Personal Cybersecurity #11: Daily news

What you need to know for your personal cyber security life… 

Eleventh in a series of semi-regular daily current and topical computer threats that may affect your online, or even offline, digital and real life. Why cybersecurity on SurvivalRing? Because EVERYTHING you do in your life everyday is a part of the cyber world…even your offline plans. So, be aware, and pay attention. The bad guys WILL eventually get around to YOU…personally.

evil inside

# # #

That NBC story 100% fraudulent

http://blog.erratasec.com/2014/02/that-nbc-story-100-fraudulent.html

  • By Robert Graham
  • Errata Security
  • February 06, 2014

Yesterday (Feb 5 2014) NBC News ran a story claiming that if you bring your mobile phone or laptop to the Sochi Olympics, it’ll immediately be hacked the moment you turn it on. The story was fabricated. The technical details relate to going to the Olympics in cyberspace (visiting websites), not going to there in person and using their local WiFi.
The story shows Richard Engel “getting hacked” while in a cafe at Sochi.
  1. It is wrong in every respect.
  2. They aren’t in Sochi, but in Moscow, 1007 miles away.  The “hack” happens because of the websites they visit (Olympic themed      websites), not their physical location. The results would’ve been the same in America. 
  3. The phone didn’t “get” hacked; Richard Engel initiated the download of a hostile Android app onto his phone.

I had expected the story to be about the situation with WiFi in Sochi, such as man-in-the-middle attacks inserting the Blackhole toolkit into web pages exploiting the latest Flash 0day. But the story was nothing of the sort.

[…]

# # #

Texas Hospital Discloses Huge Breach

http://www.informationweek.com/healthcare/security-and-privacy/texas-hospital-discloses-huge-breach-/d/d-id/1113724

  • By David F Carr
  • InformationWeek.com
  • 2/5/2014

St. Joseph Health System has confirmed a security breach affecting the records of up to 405,000 past and current patients, as well as employees and employees’ beneficiaries.

St. Joseph says it believed the attack occurred between Dec. 16 and 18, when one of its computer servers was hacked, and that the exposure ended on the 18th when the attack was discovered and the server was shut down. The health system hired national security and computer forensic experts to investigate. The ongoing investigation suggests the attackers may have gained access to records including names, Social Security numbers, dates of birth, and possibly addresses, as well as the medical information of patients and bank account data for employees.

If substantiated, this would be one of the largest healthcare data breaches ever reported, and the largest by an individual health system. The largest, according to US Department of Health and Human Services data, involved 780,000 records in a 2012 incident at the Utah Department of Health and 475,000 records in a 2008 report from the Puerto Rico Department of Health. Since both of these are government agencies, the St. Joseph breach could potentially have the biggest loss of patient data reported by an individual hospital.

So far, the damage done is a matter of speculation.

[…]

# # #

Israeli start-up claims it may be able to stop all viruses

# # #

75 Percent of Pentagon Contractors Adjusted Security After Snowden Leaks

http://www.nextgov.com/cybersecurity/2014/02/75-percent-pentagon-contractors-adjusted-security-after-snowden-leaks/78302/

  • By Aliya Sternstein
  • Nextgov.com
  • February 5, 2014

Leaks of national secrets by former federal contractor Edward Snowden drove 75 percent of U.S. defense company executives to adjust information security procedures, mostly by increasing employee training and going on high alert for deviant behavior, according to a new study.

The poll of information technology managers was conducted last month by market research firm Opinion Matters on behalf of consultancy ThreatTrack.

Most of the 100 contractors surveyed are taking a manual approach to the crackdown on data seepage, rather than using automated mechanisms to block personnel from disclosing information, according to the study’s data points.

Among businesses with an IT budget of more than $10 million, 44 percent are restricting user access. Of the firms storing or accessing confidential information for the government, 34 percent have scaled back system administrator privileges. Sixty percent of the companies in those same two categories are subjecting employees to more cyber awareness education.

[…]

 # # #

Where Did You Learn About Cybersecurity — or Did You?

http://www.eetimes.com/author.asp?section_id=8&doc_id=1320907

  • By Carolyn Mathas
  • EE Times
  • 2/6/2014

I just noticed the results of a report commissioned by the Institution of Engineering and Technology (IET) called “Using Open Source Intelligence to Improve ICS & SCADA Security.” The report suggests that information that engineers place on social media, in blogs, and in papers is sufficient to mount cyberattacks. In this case, the attacks involved utilities. However, it shouldn’t matter what industry is front and center — only that this may be a side door in.

The basis for the IET’s concern was a survey of 250 small and midsized enterprises. Half were aware of the government’s Cyber Security Strategy, and just 14% said cyberthreats were “the highest priority.”

I have a question: How have you been trained/warned/advised regarding the use of social media, written papers, articles, blogs, etc. and how they relate to security? This report concentrated on the UK, but life isn’t that much different on this side of the pond.

Did you receive any university-level training regarding the role of the individual in security breaches? Was this a part of the new-hire training at your company? What did you learn, and where did you learn it, as to how much information is too much? Maybe this is covered in nondisclosure agreements you sign upon corporate entry as part of an HR exercise?

[…]

 # # #

Updated: February 9, 2014 — 11:20 pm

The Author

Rich Fleetwood

Rich is the founder of SurvivalRing, now in it's 24th year, author of multimedia CDs and DVDs, loves the outdoors, his family, his geeky skill-set, and lives in rural southern Wyoming, just below the continental divide (long story, that...). Always ready to help others, he shares what he learns on multiple blogs, many social sites, and more. With a background in preparedness and survival skills, training with county, state, and national organizations, and skills in all areas of media and on air experience in live radio and television, Rich is always thinking about the "big picture", when it comes to helping individuals and families prepare for life's little surprises.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.