Click here to close now.

SYS-CON MEDIA Authors: Liz McMillan, Elizabeth White, Dana Gardner, tru welu, Blue Box Blog

Blog Feed Post

Cyber Security 2014: An Oxymoron

Cyber Security 2014

If we learned anything this past year, it’s that information we store online is exceptionally vulnerable. Our metadata (the data that describes who we are and what we do) is in the hands of people who are about as successful at protecting it as 1850′s bankers were at protecting money in the Old West. Sure, the metal safe looked strong and secure, but a motived bank robber with a stick of dynamite had all the tools required. In just the past few weeks hackers have had their way with Target Stores, Snapchat and thousands of other “targets of opportunity” that you will never hear about.

How do they do it? Every way you can imagine (and a bunch of ways you can’t).

We can start with the government. It’s not strictly hacking; it’s more like manhandling, but… by now it should be abundantly clear that the NSA has access to everything that it wants to have access to. Everything on your iPhone, your Wi-Fi signal, laptops you bought online, your private cell phone conversations, your email address books… the list goes on and on and on. At this point, anything the NSA wants to know about you, it will know about you.

I’m not making a political statement, nor am I suggesting that there is anything right or wrong with the government having access to virtually everything it wants to have access to. That said, there are all kinds of additional security issues caused by systems that allow certain information to be tracked by some systems, but not by others. To say nothing of the psychological issues caused by the knowledge that when you are connected, your electronic trail is available. And, for all practical purposes, cannot ever be erased.

Add to this, malicious hackers who are interested in profiting from the sale of your information, interested in making a name for themselves or simply trying to make a point about something. There’s nothing anyone can do about this group of hackers or these types of hacks. They are a fact of life in the Information Age. However, there are a few things you can do to protect yourself in 2014.

Target’s Black Friday Breach

Over 40 million credit cards were compromised after a massive attack on Target during the weeks leading up to Christmas. There’s nothing much Target can do to help you at this point. Sure, its CEO is offering free credit monitoring, the company is on the hook for $3.6 billion in fines and banks are capping cash withdrawals after it was announced that yes, the breach compromised PIN numbers, too, even though Target initially said they were safe – they’re not safe and you’re on your own.

If you shopped at Target between the middle of November and the middle of December, there’s a good chance your card is compromised. If your bank hasn’t canceled your card already, strongly consider calling up your credit card company and canceling it yourself. Here’s a helpful guide as to what to do if your credit card is stolen. Basically: cancel your card, monitor your statements, create a fraud alert, and move on.

Target’s breach was both better and worse than most other hacks we saw in 2013. It was worse because its repercussions could be of a greater impact than having your Yahoo password stolen, for instance. Having someone gain access to your credit card info could max out your credit cards and destroy your credit score. But it’s better because every financial institution is aware of the breach, and most credit cards have fraud protection, ensuring you won’t be stuck paying for anything you didn’t actually buy.

Target’s breach was also an example of just how helpless we are. All you did was buy Christmas presents, or maybe just some groceries, and suddenly your life became far more complicated and annoying. And, this is just the beginning – expect this kind of thing to happen on a regular basis – truly, nothing can stop it.

Snapchat’s Phone Number Leak

It’s already known that even though Snapchat is designed to make it seem like your snaps (the photos you send your friends and family) disappear once you open them, anyone can actually save them without you even knowing. Forget a “Screenshot!” alert; you can sneak in through the back door of Snapchat and save anything and everything you receive. While it’s not a hack organized crime would bother with, it’s worth repeating that snaps and every other picture you ever take with a digital camera enter the body of knowledge of mankind and will be seen by everyone in the world. So, “Carlos Danger,” never take a picture of something you don’t want the world to see.

Back to bigger hacks. This past August, Gibson Security published a report that said the coding in Snapchat made it possible for anyone to find out a bunch of information about any account, including your username and phone number. Gibson published a new report about the same thing in December, which Snapchat addressed by saying that it wasn’t an issue. Well, it turns out that Snapchat was wrong and that it was, in fact, an issue. A website called snapchatDB posted SQL/CSV files that contain the username and associated phone number for a “vast majority” of the service’s users – over 4.6 million users, to be precise.

There’s not a lot of text-based private information on Snapchat – you don’t need to fill in too many fields to start texting selfies to your friends. But Snapchat’s user base is mostly teens and tweens, and Kevin Poulsen of Wired Magazine points out the biggest fallout from this leak: possible stalking. How’s that for your first tech life lesson? Don’t have fun with your friends or you might be harassed because bad men want to ruin your day!

What Can We Do?

The most important thing we can do is to remain vigilant. Keep track of everything, and if anything seems suspicious, act on it. Start getting a bunch of weird emails? Can’t log in to an account you should be able to? See some weird pending charges on your credit card statement? Take action!!! YOU are the best defense against the mean, awful, angry world of hacking.

If you suspect your accounts are compromised, change your passwords. Make them as secure as can be. Spending a few extra seconds typing in a password every once in a while is worth it to make your account more difficult to crack. Use the guidelines I laid out. It might seem like a hassle, but keeping unique passwords for every site you use (I know, you probably have accounts for dozens if not hundreds of sites) will keep all your other accounts secure. But it’s (arguably) better than the alternative: having one hacked site force you to change dozens of passwords at once.

If your credit card statement looks funky, call your bank immediately. Dispute any charges, then cancel your card. People can get your credit card information any number of ways; banks (usually) won’t hold that against you. Be proactive, rather than reactive, and make sure you’re protected.

Lastly, and most importantly, keep all of your credit card numbers and the associated contact information for canceling your cards in a place where you can quickly, securely get to them. Using a password wallet or other specialized software will make it much easier to go through the process. “Best practices” says to keep copies of this data in several different places (including on paper) and stored as safely as you store your household cash or jewelry. The goal is to be able to quickly contact every credit provider. That’s all you can do. The hacks we’re seeing now are being done by professionals who simply want to sell your information and defraud the financial institutions you patronize — they don’t care about you personally — it’s strictly business.

Read the original blog entry...

More Stories By Shelly Palmer

Shelly Palmer is the host of Fox Television’s "Shelly Palmer Digital Living" television show about living and working in a digital world. He is Fox 5′s (WNYW-TV New York) Tech Expert and the host of United Stations Radio Network’s, MediaBytes, a daily syndicated radio report that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment.

Latest Stories
The consumption economy is here and so are cloud applications and solutions that offer more than subscription and flat fee models and at the same time are available on a pure consumption model, which not only reduces IT spend but also lowers infrastructure costs, and offers ease of use and availability. In their session at 15th Cloud Expo, Ermanno Bonifazi, CEO & Founder of Solgenia, and Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia, discussed this shifting dynamic with an ...
As enterprises engage with Big Data technologies to develop applications needed to meet operational demands, new computation fabrics are continually being introduced. To leverage these new innovations, organizations are sacrificing market opportunities to gain expertise in learning new systems. In his session at Big Data Expo, Supreet Oberoi, Vice President of Field Engineering at Concurrent, Inc., discussed how to leverage existing infrastructure and investments and future-proof them against e...
Due of the rise of Hadoop, many enterprises are now deploying their first small clusters of 10 to 20 servers. At this small scale, the complexity of operating the cluster looks and feels like general data center servers. It is not until the clusters scale, as they inevitably do, when the pain caused by the exponential complexity becomes apparent. We've seen this problem occur time and time again. In his session at Big Data Expo, Greg Bruno, Vice President of Engineering and co-founder of StackI...
Once the decision has been made to move part or all of a workload to the cloud, a methodology for selecting that workload needs to be established. How do you move to the cloud? What does the discovery, assessment and planning look like? What workloads make sense? Which cloud model makes sense for each workload? What are the considerations for how to select the right cloud model? And how does that fit in with the overall IT transformation?
The recent trends like cloud computing, social, mobile and Internet of Things are forcing enterprises to modernize in order to compete in the competitive globalized markets. However, enterprises are approaching newer technologies with a more silo-ed way, gaining only sub optimal benefits. The Modern Enterprise model is presented as a newer way to think of enterprise IT, which takes a more holistic approach to embracing modern technologies.
For better or worse, DevOps has gone mainstream. All doubt was removed when IBM and HP threw up their respective DevOps microsites. Where are we on the hype cycle? It's hard to say for sure but there's a feeling we're heading for the "Peak of Inflated Expectations." What does this mean for the enterprise? Should they avoid DevOps? Definitely not. Should they be cautious though? Absolutely. The truth is that DevOps and the enterprise are at best strange bedfellows. The movement has its roots in t...
The true value of the Internet of Things (IoT) lies not just in the data, but through the services that protect the data, perform the analysis and present findings in a usable way. With many IoT elements rooted in traditional IT components, Big Data and IoT isn’t just a play for enterprise. In fact, the IoT presents SMBs with the prospect of launching entirely new activities and exploring innovative areas. CompTIA research identifies several areas where IoT is expected to have the greatest impac...
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. 8th International Big Data Expo, co-located with 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open. As advanced data storage, access and analytics technologies aimed at handling high-volume and/or fast moving data all move center stage, aided by the cloud computing bo...
Every day we read jaw-dropping stats on the explosion of data. We allocate significant resources to harness and better understand it. We build businesses around it. But we’ve only just begun. For big payoffs in Big Data, CIOs are turning to cognitive computing. Cognitive computing’s ability to securely extract insights, understand natural language, and get smarter each time it’s used is the next, logical step for Big Data.
There's no doubt that the Internet of Things is driving the next wave of innovation. Google has spent billions over the past few months vacuuming up companies that specialize in smart appliances and machine learning. Already, Philips light bulbs, Audi automobiles, and Samsung washers and dryers can communicate with and be controlled from mobile devices. To take advantage of the opportunities the Internet of Things brings to your business, you'll want to start preparing now.
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
Enterprises are fast realizing the importance of integrating SaaS/Cloud applications, API and on-premises data and processes, to unleash hidden value. This webinar explores how managers can use a Microservice-centric approach to aggressively tackle the unexpected new integration challenges posed by proliferation of cloud, mobile, social and big data projects. Industry analyst and SOA expert Jason Bloomberg will strip away the hype from microservices, and clearly identify their advantages and d...
In a world of ever-accelerating business cycles and fast-changing client expectations, the cloud increasingly serves as a growth engine and a path to new business models. Dynamic clouds enable businesses to continuously reinvent themselves, adapting their business processes, their service and software delivery and their operations to achieve speed-to-market and quick response to customer feedback. As the cloud evolves, the industry has multiple competing cloud technologies, offering on-premises ...
The 5th International DevOps Summit, co-located with 17th International Cloud Expo – being held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the...
Over the years, a variety of methodologies have emerged in order to overcome the challenges related to project constraints. The successful use of each methodology seems highly context-dependent. However, communication seems to be the common denominator of the many challenges that project management methodologies intend to resolve. In this respect, Information and Communication Technologies (ICTs) can be viewed as powerful tools for managing projects. Few research papers have focused on the way...