Protecting Sensitive Data in Email

State laws, company/client policy and common sense mandate the encryption of some forms of data. Whether its company secrets, PII (personally identifying information that isn’t already considered public), or ePHI (Electronic Protected Health Information) it is required that users encrypt this data when sent outside of the company, and it is on the IT Department …

Continue reading ‘Protecting Sensitive Data in Email’ »

Symantec Password Survey

Symantec published the results of a survey regarding password habits of people who read their Security Response Weblog. Nearly 450 readers responded. As you readers of a security blog, their responses probably are far from the norm. Links: http://www.symantec.com/connect/blogs/password-survey-results Not surprisingly, the respondents have a lot of passwords. 66 percent report having more than 10 …

Continue reading ‘Symantec Password Survey’ »

Grade Hacking

There is a grade changing scandal over at Walt Whitman High School locally in Montgomery County Maryland. A teacher noticed that the grades in the system did not match what he or she entered. Investigation has found 54 changes. Montgomery County Schools CTO Sherwin Collette said they believe teacher’s passwords were obtained through the use …

Continue reading ‘Grade Hacking’ »

Dear Abby on Password Secrecy

Today’s Dear Abby contained a letter about passwords. It’s the third letter at this link The letter writer warns against sharing your passwords with anyone. The writer recounts instances where a password shared at one point in a relationship becomes a weapon when the relationship turns sour. People, after the divorce is finalized you need …

Continue reading ‘Dear Abby on Password Secrecy’ »

Use Facebook Apps? Time for a Password Change

RockYou was hacked a couple of weeks ago and over 35 million passwords were stolen. RockYou may have your password if you’ve played any of their Social Networking Applications on sites like Facebook or MySpace. Their applications include Slideshow Uploadphoto Photofx Glittertext Funnotes Countdown Superhug Myspace layouts Stickers Superwall Pieces of flair Speedracing Likeness Hugme …

Continue reading ‘Use Facebook Apps? Time for a Password Change’ »

Now that is strong

I’m trying to install a enterprise password management product. The software installs onto a Windows 2003 server. The prerequisites caution: “Make sure that the Administrator password for this server is appropriately strong. For example, it should contain a minimum of 6 alphanumeric characters.” 6 characters strong. Wow this must be really important.

SEPM Upgrade Travails

Last night I started upgrading Symantec Endpoint Protection 11.0.4 to 11.0.5. I’ve been doing these upgrades since 7.0.1 and they rarely go smoothly this one did not disappoint. As with most of these debacles, the development server upgraded without an issue. The production server looked like it installed cleanly until I went to start the …

Continue reading ‘SEPM Upgrade Travails’ »

Worst Best Practices: Two Factor Authentication #GartnerSecurity

These are notes from the last session at the 2009 Gartner Security Summit; a tongue in cheek look at the worst best practices in IT. The real problem here isn’t with all two factor authentication, rather it is with bad implementations. Inconsistent definitions of two factor authentication allow implementers to do whatever they want. Not …

Continue reading ‘Worst Best Practices: Two Factor Authentication #GartnerSecurity’ »

iPhone and CIS Secure Config Guide

The Center for Internet Security released a secure configuration benchmark for the iPhone. SCMag touts this as a good thing “For the first time, enterprises can apply security configuration best practices to Apple iPhones being used by their employees.” I would argue that there are a couple things wrong with this statement. First it seems …

Continue reading ‘iPhone and CIS Secure Config Guide’ »