Wednesday, November 28, 2012

You’ll Shoot Your Eye Out…

…is probably one of the most memorable lines of any Holiday Classic.  Of course I’m referring to A Christmas Story, where a young Ralphie tries to convince his parents, teachers and Santa that the Red Ryder BB Gun is the perfect present.  I don’t know of there was a warning label on the 1940’s edition box but it is a good reminder from a security perspective that often we, meaning humans, are our own worst enemy when it comes to protecting ourselves.  Every year about 100 or so homes  burn down due to fried turkeys.  A frozen one with ice crystals straight in or the ever famous too much oil that overflows and toasts everything it touches.  Even with the warnings and precautions, humans still take the risk.  Warning: You can get burned badly.

As if the RSA breach wasn’t warning enough about the perils of falling for a phishing scam, we now learn that the South Carolina Department of Revenue breach was also due to an employee, and it only takes one, clicking a malicious email link.  That curiosity lead to over 3.8 million Social Security numbers, 3.3 million bank accounts, thousands of credit cards along with 1.9 million dependant’s information being exposed.  While the single click started it all, 2-factor authentication was not required and the stored info was not encrypted, so there is a lot of human error to go around.  Plus a lot of blame being tossed back and forth – another well used human trait – deflection.  Warning: Someone else may not protect your information.

While working the SharePoint Conference 2012 in Vegas a couple weeks ago, I came across a interesting kiosk where it allows you to take a picture and post online for free to any number of social media sites.  It says ‘Post a picture online for free.’ but there didn’t seem to be a Warning: ‘You are also about to potentially share your sensitive social media credentials or email, which might also be tied to your bank account, into this freestanding machine that you know nothing about.’  I’m sure if that was printed somewhere, betters would think twice about that risk.  If you prefer not to enter social media info, you can always have the image emailed to you (to then share) but that also (obviously) requires you to enter that information.  While logon info might not be stored, email is.  Yet another reason to get a throw away email address.  I’m always amazed at all the ways various companies try to make it so easy for us to offer up our information…and many of us do without considering the risks.  In 2010, there were a number of photo kiosks that were spreading malware.  Warning: They are computers after all and connected to the internet.

Insider threats are also getting a lot of attention these days with some statistics indicating that 33% of malicious or criminal attacks are from insiders.  In August, an insider at Saudi Aramco released a virus that infected about 75% of the employee desktops.  It is considered one of the most destructive computer sabotages inflicted upon a private company.  And within the last 2 days, we’ve learned that the White House issued an Executive Order to all government agencies informing them of new standards and best practices around gathering, analyzing and responding to insider threats.  This could be actual malicious, disgruntled employees, those influenced by a get rich quick scheme from an outsider or just ‘compromised’ employees, like getting a USB from a friend and inserting it into your work computer.  It could even be simple misuse by accident.  In any event, intellectual property or personally identifiable information is typically the target.  Warning: Not everyone is a saint.

The Holidays are still Happy but wear your safety glasses, don’t click questionable links even from friends, don’t enter your logon credentials into a stray kiosk and a third of your staff is a potential threat.  And if you are in NYC for the holidays, a limited run of "Ralphie to the Rescue!" A Christmas Story, The Musical is playing at the Lunt-Fontanne Theatre until Dec 30th.

ps

References

Technorati Tags: F5, smartphone, insiders, byod, Pete Silva, security, business, education, technology, a christmas story, threat,mobile device, kiosk, malware, iPhone, web, internet, phishing

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Monday, November 19, 2012

Holiday Shopping SmartPhone Style

Close to 70% of smartphone owners plan to use the devices for holiday shopping, according to Deloitte (pdf).  Smartphone ownership has jumped from 39.7% last year to 46.1% this year and tablet owners have doubled from 10.5% to 22.4% according to 9,000 shoppers surveyed by BIGinsught.  This will probably also spur an increasing number of people colliding heads and walking into fountains as everyone in the mall will be looking down at their mobile devices instead of watching where they are walking. 

Print Knowing that these devices have become permanent fixtures on our bodies, retailers are using the technology in an attempt to enhance the shopping experience.  As soon as you cross the mall threshold, your phone will buzz with merchant coupons or even better, your online shopping cart has been paid and converted to real items for you walk out, bags in hand, without standing in the check-out aisle.  You’ll be able to browse inventory to know if that incredible deal is in stock or simply purchasing the item on the smartphone while standing in the store and have it arrive, already wrapped, the next day.  Retailers are trying to combat the behavior of looking for the best deals on an item, only to go home and purchase online elsewhere.  Many retailers are equipping employees with tablets and checkout areas with mobile payment systems.  Employees have apps that offer richer information in case a shopper wants to know what a coat is made of, or specific warranty info on an electronic item.  These employee handhelds could also check-out a shopper in the middle of the store, avoiding any lines.  Some stores have even installed iPads in the dressing room so shoppers can choose what music to listen to while parading their selections in the mirror.  Hopefully on those, the cameras are disabled since I can already see a remote ‘Peeping in the Dressing Room’ breach in the headlines.

Coupon sites are starting to deploy Geofencing, or the ability to offer deals that are within range.  You cross a digital boundary and the phone lights up with scan-able deals from area merchants.  While retailers will be trying to entice the shopper, mobile technology also helps the shopper.  They can look up items, prices and reviews; see who has the best selection/inventory/deals; who offers free shipping and a host of other data to help complete Santa’s list while staying under budget.

More stores will also be offering free WiFi for shoppers.  Boingo Wireless indicates that 20%-30% of retailers have deployed wireless in the stores and they expect that to grow to 30%-40% in the coming years.  While it’s wonderful not to be ‘connected’ while shopping, most of these WiFi zones are not secure and all the security rules of open WiFi still apply.  Watch the type of sensitive info you enter while connected since there is virtually no protection.

In other Holiday Shopping news, Consumer Reports released its 2011 Naughty & Nice Holiday List, which looks at the good and not-so-good shopping policies and the companies behind them.  And, Toy sales down after early rush.

ps

Related:

Technorati Tags: F5, smartphone, shopping, byod, Pete Silva, security, business, education, technology, application delivery, ipad, mobile device, context-aware,android, iPhone, web, internet, security

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

Thursday, November 15, 2012

SPC12 Special Features 'Radio Killed the Privacy Star' Music Video?

Armed with a mic and a midi, I belt out, karaoke style, my latest music video ‘Radio Killed the Privacy Star.’ Lyrics can be found at Radio Killed the Privacy Star. #spc12 #bonusfeatures #parody #musicvideo

 

ps

Resources:

Technorati Tags: F5,big-ip,security,management,infrastructure,sharepoint,humor,parody,tmg, privacy,psilva,video

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

SharePoint Conference 2012: That's a Wrap

I wrap it up from the SharePoint Conference 2012. Special thanks to Jose Barros of The SCE Group along with James Hendergart, Greg Coward, Helen Johnson, Courtney Peddicord, Dennis Clark, Jeff Bellamy, Phil Simpson and Mike Jagla of F5. #spc12

 

ps

Resources:

Technorati Tags: F5,big-ip,security,management,infrastructure,sharepoint,cloud,waf,tmg, analytics,psilva,video

Connect with Peter: Connect with F5:
o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]