Posts Tagged ‘cybercrime costs’

Target breach update – how were HVAC passwords stolen?

Thursday, February 6th, 2014

As we learned from Krebs a few days ago in a Target breach update, the original entry point of the malicious software was Target’s HVAC company. Yes, that means the folks who handle their air conditioning and heating. I’m guessing in the aftermath of this admission, scads of large companies are scrambling to ensure there are no “touch points” between “building Maintenance GuyMaintenance Guymanagement” systems and their treasured business networks. It makes sense to me that the building manager would MP900383000Maintenance Guywant to have “heating and lights” right there under the same “pane of glass” as “inventory” but if that’s how companies have been operating, it’s time to rethink it.

Those of us in cybersecurity eagerly await more details. Fortunately we won’t have long to wait since Krebs is on the case. But in the meantime, are there security lessons to be learned from this aspect of the Target breach too (aside from the obvious: keep supplier networks separate)? The big question on everyone’s mind is: how is it that the HVAC company’s password was discovered by the cybercriminals?

Even without knowing any more that we do right now, the answer almost always comes down to the same few possibilities. Here are the six most common ways in which passwords are stolen: (more…)

The Zen of Internet Safety: Patience, Little Grasshopper *

Friday, June 8th, 2012

The two best things you can do to stay safe on your PC (as long as you insist on being internet-connected) are:

a.)    make friends with your anti-virus and

b.)    cultivate an attitude of patience.

In fact, we could call this the Zen of Computer Health and Internet Safety.  Your AV is the equivalent of a security guard, a Rottweiler, and a good alarm system.  If you don’t sit back and let them do their work, you may as well save your money.

I might say that it’s really surprising that people will install AV and then argue with it.  But that would be dis-ingenuous of me, because it really isn’t surprising at all.  We are an impatient species, made even more impatient by a culture that insists on as much stimulation and instant gratification as possible (note Eric Schmidt, Google’s CEO telling college grads to “unplug” for a whole hour a day!).  I get all that, but I suggest that in the case of our PC’s AV, we fight these proclivities.

Let’s review some of the AV Commandments:


Our beloved Macs and the hidden costs of cybercrime

Sunday, May 27th, 2012

When it comes to the “religion” of Apple, I’m an infidel.  But, I appreciate passionate attachments to anything – after all, they give us “raison d’etre“.  Plus some of my closest friends have been deeply in love with their Macs for decades.  And as surely is obvious by now, Apple cracked the code on “user friendly” way back when most nerds were still trying to keep those riff-raff off their grid.

Unfortunately, I started in high tech working with Unix on PCs, which is as nerdy as you can get, and pretty far from friendly fruits like the Macintosh.  Also, among our engineers, the idea of an intuitive interface was somewhat scorned.  First of all, why would you need one?  They were for dummies!  Second, in those days – an understandable prejudice on their part, I think – the more we made things easier for non-technical users, the more we had to limit their choices.  Coaxing a computer to “deposit these funds over there” over a modem was hard enough (computers were comparative dummies in those days too); thinking thru a million other possible banking needs a consumer might have – that was an impossible dream.  Drive to the damn bank already!  And in those rather dark ages – at The Santa Cruz Operation in 1988 – there was no thought at all about the other problem: considering every mistake dumb users might make.

I mention this because even though we finally ARE thinking about security on the web, it is STILL over-whelming to accommodate all the mistakes that a user like Mary Jo Redneck may make as she attempts to place an on-line order at Walmart for jerky and beer .