SecurityandPrivacy.ca Blog, Authored by Claudiu Popa (Informatica) http://informaticasecurity.com/ en eBay breach: it's not about the passwords 2014-05-21 10:47:00 http://www.securityandprivacy.ca/blog/60 Ebay breach: Are we asking the wrong questions?The press release informing the media that eBay customers will be asked to change their passwords as a result of a 'cyberattack that compromised a database' isn't so much about the lost passwords, which admittedly were encrypted. It's about the psychology of announcing to 233 million people that their personal information is now in the hands of criminals, and doing so nonchalantly.]]> Of secrets and bleeding hearts: How far have we really come? 2014-04-14 01:28:00 http://www.securityandprivacy.ca/blog/59 In the early 1920s, the Enigma machine was a portable encryption machine with rotor scramblers used for encoding and decoding confidential messages. It was progressively developed over the decades to use additional rotors and technical complexity that boosted the incremental difficulty of cracking its codes. And so began an elegant, noble cat-and-mouse game between coders and decoders that has stood the test of time. Or so we've been led to believe...
]]>
How does the big bad Heartbleed bug affect you? 2014-04-08 02:36:00 http://www.securityandprivacy.ca/blog/58 There's a new security vulnerability in town. It's not even that new, we just didn't know about it until now. But it's a whopper and it threatens to impact everyone. If you've ever seen the little lock on your Web browser or read the words SSL or TLS, then you know that mechanisms are in place to secure our Internet existence. Well, our (false) sense of security has now been shattered by the discovery of a programming error in the Web's most popular encryption software,OpenSSL, that can cause security certificates, emails, passwords, transactions and sensitive data to fall into the wrong hands. How about them apples?
]]>
Have you seen the numbers? 2014-03-11 07:06:00 http://www.securityandprivacy.ca/blog/57 Independent risk assessments are the most basic best practice in business.Security is about risk. And risk is about numbers. Given the high probability of suffering data security and privacy breaches, is it any wonder companies are trying to discover security vulnerabilities before they turn into embarrassing breaches?
 
Independent security audits provide visibility into the risk. By taking the opportunity to fix problems before they get expensive, smart companies gain security assurance and achieve compliance with privacy legislation. Risk assessments of this nature are by far the most popular service we deliver, so we know something about what drives those purchasing decisions. And today is as good a day as any to share the numbers.
]]>
In the Business of Cyberfraud, it Pays to be Professional 2014-03-04 07:19:00 http://www.securityandprivacy.ca/blog/56 Netflix just the latest brand used in wave of phone text support fraudEver wonder what the use of stealing millions of email addresses is? All those often downplayed, 'low sensitivity' data breaches have massive potential to create enough uncertainty for people to eventually call a 1-800 number, even it it means speaking to a passive-aggressive tech support professional. This article explores the mindset that has led the public to belittle scammers even as organized crime defrauds the masses on a global scale.
]]>
Is it time for everyone to start thinking about security in layers? 2014-02-02 09:42:00 http://www.securityandprivacy.ca/blog/55 Layered SecurityI'm often surprised at the public's disappointment with the realization that security processes are not directly analogous to the medical notion of immunization. In fact, single-shot protection does exist, and it serves to defuse individual threats with the simple application of patches, firewall filtering or other methods of protecting against single attack vectors.]]> Could Better Security Compliance Have Helped Target Avoid a Breach? 2014-01-17 08:00:00 http://www.securityandprivacy.ca/blog/54 Target breach will have serious consequencesThis past Christmas season hasn't been kind to the Target chain of retail stores nor to its brand. A brazen attack took place in December that affected its retail locations in a major way, somehow compromising 70 million payment cards. Those losses were then augmented by up to 40 million user accounts stolen by good old fashioned hacking ]]> What do Animated Robots Have to do With Cyberfraud at Christmas? 2013-12-19 12:15:00 http://www.securityandprivacy.ca/blog/51 Informatica's Festive robots wiish you a safe and secure new year!Precisely nothing. But I'm very glad you asked.
 
First, the robots. They're cute. they're animated. And you can replay the clip as many times as you want, for free. As for the cyberfraud bit, that's a different story. In years past, I published lists of predictions for the new year, chronicled notable events and published timely stories. This time I just have 3 quick points to share and you can return to planning the festivities...

 
]]>
Businesses Have 5 Opportunities to Benefit from Better Security 2013-11-06 11:43:00 http://www.securityandprivacy.ca/blog/50 Canadai revenue agency breachesIn a recent press release we echoed the Privacy Commissioner's concerns over growing numbers of data breaches occurring in 10 government agencies. Over 3000 inadequately reported data breaches took place at the Canadian Revenue Agency, Fisheries and Oceans, Public Safety, Employment and Social Development Canada, Justice Canada, Citizenship and Immigration, Passport Canada, the Correctional Service, the RCMP, the Parole Board and Veterans Affairs. Here are 5 best practices that represent a win-win for businesses, government agencies and the public.
]]>
(Why You Should Develop) A Passion for (Protecting) the Intangible 2013-08-10 01:28:00 http://www.securityandprivacy.ca/blog/49 A passion for protecting the intangiblePeople often confuse information protection with IT security. One of the reasons I resist the compartmentalization of my craft  as IT security is that, as important as it is, IT security not only reduces the scope of my work by at least two-thirds, but it misses the point of what it means to truly enable protection for the intangible. It absolutely depends on people who are interested, educated and dare I say it, passionate. Security doesn't work without a high level of consistent human engagement. Privacy fails without passion and respect. In fact, nothing I can think of works well without a high degree of emotional investment.
 
Why is this? Why can’t we systematize everything and build an app for it? Because we are dealing with a substance free from physical properties. Information is intangible, tasteless, colorless and for the most part, odorless. It is perhaps the most impactful of substances, driving world economies and impacting everyone on the planet on a very individual level. And so, our relationship with information is very personal and delicate. Although it doesn’t impact our senses the way a piece of cheese or silly putty do, it can assault our being and drive our existence in powerful ways. And yet, we can't touch it.
]]>
Pedophiles Screening Airline Passengers: Worst PR Move of the Century? 2013-08-01 11:28:00 http://www.securityandprivacy.ca/blog/48 Airport security complaints rise 26%Airport security is a thankless job or, if you're the TSA, 56000 jobs. The US Transportation Security Agency was just blasted (again) for failing to enforce its own rules on employees, despite their claim of zero-tolerance for misconduct in the workplace.
 
According to Reuters, a report released by the Government Accountability Office found an unprecedented 3808 misconduct complaints filed against TSA workers just last year. Allegations include the use of drugs and alcohol by TSA agents on duty, 'inconsistent' use of security devices such as X-ray scanners, wands, embezzling electronics and other property, sleeping on the job, not showing up for work, etc.  
]]>
Take a Walk on the Wild Side: Experiencing the Web's Murky Underbelly 2013-07-05 01:40:00 http://www.securityandprivacy.ca/blog/47 Normal 0 false false false MicrosoftInternetExplorer4

Psst! Wanna be anonymous?Most of us find the vast expanse of the Web more than a little overwhelming, so we rarely have an opportunity to think about 'what else might be out there'.

Most people are also vaguely aware of the existence of a rich universe of virtual worlds layered across the vastness of the Internet. These make it possible for millions of people to spend a significant portion of their time interacting in digital universes or collaborating across obscure academic, military or commercial networks.

To those people, the rest of us exist on the surface. The clearnet - or surface Web - is more than a nickname. It's a hint as to how this abstract universe is stacked, digitally overlaid atop the ecosystems of the Deep Web whose secretive existence is made that much more intriguing by its diversity of names. Indeed much of what exists below the Web we know goes by nicknames such as Darknet, Undernet, hidden Web or Invisible Web.

]]>
7 Free Encryption Tools To Keep Your Data Safe From Prying Eyes 2013-06-17 01:29:00 http://www.securityandprivacy.ca/blog/46 Defeating snoopersRevelations that global communications are being monitored more aggressively than previously imagined have sent the public looking for software to protect their privacy. This is a good opportunity to give you a "defense-in-depth" idea of what it might look like to use different layers of encryption in your everyday computing.

Whether you’re a high flying executive or a stay-at-home mom, you have probably thought a lot about what privacy means to you. Do you ambitiously entertain notions of anonymity and confidentiality or simply hope to retain some control over the information you enter into your computer and send over the wires? Either way, here's something to get you started. ]]>
State-Sponsored Attacks Target Gmail Users: Should We Be Flustered or Flattered? 2013-06-10 01:59:00 http://www.securityandprivacy.ca/blog/45 State-Sponsored Attackers Targeting MeFor most of us, the carousel of headlines breathlessly announcing – and denouncing - foreign government sponsorship of hacking is a distant, almost romantic notion. The idealistic motives behind the dissemination of malware (like StuxNet) and the brief time spent imagining the business of coordinating virtual world activity initiated in the real world offers little more than the occasional fleeting distraction. I dare say however that few things train the mind like the deadpan delivery of a serious warning pointed squarely at our freedoms.
“We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now.”]]>
News that will send you scrambling (your data) 2013-06-08 10:31:00 http://www.securityandprivacy.ca/blog/44 News that will send you scrambling (your data)This may hint at my advancing years, but I distinctly recall being in awe, at least a couple of decades ago, at the ambitious scope of an international effort of cross-espionage called ECHELON that had already been in operation for some 30 years. It was an undertaking of massive proportions where 5 countries (the US, the UK, Canada, Australia, New Zealand) agreed to monitor Eastern Bloc communications while protecting their respective citizens against surreptitious domestic surveillance. So – get this – each member country demonstrated respect for the privacy of its own people by allowing the others to spy on them, and they each had to reciprocate in kind before ostensibly pooling the data. This heart warming standard of care is perhaps owed to the fact that the pesky notion of privacy had been freshly introduced in the 1948 Universal Declaration of Human Rights and preceded ECHELON by about a decade.]]> On Food Security and the Role of the Global Seed Bank 2013-06-01 11:35:00 http://www.securityandprivacy.ca/blog/43
Food_SecurityWhat do you know about food security? Same here. Located in the permafrost of a remote Norwegian island, the Svalbard Global Seed Vault provides secure storage for a quarter billion seeds (source: Croptrust.org) from all over the world.
 
The awesome reality is that these grains of life could one day serve to revitalize plant life on Earth or kickstart it on a habitable celestial body. While the prospect of terraforming natural satellites like Europa and Enceladus is alluring, astrobiology isn't nearly as immediately heart-warming as the fact that this Arctic freezer is bringing together diverse crops from over 100 countries, many of which wouldn't otherwise see eye to eye on anything.  
]]>
Privacy breach at local school was preventable, may re-occur: Expert 2013-02-08 11:47:00 http://www.securityandprivacy.ca/blog/42 In light of a recent breach of student information at a local school, I sent my comments to editorial desks in the Privacy Breach at York Region School Was Entirely Preventable, May Re-occur: ExpertGreater Toronto Area. Here is that press release, in its original format.
Privacy Breach at York Region School Was Entirely Preventable, May Re-occur: Expert
The recent breach of the privacy of students showed improper response and failure to follow basic guidelines, but represents an opportunity for schools across the region to improve student protection and demonstrate due care. 
]]>
Are data breaches a matter of life and death? 2013-01-14 06:14:00 http://www.securityandprivacy.ca/blog/41 Are privacy and security matters of life and death?Security assessments are always interesting. I know, I do them all the time. You can never guess what you'll find when you're investigating a breach and a federal agency recently found that to be true.

Human Resources and Skills Development Canada lost a USB key with personal information on some 5000 Canadians. As is the case with things you're looking for, those are precisely what you don't manage to find. While investigating the missing memory stick the agency discovered the disappearance of an entire hard drive containing personal information on more than half a million student loan borrowers.]]>
Do Bullying Victims Deserve Their Fate? 2012-10-15 11:38:00 http://www.securityandprivacy.ca/blog/40 Do cyberbullying victims like Amanda Todd deserve the treatment of people like Kody Maxson?More shocking than the fact that yet another teenager has opted to take her own life as a direct result of (cyber)bullying is the public response to the tragedy. Thousands have taken it upon themselves to comment on the situation, but the sheer volumes of negative comments are staggering. A simple Tumblr visit seems to pull up cruel, insensitive and downright malicious comments against the victim. ]]> Here’s a Revolutionary Idea to Combat Identity Theft: Lie! 2012-08-09 10:52:00 http://www.securityandprivacy.ca/blog/39 Why not lie to protect your identity?I’m always impressed at the low-tech nature of today’s most brazen hacking attacks and abuses of identity. It’s inevitable that someone will lie to get at your information, then leverage that information to get access to something valuable. In other words, people will lie to get access to your data. So here’s a thought: why not employ the same strategy to combat the problem? ]]> Is the CBSA Treading a Fine Line Between Deterrence and the Erosion of Public Trust? 2012-06-19 07:15:00 http://www.securityandprivacy.ca/blog/38 surveillance devices potentially used by the CBSAThe Canadian Border Services Agency (CBSA) has installed equipment designed to record video and audio in Canadian airports (and possibly other ports of entry). This initiative appears to be based on the 2009 amendment to the Customs Act which allows for the creation of "Customs Controlled Areas" (CCA) to "combat organized crime and internal conspiracies". However, a CCA is only defined as an area where border services officers (BSOs) have the authority to examine goods and to question and search people. So is the bit about audio and video recording just an expensive effort to deter miscreant activity or is it a failure to respect the privacy rights of travelers that will only result in lengthy court challenges and a general distrust of Ottawa's future initiatives?]]> What LinkedIn Didn't Know: This Breach May Be Good For Business 2012-06-07 12:45:00 http://www.securityandprivacy.ca/blog/37 LinkedINSecurity Password Breach could be good for businessLinkedIn is "unable to confirm <this week's> breach" involving millions of user passwords but agrees that passwords belonging to "some" of their members may have been compromised. While this kind of evasiveness will not earn the publicly traded firm any sympathy, what LinkedIn fails to realize is that this breach is the ideal situation for them and comes at the right time, allowing them to gain publicity at a time when their competitors' stock is battered by regular shareholder expectations, giving them the opportunity to improve their aging code and security controls while other high profile breaches take their turn in the media spotlight.]]> Happy Alan Turing Year, by the way! 2012-04-26 05:00:00 http://www.securityandprivacy.ca/blog/36 Security and Privacy Blog: Statue of Alan Turing with Enigma MachineWhat? You didn't know? Well now you do. Alan Turing had/was/exhibited one of the greatest minds in computer science. To him we owe not just artificial intelligence but also modern computing (among numerous other ideas and innovations). And yes, he led the efforts to crack German Enigma codes that shortened WWII by two years and saved millions of lives (according to one Dwight D. Eisenhower). No doubt this level of of creativity, intelligence and impact guaranteed him a cushy post-war existence, right?...Well, that's not quite how things unfolded. (...)]]> Building Trust: 5 Things To Look For in a Good Website 2012-04-11 03:20:00 http://www.securityandprivacy.ca/blog/35 5 Things to look for in a good Web siteTrust is the new currency of the global economy. It makes or breaks sites while cementing the relationships upon which the strongest brands are built. By virtue of having so many facets, trust acquisition is almost an art, but we really do know that it's more of a science.
 
As such, it relies on a lot of visual and support elements such as a clean and fast interface, clear language and inobtrusive opportunities for human interaction. But it's also about assurance, and the amount of perceived safety offered by a good site translates directly into the warm and fuzzy feelings that visitors want to take away and share.
 
One site that offers such warm-fuzzies is Kiva...
]]>
Why Easter Eggs should be enjoyed at home, not at work 2012-04-05 11:27:00 http://www.securityandprivacy.ca/blog/34 Like a few other traditions, Easter has its followers and they're well represented by children whose innate desire to seek and find things is matched by the chocolate goodies hidden for their pleasure.
 
But Easter Eggs take on a different meaning when it comes to software applications. They're fun little surprises tucked away in undocumented code and waiting for someone to trigger their launch sequence. For instance, the Google rotation roll that ensues once you type in "do a barrel roll" or any number of other hidden tricks....
]]>
100% Secure? Guaranteed Privacy? I'll be the judge of that! 2012-04-02 02:15:00 http://www.securityandprivacy.ca/blog/33 No bullshit.That's what you should say next time you see a bold statement on the side of a truck, or tucked away in a sales agreement.

"Your data is 100% secure" boasted the back of a shredding truck I recently saw on the road. "Your privacy is guaranteed" promised a paper-based survey form immediately after requesting all but my passport number.

We see blatant exaggerations and plain misrepresentations all the time. I bet you can think of at least three right now. For instance: the names of other patients on a clinic's computer screen, an office recycling bin's interesting contents, the saved photocopies of the device's previous user....]]>
Should You Feel Bad About Blocking Online Ads? 2012-01-08 12:00:00 http://www.securityandprivacy.ca/blog/32 Don't get exposed to privacy and security breaches as you surf the InternetI'm not a fan of banner ads, browser pop-ups nor of what's come to be called behavioural advertising. I find that such online marketing largely falls into two categories. The kind that has nothing to do with what I'm interested in, and the kind that is surprisingly well targeted to my personal interests. Since the former is irritating and the latter is downright creepy, I'm not likely to click on any online ads anytime soon.
 
That said, I'm certainly not against commercial promotion and far be it from me to pass judgment on one of the most profitable ways to spend - and make - money online ($25B in 2010 and an estimated $31B in 2011). I'm even sympathetic to the argument that online advertising keeps the Internet humming along quasi-free as the services we practically depend on in turn depend on advertising dollars to help them resist the temptation to charge us.
 
However, when this online marketing comes with security surprises and compromises user privacy, I am forced to give it a thumbs down. So what's the best way to block Internet ads?
]]>
New "Big Name" Security Study Apparently Aims to Confuse, Amuse Canadian Audience 2011-12-31 02:21:00 http://www.securityandprivacy.ca/blog/31 Security Study Makes No senseTELUS and The Rotman School of Management - whose motto is "a new way to think" - decided that asking a few hundred IT professionals about IT security at their firms and reporting the straight numbers would be the way to go. Fair enough, but why they decided to turn it into a comical affair with the allure of a self-serving initiative is curious at best.
 
Never mind that. It gave me a great opportunity to start your new year off on an amusing note, and for that, we can all be thankful. Enjoy the article. It goes best with eggnog.
 
Happy new year!
]]>
3 Security Tips to Make You Sound Informed at Holiday Parties 2011-12-27 12:00:00 http://www.securityandprivacy.ca/blog/30 Mesopotamian tablet http://images.cdn.fotopedia.com/flickr-3224132892-hd.jpgEverything I'm reading these days indicates that hacking and malware infections are going to increase in 2012. I don't need to provide references here because everything you're reading does too. Yet all the software you need to secure computers, both corporate and personal, is available for free. There's everything from scanning and blocking to diagnosing and disinfecting the computing devices you depend on. So how come we're poised for continued growth in data theft and general cyber-mischief?
 
In short, you're the weakest link. If it weren't for you, your computer would have a much higher chance of leading an infection-free existence, gracefully growing old and slowly descending into obsolescence. Instead, you may hear yourself thinking out loud: "it was fast at the beginning, but now it's so slow I'm thinking of getting a new one". This platform-independent mantra is no doubt very depressing for laptops and smartphones to overhear and even the shiny new tablets, smug in their reliance on a firmware-based operating system, aren't too far behind.
 
What are your options? Panic? Trade in your new tablet for an old one (circa 3000BC)? Pester the one social recluse in your family with open-ended questions?]]>
Not on MY Internet! 2011-12-19 02:15:00 http://www.securityandprivacy.ca/blog/29 Another nest of vipers has been uncovered this past week. Over 100 people involved in sharing ‘extreme’ rape videos of babies and children have been arrested with up to 200 more suspected in an operation spanning 22 European countries.
 
The scale of the crime is staggering. One individual was found to possess over 120 thousand gigabytes (120 terabytes) or 36000 hours of horrific video footage. Over 2400 storage devices were confiscated in Denmark alone. The vermin caught by Europol (the joint police organization for the European Union) in the other 21 countries ranged from Internet stalkers to facilitators in elaborate schemes to lure, prepare and eventually abuse young children. They joined the 184 child rapists arrested earlier this year (this time from 30 countries) in an operation that also rescued at least 230 abused children. 670 more suspects were identified out of a 70,000 pedophile network of mindblowing proportions.
]]>
‘Tis the Season for Telephone Scams 2011-12-05 01:15:00 http://www.securityandprivacy.ca/blog/28 Microsoft Phone ScamIf you have not already received a call from a ‘Microsoft Windows Center’ representative insisting on helping you get rid of ‘lots of hacking file in your computer’, chances are that you will, and soon.
 
This unfolds according to a pattern in use for the past few years and begins with a long distance ring from any number of fake Caller IDs. It’s almost always an informational message from a somewhat assertive caller indicating that your computer is spewing malware and it needs to stop.
 
Helpfully, they offer to work with you to clean it up, and if you’re lucky enough for the "supervisor" to be available, that individual will take you through the steps of liberating you of some cash in exchange for the support call, or remotely accessing your computer for further "diagnosis".
 
Either way, don’t feel too special as this kind of phone scam accounts for up to 80% of all reported fraud according to the organization previously known as PhoneBusters.
]]>
Is the iPhone Secure Enough? 2011-11-09 12:24:00 http://www.securityandprivacy.ca/blog/27 According to popular expert opinion, there are seven areas in today’s mobile devices where vulnerabilities can create security or privacy breaches. Nowhere is this more true than in the paragon of mobile digital success: the iPhone.

Nothing short of a juggernaut, new versions of the quasi-ubiquitous device have all but evaded attempts at hacking it by consistently introducing innovative new features and by leveraging a clever strategy of built-in obsolescence.


It follows then that each of these areas corresponds to specific security controls, tactically building a ‘defense in depth’ approach to securing the iPhone for personal use.]]>
LinkedIn’s Dirty Dozen: Get a Handle on its Top 12 Privacy Settings 2011-11-03 11:09:00 http://www.securityandprivacy.ca/blog/25 With the introduction of LinkedIn’s new Settings Page this year, the company also took the opportunity to make some changes to its Privacy Policy. Since the expansive document’s 29 pages would put even the most troubled insomniac into a deep slumber, the company conveniently provided a summary which hints at different ways it seeks to monetize its service and in part emulate Facebook’s much maligned model.

Instead of stringing together 7415 words however, the latter prefers to describe its privacy-related practices through a series of nested pages that branch off an initial six sections. You get the idea. Six of one, half a dozen of the other. But enough of that. I plan to send you on your way with something you can actually use.]]>
Got a Reputable Public Image? Here's How to Tarnish it in Three Easy Moves 2011-10-30 06:12:00 http://www.securityandprivacy.ca/blog/24
Reputational Impact
Talk to anyone in the world of business about their biggest hacking fears and you’re bound to hear that “embarrassment” ranks right up there near the top. Everyone knows that to do a proper job of alienating clients and embarrassing your organization you need to not just be good at, but excel at three things in particular.

In this post, I don't just discuss those three things, but give real life examples you can follow and achieve similar results, albeit with some effort, because long time customers do tend to be loyal and people have a relatively high, inherent barrier of trust that must be ... overcome. That said, once one gets the hang of it, as spectacularly demonstrated in this post, one can negatively impact thousands, millions, even tens of millions of once loyal followers! Consider this your free, exclusive, three-step guide.
]]>
Updated PSN Breach: Inventory of what you may have lost 2011-04-28 07:27:00 http://www.securityandprivacy.ca/blog/21
Twitter Phishing
For the past few days, we’ve been privy to tidbits of information about the recent PlayStation Network breach (heretofore known as the PSN Breach) often dismissive and always shrouded in a certain aura of non-seriousness due to its status as an entertainment industry fixture. Indeed, breaches of government records, personal health information and financial data garner a vastly more pronounced knee-jerk reaction of shock and awe.]]>
I Won the Twitter Phishing Lottery! 2011-04-12 07:04:00 http://www.securityandprivacy.ca/blog/20 Twitter PhishingHow does it feel to win the Twitter Phishing Lottery you ask? Pretty good, I must say. I'm one of "the very few 10 Lucky Winners"! I knew it was going to be good when I saw the Subject line that screamed: TWITTER CLAIM ALERT. How could I resist? I clicked. I just had to. ]]> Will 2011 be the year big name companies got owned? 2011-04-05 06:47:00 http://www.securityandprivacy.ca/blog/19 Epsilon breachThere has clearly been no shortage of spectacular breaches, and at least some of the perpetrators aren’t altogether shy about their exploits. The brazen attacks are reminiscent of the ‘90s hackers, but with a definite profit motive similar to the new cybercriminals of the ‘00s. It’s an interesting mix and a sign that things are changing. But for now, a lot of big name companies are licking their wounds and they have mostly themselves to blame. ]]> Invasive Airline Security vs. Public Apathy 2010-12-03 06:30:00 http://www.securityandprivacy.ca/blog/5
As Twitter is my witness, over the past weeks and months we have been deluged with reports of impropriety from the Transportation Security Administration (TSA) and other airport security complaints from around the world. Indeed we’ve read stories of humiliated men, women and children, watched videos and listened to audio recordings [...] ]]>
Exotic (and quixotic) security exploits 2010-10-05 06:00:00 http://www.securityandprivacy.ca/blog/4
Exotic (and quixotic) security exploits
Toronto-based security expert Claudiu Popa shares some of his favourite tales od dare-devil crooks and their daring heists. ]]>
Facebook security and privacy hardening guide 2010-09-27 03:30:00 http://www.securityandprivacy.ca/blog/6
Facebook security and privacy hardening guide
Security expert Claudiu Popa provides Facebook users an excellent security and privacy setting guide to help them gain bette control of their social media profile. ]]>
QR Code Security – Are we ready to discuss the risks? 2010-08-29 05:30:00 http://www.securityandprivacy.ca/blog/7
QR Code Security – Are we ready to discuss the risks?
The Quick Response codes we see on everything from movie posters to business cards are becoming the ubiquitous contact links of an entire new generation of mobile devices and the people who use them. Originally invented in Asia at the end of the last millennium (circa 1994 Japan, actually), these matrix or 2D (two-dimensional) barcodes [...] ]]>
How to Out-Secure the Competition in 5 Easy Steps 2010-07-26 06:00:00 http://www.securityandprivacy.ca/blog/8
How to Out-Secure the Competition in 5 Easy Steps
Security expert Claudiu Popa shares his list of no-nonsense recommendations to help anyone tackle that challenge, and mitigate the vast majority of the risk to their business. ]]>
The Toronto G8/G20 Summits: 2010-06-16 06:00:00 http://www.securityandprivacy.ca/blog/9
The Toronto G8/G20 Summits:
How Simple Security Communication Blunders Can Negatively Impact Public Opinion Apparently Toronto drew the short straw. It’s our turn to host the distinguished G8 and G20 summits this year and Canada is certainly stepping up to the plate. All our reluctant tax-paying citizens are financially responsible for ensuring the comfort and safety of a select [...] ]]>
Unforgivable: Ignorance and apathy about user privacy 2010-05-21 01:00:00 http://www.securityandprivacy.ca/blog/10
Unforgivable: Ignorance and apathy about user privacy can no longer be tolerated
The Wall Street Journal’s discovery about the shady privacy practices of some of the world’s largest social networks came as a surprise and probably won’t help any of the big names they mentioned. In what the WSJ unfortunately characterized as a ‘privacy loophole’ exploited by such organizations as Facebook, MySpace, Hi5 and Digg, the social [...] ]]>
Give Google a break 2010-05-17 12:00:00 http://www.securityandprivacy.ca/blog/11
Give Google a break
Yesterday’s revelation that Google’s StreetView cars collected more than just anonymized pictures of buildings and cars (and some comical situations) came as a surprise to many, including regulatory bodies in a number of countries that are now considering miscellaneous lawsuits and penalties, according to the BBC.   To wit, the issue was that these ‘photographic [...] ]]>
The Last Throes of Traditional Anti-Virus Software 2010-05-11 11:00:00 http://www.securityandprivacy.ca/blog/12
The Last Throes of Traditional Anti-Virus Software
It should come as no surprise to anyone that given the vast numbers of malicious software anti-virus companies are claiming to detect, the number of viruses out there is practically limitless. With the introduction of polymorphic viruses more than a decade ago, and the current practice of injecting specialized Trojans into known vulnerabilities, the combinations [...] ]]>
Newsflash: Facebook doesn’t care about your privacy 2010-05-07 06:00:00 http://www.securityandprivacy.ca/blog/13
Newsflash: Facebook doesn’t care about your privacy
love how every other article about Facebook has some kind of privacy angle. As if Facebook, a site designed to share your information as broadly as possible, was also responsible for preserving people’s personal details under their control. All for free.  The latest privacy snafu allowed a confidentiality breach to occur with people’s Facebook [...] ]]>
Scammers & fraudsters extend Holiday earnings at Haiti’s expense 2010-01-19 05:45:00 http://www.securityandprivacy.ca/blog/14
Scammers & fraudsters extend Holiday earnings at Haiti’s expense
As much as consumers look forward to Christmas every year, retailers salivate at the boost in revenue and its positive impact on earnings. No one enjoys the holidays more than criminals however, from petty scammers to organized crime groups whose tens, perhaps hundreds of millions of dollars in revenue make up for months of preparation. [...] ]]>
What part should travelers play in airport security? 2010-01-11 10:00:00 http://www.securityandprivacy.ca/blog/15
What part should travelers play in airport security?
I can safely say that I have one of the most satisfying occupations in the world. Helping to protect the intangible assets that drive the world’s economies is certainly something that most individuals (read: men) with a superhero complex should aspire to, once they figure out that forcing radioactive spider bite situations to occur is [...] ]]>
The decade of convergence and the (n)ever-changing risk landscape 2010-01-06 10:30:00 http://www.securityandprivacy.ca/blog/16
The decade of convergence and the (n)ever-changing risk landscape
A full decade after convergence was hailed as the next big thing, right around the turn of the millennium; this elusive concept is making a comeback. The difference is that we now have a massive infrastructure, a vast audience, and the will to make contact. Indeed 10 years ago, the potential of the Internet to [...] ]]>