Cybersecurity, Governance, Risk, and ComplianceLeave a comment

GMail/Picasa Identity Leakage

February 14, 2010December 27, 2023 SysRisk

Be careful when using Picasa and other Google applications with default nickname and web address settings, since the number that Google assigns to your ID in those cases is easily decipherable. The number is just a replacement for your ID and is consistent, not random. This is not a new issue, and rather old, but I still see a lot of Picasa links that have those numbers in them. Without changing the defaults, an attacker can replace the URL in a page with javascript:alert(_user.name) to obtain the relevant ID. Read more in this Lifehacker article. Continue reading GMail/Picasa Identity Leakage

Cybersecurity, hackingLeave a comment

iPhone Security Becomes Topic At BlackHat

February 11, 2010December 27, 2023 SysRisk

Too bad I wasn’t there right at the close of the presentation yesterday, but these days I can afford not to ride a plane 13 hours to Washington D.C. At work we performed some in-house reviews of iphone security about two years ago, accepting some risks over functionality. However, three different channels of information through personal contacts, web browsing, and work relationships have raised a flag about this research being performed on iphone security. The findings revealed in the papers dispute two tenets of iphone security that have been repeated throughout the past couple years: 1) sandboxing applications so that … Continue reading iPhone Security Becomes Topic At BlackHat

Governance, Risk, and ComplianceLeave a comment

Anti-Piracy – First Internet Cafe Arrest In Japan

February 9, 2010December 27, 2023 SysRisk

This Japanese news article reports the first “internet cafe” arrest in Japan since the anti-piracy download law went into effect on Jan. 1, 2010. However, I am fairly certain that this is the first such arrest altogether – somebody please comment if I am wrong. Toward the end of last year and the first days of the new year, many blogs and statistic sites were reporting on the number of shares on peer-to-peer software available on the internet. Remarkably, most of the numbers did not change a bit. I find this unusual since Japanese go to great lengths to stay … Continue reading Anti-Piracy – First Internet Cafe Arrest In Japan

Cybersecurity, Governance, Risk, and Compliance, hacking, SocialLeave a comment

Facebook As Biggest Security Threat

February 3, 2010December 27, 2023 SysRisk

Yes, I know… ‘Another Network World article’, you say. Yes, because lately they have been hitting trends fairly accurately…. read on!This article outlines a Sophos survey of businesses that ranks Facebook as the biggest threat simply (at 60% surveyed) because it has become the biggest social network, followed by MySpace (t 18%, then Twitter at17%. Well, I tend to agree with that reasoning, but think the threat is somewhat limited on a couple of levels. In more secure environments in the financial industry, we have seen much broader implementation of Websense that keeps employees out of such sites through filtering … Continue reading Facebook As Biggest Security Threat

Cybersecurity, Governance, Risk, and Compliance, SocietyLeave a comment

Suck Your Guts In – Full Body Scanner Coming To An Airport Near You!

January 31, 2010December 27, 2023 SysRisk

Well, from looking at the news and some of the evaluation discussions coming through here in Japan, it appears that at least Japan and the US will be implementing body scanners for boarding processing in the next year. Bruce Schneier touches on this subject a couple times throughout his blog, but in Japan’s case, I have some very reliable insight to some of the considerations by local officials. Of course, Japanese throw the latest, greatest technical solution at something as a CYA move all the time. Nobody wants to be responsible for a bad decision, so little thought goes into … Continue reading Suck Your Guts In – Full Body Scanner Coming To An Airport Near You!

Cybersecurity, Governance, Risk, and ComplianceLeave a comment

IT Auditors and Logging Systems

January 28, 2010December 26, 2023 SysRisk

I’ve tackled this subject a couple of times in recent posts in a cursory manner, but feel that it is probably time to elaborate on the subject. An IT auditor’s challenge out in the field is not getting any less complex. Systems are evolving to become seamless, integrated cloud services to the end-user, while the internals of such systems are integrated in a complex computing architecture. The risks associated with this complexity are amplified when the professionals that are checking the integrity of these systems do not understand the technology, have no practical administration or configuration experience, and do not … Continue reading IT Auditors and Logging Systems

SocietyLeave a comment

Takashimaya Department Stores Going LED

January 20, 2010December 26, 2023 SysRisk

The Nikkei headlines this morning, as I read it on the page facing me in the train, says that Takashimya Department Stores in Japan has announced that they will replace major location lighting with LED. The target is to replace and install some 150,000 units by 2012, reducing electricity costs to one-fifth of current expenditure. This will include locations in Tokyo and Osaka, a total of 18 locations nationwide. The Japanese article I looked up on the web is here. There is also an English headline here but that just links to the Nikkei pay-to-read site. Continue reading Takashimaya Department Stores Going LED

politics, SocietyLeave a comment

Smart Google? Dumb Google?

January 18, 2010December 26, 2023 SysRisk

I was in the office yesterday and in passing conversation Google’s recent actions became the subject of conversation. “Dumb move”, came from across the table, which made me think a bit. Since I had heard the news last week, I was thinking nothing but smart move, so this came as a surprise and caused me to think about it for a while, hence, this blog posting.DUMBThe first dumb point that comes from this is that Google just shot themselves in the foot in the largest internet population in the world. The recent news profiles China as the largest internet ‘market’, … Continue reading Smart Google? Dumb Google?

hackingLeave a comment

Helicopter Project – Eye In The Sky

January 17, 2010December 26, 2023 SysRisk

This posting has nothing to do with security, but everything to do with electronics and building devices. If you’re looking for a fun personal project, read on! Helicopter flying skills required.A couple weeks ago, a friend called and said he was driving into Akihabara, Tokyo, and asked if I wanted to join for the ride. Akihabara is known as the ‘electric town’ within the Tokyo metropolis. In Aki (as we call it, short for Akihabara) you can find everything from good deals on normal consumer electronics to PIC micro controllers, components, and anything else, including toy guns, dolls, and English … Continue reading Helicopter Project – Eye In The Sky

Governance, Risk, and ComplianceLeave a comment

Too Many Generalists – Internal Auditor Magazine Example

January 13, 2010December 26, 2023 SysRisk

Forewarning – this is yet another rant. The views expressed herein are personal and do not reflect any viewpoint of my current employer. But I do feel bad because we have an advertisement right on the facing page of the article that I point out in this posting…. In my seven years as a member of the IIA and a Certified Internal Auditor, the IIA has not once responded to inquiry emails nor answered their phone when I have a question, so don’t feel so bad about what I am about to point out.A couple days ago I decided it … Continue reading Too Many Generalists – Internal Auditor Magazine Example

Blog

Five Hacking Tips