Globalization ripple effects

If you have giant heaps of information and want to analyze it in ways that a traditional relational database application can, then you might have looked at Hadoop as an option. Hadoop is an open source platform for analyzing large volumes of structured AND unstructured items.

That all sounds great but among the companies that are using this technology (JP Morgan, Ebay, and the growing number everyday), none of them expected to have to go back and review security problems that it might have. Now IT personaell is preparing for any problems that might come with this great new technology.

The problem with ANY software that many companies will use is that a security problem with it won’t just affect one group. Many of the giant companies around the world use the same software for certain things. Should any holes and flaws concerns arise with the software, it affects them all. This is sort of the inverted version of users using the same password on various sites. In the case of Hadoop though, it seems companies will conform and take their own route to secure the holes, regardless of the updates Hadoop makes.

http://www.computerworld.com/s/article/9221652/IT_must_prepare_for_Hadoop_security_issues

Mac and swiss cheese

Everyone is always adamant to say how Mac’s are more secure and never get viruses. Well, according to this article, the Mac OS, has some sandbox security holes. In the very environment that’s supposed to be safe to run in, sand boxed apps have the ability to trigger external processes that aren’t sand boxed. The reality is that Mac OS is just software like all other software and can be flawed. The real problem is that some Mac users and even some Mac executives think that Mac’s are untouchable and as they begin to gain popularity that will become the biggest risk of all. Once hackers catch on the the growing Mac population they will begin to code viruses and mal-ware to hit these security holes that Mac users haven’t had to worry about it a long time.

Secure your Mac’s ladies and gentlemen.

http://arstechnica.com/apple/news/2011/11/researchers-discover-mac-os-x-has-its-own-sandbox-security-hole.ars

Deja Vu

Valve has recently announced that hackers manage to make away with tons of information on users.

“According to Valve’s co-founder Gabe Newell, the attack compromised the database which tracks users logins, passwords, game purchases, e-mail addresses, billing addresses and encrypted credit card information. Whether or not these hackers have the technical nous to decrypt the credit card information remains to be seen.”

Thankfully it was encrypted though but who knows how much of a difference that will make. It seems to me that the gaming industry really need to emphasize a little more on security. Maybe they’re been allocating too much of their budget for game design and too little on security professionals because this seems to be a recurring theme within the industry. As per above, it wasn’t just credit card info either, lots of personal details are included. Is this just a gullible target for hackers? Or are gaming companies neglecting security a bit?

Whatever it is, users don’t really seem to be in much of an uproar about this. They are too busy being entertained to notice how at risk they/we really are, I guess.

http://www.t3.com/news/valve-confirms-steam-hacked-credit-card-details-may-be-at-risk

I wonder what made him quit?

Google’s director of public policy, which operated out of DC, has recently resigned. Alan Davidson has been keeping relations with the government and has been instrumental over the years in bridging the gap between Google and government. He admitted that some public policy issues are very “complex”. It’s going to be interesting to see how Google will handle the continual pressure from legislators over time. Thus far, Google has been very good at standing their ground against pressure from regulators. These issues can and will shape the internet’s future given the influence Google has. We can only hope Google steers free of corruption and pressure put down by government, as they have been doing steadily throughout the years, and especially these times.

Article here

Flash Cards in Phones

Many phones don’t have encryption software or specific flash chip protection. In my opinion this is a huge blunder in an age where storage requirements is constantly increasing. People can store pictures, documents, even excel and word files in these flash chips often times with sensitive information. If you get your phone stolen, a small subset of phones actually have the capability to be wiped remotely, and a lot of those that do, you can’t wipe the flash memory. Flash chips are plug and play, you don’t even need any technical ability to to abuse someone else’s information. This is one of the reasons I like the iPhone, sometimes it’s convenient to have everything locked down and no capability for extra flash memory. In many ways it’s more secure because you can just wipe it remotely and not worry about someone taking out the flash memory and viewing all the documents. The cloud is also very attractive because of this reason, physical storage is susceptible to crooks that are often just after the hardware… But to you and I the data is probably more valuable.

Social Engineering in Online Gaming

Judging only from my personal experiences, I think one of the top contributors to social engineering attempts is online gaming. Countless times I’d be minding my own business playing a game, when all of a sudden a person will ask all sorts of information about me. Well, I know it’s common in online gaming to ask “where from?”, but when a person starts asking you for your name, age, Facebook info, e-mail, etc., then I become suspicious. Add to that the fact that there are many hacks / programs out there allow you to retrieve IP and ISP information from others on a server, and you’ve got a problem to think about. Then add to the fact all the ports you have open either for the game or other reasons.

I’m also well aware that a lot of these people who spend all day on an online game can be creepy. Many of them awe there just to make friends, some have mental problems, and some just want to release anger… Now, I’m not one to judge a person, but it’s a catch 22 when you ignore someones perceived friendship attempts because you have no way of knowing their intentions.

What do you guys think? Just out of curiosity, have any of you gamers out there experienced first hand phishing/ social engineering attempts on the servers you play?

Is privacy good or bad for liberty?

We were talking about this in last night’s class. It didn’t occur to me at the time but after dwelling on it for a while it hit me. There is NO liberty without privacy. Imagine a perfect world without privacy. What if I wanted to keep something to myself or have some privacy? I wouldn’t have the liberty to be because I couldn’t make that choice in such a world. Hence, there is no room for liberty. If everyone knew everything life would be a one way track, dull and repetitive. There would be no “new” ideas because all new things start off private. Privacy is without question integrated in our world whether we like it or not. To not protect it would go against everything it means to be human. We need to educate people the best we can to be ethical, without eliminating aspects of privacy. Sure you’re going to run some risks, like people keeping potentially hurtful or dangerous things private, but what’s the alternative? Without privacy we’d be no different than a rock or a tree. We’d be soulless.

In CA’s we trust

Everyday we collectively log into the websites of the world. We inherently put our trust in hundreds of certificate authority companies that seek out to make sure you have a trusted connection to the web servers. Guess what, three of those companies were hacked. Counterfeit digital certificates were issued out to for pages including the likes of Google, Microsoft, WordPress (yup), Twitter, Facebook, Equifax, the CIA, and many others. Shockingly, no financial institutions were hit. The hackers were presumably after personal data rather than immediate financial gain. Although I’m sure it comes down to greenbacks in the end. In reality, the internet isn’t a secure place at all. It is a trust based system built into flawed human trustworthiness.

The pressure is now on the CA’s to make themselves more hack proof and browsers to recognize these certificates better. Could you imagine signing into your gmail and your browser giving you the little green icon and big bold letters reading “Trusted Site”, when in reality you’re giving away your information to a phishing site? It’s as simple as forging a certificate.

http://www.usatoday.com/tech/news/story/2011-09-27/webpage-hackers/50575024/1

An Expanding Network

We all know that more and more people are becoming networked and connection to the web everyday. We also know that the number of people using a computer or similar device is also increasing. Then it makes perfect sense every time we hear that cyber attacks and threats are increasing as well. I think as long as computers are networked in our society there will always be a percentage of them threatened by cyber attacks. It’s pretty scary when you think that even confidential government websites can be hacked. You would assume they have implemented adequate measures of security, yet they can still be breached. I guess that’s good news for us in the field, however, it’s nerve wrecking for the world as a whole.

http://articles.latimes.com/2011/jul/05/business/la-fi-hacking-security-20110705

Robin Sage robin’ info

As many of us are aware, the social media conglomerate is a security nightmare. Even if your profile is set to private you’re still sharing info with dozens, if not hundreds, of “friends”. Robin Sage is a fictional persona created in various social networking websites by a white hat hacker. Under this profile, many government and corporation personnel with access to sensitive information were befriended. Of course it’s not difficult to do if you’re befriending a professional troll disguised as a  hot chick.

It’s easy to get caught up in technicalities of a network or the vulnerabilities of software, but sometimes the most dangerous security threats are the most trivial ones. “Robin” managed to extract confidential and private information from her willing acquaintances. Thomas Ryan, the creator of the fictional persona, concluded that “his findings could have compromised national security if a terrorist organization had employed similar tactics.”

http://en.wikipedia.org/wiki/Robin_Sage