about you, it will know about you.

I’m not making a political statement, nor am I suggesting that there is anything right or wrong with the government having access to virtually everything it wants to have access to. That said, there are all kinds of additional security issues caused by systems that allow certain information to be tracked by some systems, but not by others. To say nothing of the psychological issues caused by the knowledge that when you are connected, your electronic trail is available. And, for all practical purposes, cannot ever be erased.

Add to this, malicious hackers who are interested in profiting from the sale of your information, interested in making a name for themselves or simply trying to make a point about something. There’s nothing anyone can do about this group of hackers or these types of hacks. They are a fact of life in the Information Age. However, there are a few things you can do to protect yourself in 2014.

Target’s Black Friday Breach

Over 40 million credit cards were compromised after a massive attack on Target during the weeks leading up to Christmas. There’s nothing much Target can do to help you at this point. Sure, its CEO is offering free credit monitoring, the company is on the hook for $3.6 billion in fines and banks are capping cash withdrawals after it was announced that yes, the breach compromised PIN numbers, too, even though Target initially said they were safe – they’re not safe and you’re on your own.

If you shopped at Target between the middle of November and the middle of December, there’s a good chance your card is compromised. If your bank hasn’t canceled your card already, strongly consider calling up your credit card company and canceling it yourself. Here’s a helpful guide as to what to do if your credit card is stolen. Basically: cancel your card, monitor your statements, create a fraud alert, and move on.

Target’s breach was both better and worse than most other hacks we saw in 2013. It was worse because its repercussions could be of a greater impact than having your Yahoo password stolen, for instance. Having someone gain access to your credit card info could max out your credit cards and destroy your credit score. But it’s better because every financial institution is aware of the breach, and most credit cards have fraud protection, ensuring you won’t be stuck paying for anything you didn’t actually buy.

Target’s breach was also an example of just how helpless we are. All you did was buy Christmas presents, or maybe just some groceries, and suddenly your life became far more complicated and annoying. And, this is just the beginning – expect this kind of thing to happen on a regular basis – truly, nothing can stop it.

Snapchat’s Phone Number Leak

It’s already known that even though Snapchat is designed to make it seem like your snaps (the photos you send your friends and family) disappear once you open them, anyone can actually save them without you even knowing. Forget a “Screenshot!” alert; you can sneak in through the back door of Snapchat and save anything and everything you receive. While it’s not a hack organized crime would bother with, it’s worth repeating that snaps and every other picture you ever take with a digital camera enter the body of knowledge of mankind and will be seen by everyone in the world. So, “Carlos Danger,” never take a picture of something you don’t want the world to see.

Back to bigger hacks. This past August, Gibson Security published a report that said the coding in Snapchat made it possible for anyone to find out a bunch of information about any account, including your username and phone number. Gibson published a new report about the same thing in December, which Snapchat addressed by saying that it wasn’t an issue. Well, it turns out that Snapchat was wrong and that it was, in fact, an issue. A website called snapchatDB posted SQL/CSV files that contain the username and associated phone number for a “vast majority” of the service’s users – over 4.6 million users, to be precise.

There’s not a lot of text-based private information on Snapchat – you don’t need to fill in too many fields to start texting selfies to your friends. But Snapchat’s user base is mostly teens and tweens, and Kevin Poulsen of Wired Magazine points out the biggest fallout from this leak: possible stalking. How’s that for your first tech life lesson? Don’t have fun with your friends or you might be harassed because bad men want to ruin your day!

What Can We Do?

The most important thing we can do is to remain vigilant. Keep track of everything, and if anything seems suspicious, act on it. Start getting a bunch of weird emails? Can’t log in to an account you should be able to? See some weird pending charges on your credit card statement? Take action!!! YOU are the best defense against the mean, awful, angry world of hacking.

If you suspect your accounts are compromised, change your passwords. Make them as secure as can be. Spending a few extra seconds typing in a password every once in a while is worth it to make your account more difficult to crack. Use the guidelines I laid out. It might seem like a hassle, but keeping unique passwords for every site you use (I know, you probably have accounts for dozens if not hundreds of sites) will keep all your other accounts secure. But it’s (arguably) better than the alternative: having one hacked site force you to change dozens of passwords at once.

If your credit card statement looks funky, call your bank immediately. Dispute any charges, then cancel your card. People can get your credit card information any number of ways; banks (usually) won’t hold that against you. Be proactive, rather than reactive, and make sure you’re protected.

Lastly, and most importantly, keep all of your credit card numbers and the associated contact information for canceling your cards in a place where you can quickly, securely get to them. Using a password wallet or other specialized software will make it much easier to go through the process. “Best practices” says to keep copies of this data in several different places (including on paper) and stored as safely as you store your household cash or jewelry. The goal is to be able to quickly contact every credit provider. That’s all you can do. The hacks we’re seeing now are being done by professionals who simply want to sell your information and defraud the financial institutions you patronize — they don’t care about you personally — it’s strictly business.

Read the original blog entry...

More Stories By Shelly Palmer

Shelly Palmer is the host of Fox Television’s "Shelly Palmer Digital Living" television show about living and working in a digital world. He is Fox 5′s (WNYW-TV New York) Tech Expert and the host of United Stations Radio Network’s, MediaBytes, a daily syndicated radio report that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment.

Latest Stories
Data is an unusual currency; it is not restricted by the same transactional limitations as money or people. In fact, the more that you leverage your data across multiple business use cases, the more valuable it becomes to the organization. And the same can be said about the organization’s analytics. In his session at 19th Cloud Expo, Bill Schmarzo, CTO for the Big Data Practice at EMC, will introduce a methodology for capturing, enriching and sharing data (and analytics) across the organizati...
DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
I'm a lonely sensor. I spend all day telling the world how I'm feeling, but none of the other sensors seem to care. I want to be connected. I want to build relationships with other sensors to be more useful for my human. I want my human to understand that when my friends next door are too hot for a while, I'll soon be flaming. And when all my friends go outside without me, I may be left behind. Don't just log my data; use the relationship graph. In his session at @ThingsExpo, Ryan Boyd, Engi...
SYS-CON Events announced today that Secure Channels will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. The bedrock of Secure Channels Technology is a uniquely modified and enhanced process based on superencipherment. Superencipherment is the process of encrypting an already encrypted message one or more times, either using the same or a different algorithm.
The vision of a connected smart home is becoming reality with the application of integrated wireless technologies in devices and appliances. The use of standardized and TCP/IP networked wireless technologies in line-powered and battery operated sensors and controls has led to the adoption of radios in the 2.4GHz band, including Wi-Fi, BT/BLE and 802.15.4 applied ZigBee and Thread. This is driving the need for robust wireless coexistence for multiple radios to ensure throughput performance and th...
The Internet of Things can drive efficiency for airlines and airports. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Sudip Majumder, senior director of development at Oracle, will discuss the technical details of the connected airline baggage and related social media solutions. These IoT applications will enhance travelers' journey experience and drive efficiency for the airlines and the airports. The session will include a working demo and a technical d...
SYS-CON Events announced today the Enterprise IoT Bootcamp, being held November 1-2, 2016, in conjunction with 19th Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA. Combined with real-world scenarios and use cases, the Enterprise IoT Bootcamp is not just based on presentations but with hands-on demos and detailed walkthroughs. We will introduce you to a variety of real world use cases prototyped using Arduino, Raspberry Pi, BeagleBone, Spark, and Intel Edison. Y...
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
Traditional on-premises data centers have long been the domain of modern data platforms like Apache Hadoop, meaning companies who build their business on public cloud were challenged to run Big Data processing and analytics at scale. But recent advancements in Hadoop performance, security, and most importantly cloud-native integrations, are giving organizations the ability to truly gain value from all their data. In his session at 19th Cloud Expo, David Tishgart, Director of Product Marketing ...
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...
While DevOps promises a better and tighter integration among an organization’s development and operation teams and transforms an application life cycle into a continual deployment, Chef and Azure together provides a speedy, cost-effective and highly scalable vehicle for realizing the business values of this transformation. In his session at @DevOpsSummit at 19th Cloud Expo, Yung Chou, a Technology Evangelist at Microsoft, will present a unique opportunity to witness how Chef and Azure work tog...
Information technology is an industry that has always experienced change, and the dramatic change sweeping across the industry today could not be truthfully described as the first time we've seen such widespread change impacting customer investments. However, the rate of the change, and the potential outcomes from today's digital transformation has the distinct potential to separate the industry into two camps: Organizations that see the change coming, embrace it, and successful leverage it; and...
SYS-CON Events announced today that China Unicom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. China United Network Communications Group Co. Ltd ("China Unicom") was officially established in 2009 on the basis of the merger of former China Netcom and former China Unicom. China Unicom mainly operates a full range of telecommunications services including mobile broadband (GSM, WCDMA, LTE F...
Enterprise IT has been in the era of Hybrid Cloud for some time now. But it seems most conversations about Hybrid are focused on integrating AWS, Microsoft Azure, or Google ECM into existing on-premises systems. Where is all the Private Cloud? What do technology providers need to do to make their offerings more compelling? How should enterprise IT executives and buyers define their focus, needs, and roadmap, and communicate that clearly to the providers?
The Transparent Cloud-computing Consortium (abbreviation: T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data processing High speed and high quality networks, and dramatic improvements in computer processing capabilities, have greatly changed the nature of applications and made the storing and processing of data on the network commonplace.