here I provide what the bottom-line impact will be for enterprise IT folks and digest information from various sources, including the latest reports from the Broadband Internet Technical Advisory Group (BITAG) and the Cloud Security Alliance.
The number of innovative co-working spaces continues to rise around the world, and this doesn’t even include coffee shops, libraries and numerous other public places that offer free Wi-Fi. It’s important to consider the security implications of what these itinerant workers are doing. IT managers are challenged to keep their networks and data secure while encouraging remote workers to be productive, whether they’re dialing in from the local WeWork or reviewing emails at McDonald’s.
Here are some practical security considerations from my latest blog post for IBM’s SecurityIntelligence.
Microsoft’s latest version of its anti-malware tool, Windows Defender, is a frustrating product to evaluate. Once you examine the product in more detail, you will see why we cannot recommend it for enterprise use. And that is the frustration of this product: Microsoft is trying to do the right thing and offers a tempting feast, but ultimately offers an incomplete meal that is tough to digest. It is hard to track, hard to configure, hard to remove and hard to manage in a typical enterprise environment.
It might be all the antivirus that a home user needs, but when it comes to the business world, you are better off with something else.
You can read the full review in Network World here.
From 2014-2016, I wrote occasional pieces on collaboration and spreadsheet-related topics. These have been removed from the site, but here are a few of my favorites.
Back in the 1940s and 1950s, computers were people, not machines. And one group of these human computers worked at a NASA research lab in southern Virginia. An upcoming movie, Hidden Figures, focuses on how three of these human computers helped with John Glenn’s historic first US orbital flight in 1962. As you probably know, Glenn died earlier this week at the ripe old age of 95.
I haven’t yet seen the movie — it will be out in a few weeks. But the underlying story is terrific. The three human computers turn out to be three black women mathematicians, including Katherine Johnson (shown above) who recently received the Congressional Freedom Medal.
One of the interesting historical notes was Glenn insisted that Johnson check the electronic computer’s calculations of his orbit, to make sure they were accurate. This was back when computers filled rooms and were slower than the CPUs that are found in the average smartphone nowadays.
Johnson continued to work at NASA until 1986 combining her math talent with electronic computer skills. Her calculations proved critical to the success of the Apollo Moon landing program and the start of the Space Shuttle program, according to this NASA writeup.
There are a lot more video interviews with both the actresses Octavia Spencer, Taraji Henson (who plays Johnson) and Janelle Monae (shown above) and the real people behind the story here at NextGov.
In addition to the movie, there is a book by Margot Lee Shetterly that just was published.Why did it take so long for this story to come out? Shetterly apparently learned about the achievements of these women computers from her father, who “casually mentioned it to her in an offhand comment,” according to Rudy Horne, a math professor at Morehouse College and a consultant to the movie production. Horne got involved because his college was used as a film location (the college campus is used to simulate the NASA Langley campus in southern Virginia where the story takes place), and the director wanted a real math professor to check his calculations. One of the wonderful coincidences is that the current NASA administrator and Horne himself are both African Americans.
Horne was brought on early in the production, before the script was finalized, to ensure that the math checked out. I called him and asked about his role. “In the beginning of the film, the young Johnson is shown solving a series of equations on a blackboard. They originally showed her solving a functional analysis problem, which is more of a college level math course. I suggested a set of quadratic equations, which would be more appropriate for a younger student.” Horne made several other suggestions for the sets and props to show other math formulas. When I asked him what his favorite math-themed movie was, he said, “Good Will Hunting got the math right and had very believable scenes that showed how math professors interact. I am glad that was a consultant to this movie, and it is great if it will inspire other students to study math and science.” As an undergrad math major, me too.
In the past few years, it seems that large-scale data breaches have been occurring with depressing regularly. While it’s incredibly important to establish trustworthiness in any product, re-establishing trust after it has been violated is much harder to do. There is far less room for error when dealing with a customer base that already has reason for concern about an organization’s digital security.
When breaches do occur, the best plan to regain trust is use webpages with plain language that contain plenty of specifics and constructive suggestions for issue resolution. In this article for UXPA Magazine, a professional journal for the user experience community, Danielle Cooley and I use the example of four recent breaches (Cici’s Pizza, Home Depot, Wendy’s Restaurants, and Omni Hotels) to see how each firm tried to regain its customers’ trust.
When it comes to crafting the “best” phishing email scam letter, over the years it has been assumed that the less polished a letter, the better. Having something that is poorly worded, or purposely uses bad syntax and grammar tends to eliminate the sharper-eyed readers who probably wouldn’t respond to the phish anyway. This way the phisher ensures that only the most gullible users will end up getting snared. The use of bad grammar makes the emails seem more authentic, as it would appear to be a personal letter written from a foreigner who isn’t completely fluent rather than from a criminal trying to steal your identity or bank account information.
As Wired magazine wrote about this topic more than a decade ago: “this language evokes someone who is ‘educated, upper-class, out of touch with the common people.’” The Wired piece goes on to describe the nature of how these email scams are constructed and how they use long, complex sentences to draw in their marks.
Another post on Quora said: “The goal of the emails is to get you to write back and reveal some information about yourself. They don’t expect you to believe the letter at first. They only expect you to be curious and to start communicating. Once they get a conversation going, the scam is on.”
Microsoft Research published an academic paper on this subject three years ago that also takes this analysis a step further. “By sending an email that repels all but the most gullible, the scammer gets the most promising marks to self-select.”
However, the tide may be turning, and finally grammarians might be gaining the upper hand. A new theory is that correct grammar gets better results these days. Leave it to the French to lead the way here. Some criminals are advertising on the dark web for editors to clean up their copy. A blog post from Trend Micro says, “This is the first time we have seen a direct advertisement for a job in the underground” that is called a “cleaner.” The want ad asks for people who can help edit copy, correct spelling and other mistakes. Oh, and by the way: you will be paid in stolen credit card numbers or other stolen goods, just in case you have any doubt that you are working for cyber criminals. As they say in the advertisement, “Ecrivez-vousfrançaisparfaitement?”
One possible cause for having an editor is the complexity of the written French language: its numerous tenses and verb conjugations are legion. (I studied the language myself for many years in primary school and can attest to this issue personally.) Another reason could be a way to differentiate your phishing from others, in hopes of gaining market share from your fellow criminals.
Or, it could all be a hoax: hard to tell. The Trend Micro blog says, “The French sometimes conduct business differently and have unique solutions to their cybercriminal business challenges.” Still, this ad stands out as unique in their research.In any event, phishing certainly has gotten more sophisticated since that first Wired article and chalk the grammar cleaners as yet another development.
There have been numerous breaches at major consumer retail companies over the past year. Most of these are followed with some kind of “apology letter,” laying out what customers can do to protect their credit and what information was stolen from the retailer’s databases. Sadly, there aren’t any shining examples from this collection of correspondence. And the cases that I’ll cite here are what to avoid rather than to mimic. But there are some important lessons to be learned, both from designing the best apology letters to improving IT practices post-breach.
If you are looking for ways to run a malware simulator to test ransomware and other forms of malware in your environment, but don’t want to deal with the actual materials to infect your systems, look no further than the Shinosec ShinoLocker suite. This is a malware simulator and target attacking suite for penetration testers and other researchers. I talk more about this innovative product in my post today for SecurityIntelligence blog.
We have a love/hate affair when it comes to using passwords. The average person has to remember dozens of them for various logins, and many of us try to cope by reusing our favorites. That just opens up all sorts of security issues: if a popular service (take your pick: Yahoo, LinkedIn, Dropbox, and many more sites all have been breached over the years) is compromised and millions of user names and passwords revealed, there is trouble ahead.
In this piece for WindowsITpro, I talk about the past, present and future of the lowly password.