Comments for Information Security Blog | Perimeter E-Security

Comment on Changes to Facebook Page APIs == New Risks for Customers by Reginald Nutile

Reginald Nutile — Fri, 20 May 2011 04:06:15 +0000

As a Newbie, i am constantly looking out online for articles which will aid me. Thank you

Comment on 5 Data Security Predictions for 2011, Part 1 of 3: The Year of Living Dangerously by Perimeter Protection

Perimeter Protection — Fri, 06 May 2011 02:18:29 +0000

Great! Thanks for providing the run down of information of the said webinar . We all do hope that your prediction would be much more possible in the coming days.

Comment on When Consolidation Fosters Innovation Among Start-Ups by Sonoma Valley

Sonoma Valley — Thu, 05 May 2011 15:11:50 +0000

I incessantly searching for some good quality finance blogs. appreciate it for posting . I also conceive thus, perfectly composed post!. I request you couple of the information from your website with a link.

Comment on What Can We Learn from the Apple Location-Services Privacy Flap? by Now websites can track your location to within a few hundred metres « Talesfromthelou's Blog

Tue, 26 Apr 2011 14:23:56 +0000

[...] What Can We Learn from the Apple Location-Services Privacy Flap? (perimeterusa.com) [...]

Comment on What Can We Learn from the Apple Location-Services Privacy Flap? by Adam

Adam — Tue, 26 Apr 2011 13:27:19 +0000

How does this dovetail with the new police ability and habit of “dump everything off a smart-phone and use it against you in a routine stop?”

Thank you,
Adam

Comment on Google App Security…or lack thereof by Adriana Riegler

Adriana Riegler — Sun, 24 Apr 2011 09:44:53 +0000

64. Wow! This could be one particular of the most useful blogs We have ever arrive across on this subject. Basically Great. I am also a specialist in this topic so I can understand your effort.

Comment on Scareware Attacks: Don’t Fall Prey by curtain poles

curtain poles — Sat, 23 Apr 2011 01:40:58 +0000

I truly liked that. It has been astonishingly educational and beneficial. I’m going an extra chance to check on much more articles.

Comment on What Apple’s Blowout Quarter Means for Security by Regan Dunken

Regan Dunken — Sat, 23 Apr 2011 00:00:55 +0000

With havin so much content do you ever run into any issues of plagorism or copyright violation? My blog has a lot of completely unique content I’ve either written myself or outsourced but it seems a lot of it is popping it up all over the web without my permission. Do you know any techniques to help prevent content from being ripped off? I’d genuinely appreciate it.

Comment on The Epsilon Mailing List Hack: Nothing to See Here, Move Along by ajaquith

ajaquith — Fri, 15 Apr 2011 21:09:20 +0000

Hi Stephen! Sorry for the delay in approving your post. We are working to improve how the blog works in this respect.

I agree that it’s possible that the data obtained from Epsilon might have included more than just emails and names. But I’d rather not speculate until we hear more.

With respect to the increase in phishing (I refuse to add ‘spear’ to it on general principle), sure, it is handy for attackers to have more data. But here’s the thing: we know from our numbers and those of other e-mail hygiene providers that 90% of e-mail is already spam. Quite a bit of it is phishing related e-mail. What does this particular incident really add? More phishing? Perhaps. But it’s just a little more noise. And besides, I can mount a rather effective phishing attack today without Epsilon simply by crawling LinkedIn — from that I can determine the names of your colleagues, and who is likely to be in your office.

So, in conclusion, yes, the theft of this information means customers will face risks from phishing. But the marginal risk from this particular incident is so low as to be barely perceptible. It’s a pretty dangerous world already, and this doesn’t make it that much more dangerous than it was yesterday.

Comment on Malicious Insider Breach Stories by JustinBeersonp

JustinBeersonp — Wed, 13 Apr 2011 03:48:49 +0000

Hi – I am definitely glad to find this. great job!

Comment on Bypassing Web Content Filtering Systems by Zelma Unga

Zelma Unga — Tue, 12 Apr 2011 18:53:09 +0000

This is second incident that I am scanning anything about modifying websites with the system. It seems that you are an super expert blogger. Your post is an excellent example of why I continue coming back to study your good quality content that is forever updated.

Comment on Time Frame Given for Heartland Payment Systems Breach by karen millen dresses fashion

karen millen dresses fashion — Sat, 09 Apr 2011 08:24:38 +0000

Looking forward to reading more of your articles in the future.Go for it.

Comment on Soupnazi Indicted on 130 Million Stolen Credit and Debit Card Accounts by Jalia

Jalia — Fri, 08 Apr 2011 23:57:57 +0000

ZePLKN That’s really thinking out of the box. Thanks!

Comment on The Epsilon Mailing List Hack: Nothing to See Here, Move Along by Stephen Wilson

Stephen Wilson — Thu, 07 Apr 2011 00:03:38 +0000

But wait, there’s more!

Dell has sent alerts to all their customers in Australia about the Epsilon breach. But other multinationals like Target and Visa say there’s no problem here (see http://www.zdnet.com.au/dell-australia-hit-by-epsilon-breach-339312812.htm).

Think about it: How do the companies know if customers in any part of the world have been affected? The information at Epsilon must have been organised or tagged in some way geographically. Therefore the attackers also know something about the location of the users in the databases that have been raided.

So already we know it’s more than name and email address. For each user, the attackers also know (a) sets of companies which do business with that user, and (b) something about the region they live in.

Comment on The Epsilon Mailing List Hack: Nothing to See Here, Move Along by Stephen Wilson

Stephen Wilson — Wed, 06 Apr 2011 00:04:53 +0000

This analysis is a little bit optimistic. It’s implausible that name and email address was all that was exposed. Almost certainly some metadata was taken as well. At the very least, the lists of names would have been organised according to Epsilon’s customers (e.g. McKinsey). So the attackers probably now know which users are customers of Epsilon’s customers. That is, the attacker has the equivalent of everyone’s stripped-back customer databases. This is what makes spear phishing more likely: the spams can be crafted to replicate trusted organisations with whom the users are familiar.

So my question is: what other metadata was taken? In my experience, personally identifiable metadata often escapes privacy scutiny. But it’s dynamite.

Comment on 41 Percent of Software on PCs Worldwide is Pirated by Is Piracy a Passing Trend?

Is Piracy a Passing Trend? — Tue, 05 Apr 2011 20:02:55 +0000

[...] consumed illegally. Even electronic software and applications are subjected to piracy, with an estimated forty-one percent being downloaded, distributed, and consumed via less than legal methods. But [...]

Comment on What Apple’s Blowout Quarter Means for Security by Stephen Glover » Blog Archive » Android Smartphones and Personal Information Security

Thu, 24 Mar 2011 22:05:55 +0000

[...] such as smartphones and tablets, and their associated operating systems, will increase in power and gradually cannibalize the laptop market (just as laptops gradually cannibalized the desktop workstation market). Bluetooth and docking [...]

Comment on iPads Hit The Enterprise by Santos Weiden

Santos Weiden — Sun, 20 Mar 2011 05:40:04 +0000

Hi there, I found your blog via Google while looking for a related topic, your website came up, it looks great. I have bookmarked it in my google bookmarks.

Comment on What Apple’s Blowout Quarter Means for Security by Don’t Sacrifice Security on Mobile Devices | GrassrootsHeadlines.com

Don’t Sacrifice Security on Mobile Devices | GrassrootsHeadlines.com — Tue, 01 Mar 2011 08:14:31 +0000

Comment on What Scott Charney Missed in His RSA Speech by Andy Steingruebl

Andy Steingruebl — Sat, 19 Feb 2011 03:46:31 +0000

Andy,

You’ll excuse me I hope for this brief comment rather than a full blog post dealing with the issue, it is Friday and all

I think that if you look at projects like Comcast’s ConstantGuard – http://security.comcast.net/constantguard/, Australia’s AISI, and even prototype work in Luxembourg and Germany, there is actually substantial effort going on globally to determine exactly what the ISPs role is in internet safety, and it is greater than zero.

I’m all for building higher walls, more secure operating systems will help us with that. But without walled gardens (and even with them) we’re still going to have things like RogueAV and their ilk – malicious software that attacks users that they themselves have willingly installed.

Prevention, Detection, Response. All of them matter, right?

Detection in these cases can take multiple forms, ISP involvement, AV software, individual websites alerting users to suspicious behavior.

Whether health certificates as described are useful I’ll have to leave for another time, but I think that we’re already seeing progress on the ISP front more than is really being widely advertised.