Tuesday, March 27, 2012

Email safety

2011 saw big time hacks on huge companies that one would think are fairly secure. Unfortunately, some of these attacks could have been prevented or slowed down by exercising a little more caution with email. The RSA breach started with somebody receiving an email and simply opening an attachment. How would something so simple cause such a problem? It’s really quite easy.

Over the last few years companies have spent the majority of their security budgets on perimeter and end point defenses like firewalls, intrusion detection/prevention and anti-virus tools. That kind of takes the fun out of it for most attackers since it makes them have to actually work to get in. So what do the bad guys do? Get into a different line of work? Ah, probably not. They look for an easier way in. And that way usually ends up looking to those who already have access to let them in.

Wireless Home network security

A lot of people have wireless access points set up in home networks. Wi-fi makes it so easy to connect all kinds of devices to the internet – PCs, printers, storage devices, tablets, laptops, even phones. No need for busting holes in walls and running yards and yards of cat5 cable. Just turn the device on and you’re connected. Sure a lot of the tablets and phones have their own internet connections, but for those with limited data plans, wi-fi connections at home give almost unlimited connection time. But how many people take the time to make sure their wi-fi connections are secure?

Mobile phone security

This is an interesting situation I recently read about. It seems law enforcement was stumped when they tried to access a phone that used a pattern lock program rather than the normal password lock. Reading a little more, it turns out that it might not be the complexity of the pattern, but more that the pattern lock program had a better method for dealing with brute-force attempts. After so many failed attempts, the phone remains locked until supplied with the user's Google login and password. Now this may only be the case for the specific combination of phone and pattern lock app, but it shows that it is possible to effectively lock up a device. The bigger question is, why aren't more apps and security features written with this kind of brute-force avoidance in mind?