Home/Tag: Privacy

Items of Interest Week of 7/13/2015

Here are some quick reads  for the week of July 13, 2015. If you have interesting links of your own share them in the comments. MIT: "CSAIL report: Giving government special access to data poses major security risks" Georgia Tech: "GT Professor testifies before U.S. senators about the balance of privacy & public safety." Al Jazeera America: "Hackers stole over 21.5M [...]

By |2020-01-17T21:22:27+00:00July 16th, 2015|IT Audit & Compliance|0 Comments

Data in Transit- Bridging the Gap between Data Owners and Custodians

Ensuring both the integrity and confidentiality of data as it traverses an organization’s internal network and beyond can be complex, especially when attempting to bridge the gap between the Data Owner and Data Custodian, who typically view the organization from very different angles. This presents the IT auditor with a great opportunity to act as the liaison between Data Owners and [...]

The 50 Most Used Passwords!

Last week I helped a few friends with setting up a new website for their business and their associated email accounts for the domain. At one point in the process, one of them told me the password they wanted to use to access the site. Not shockingly, it was something rudimentary and simple. Despite more and more of us being educated [...]

Mobile App Security: User Data Collection and Privacy Concerns

A new study by Carnegie Mellon University finds that many mobile apps collect location data on users almost constantly allowing app creators to track user behavior. This is just one of many data elements mobile phones are collecting on their users raising security concerns for individuals and for the Companies whose employees have smart phones. This presents more questions about how [...]

By |2020-01-17T21:26:29+00:00March 30th, 2015|Privacy Compliance|0 Comments

The Next Big Security Concern: The Internet of things and harvesting your private conversations

Samsung Smart TV Terms and Conditions People often ask what "the next big thing" around IT security will come about next. In years past we've seen the rise of "big data", "the cloud", "cybersecurity", and so on - but what's next? I personally think one of the biggest unsolved problems in tech is the security of the "internet of things". The "internet [...]

By |2020-01-17T21:26:29+00:00March 26th, 2015|Privacy Compliance|0 Comments

How to Fix the Lenovo Superfish Security Hole

By now, everyone who works in the realm of IT Security has heard of the Lenovo Superfish fiasco. Today, I'm going to give a moderately technical overview of Self Signed Root Certificates and how Superfish exploited them. After this post, each of you can check the Root Certificates installed on your systems and take action against anything that looks “fishy” (pun totally intended). [...]

By |2020-01-17T21:26:40+00:00March 2nd, 2015|IT Audit & Compliance|0 Comments

Payment Tokenization: the Future of Electronic Transactions

Credit card data is notoriously susceptible to theft (home depot and target). The problem stems from the use of a single set of data points to authenticate your card for payment. For example, when you visit a merchant or online retailer, a single number, expiration date and CVV (card verification code) are used again and again for all purchases, everywhere, for years. This gives [...]

By |2020-01-17T21:28:51+00:00December 11th, 2014|IT Audit & Compliance|0 Comments

Analysis of Strong VS Weak Passwords

Data breaches are a dime a dozen these days. But when hackers steal databases full of customer info, login names and passwords, the passwords themselves aren’t usually sitting out in plain sight. Typically the passwords will be cryptographically hashed.Hashing a password is the process of taking a string of any length (the password in this example) and producing a fixed length [...]