If Ottawa thinks the census is invasive, what about the 64 trackers that popular websites install on visitors’ computers?
An interesting article from the Globe and Mail a few Saturday’s ago. More interesting were the comments on this article. They ranged from political jabs at Harper to security advice on browsers, cookies, etc. All valid… even the jabs at Harper ! One piece of advice I would add to businesses would be to ensure you have a web usage policy in place as well as the technology to help you inforce this policy… an ounce of prevetion… as the saying goes.
Here is the rest of the article…
In January of this year, researchers at the San Francisco-based Electronic Frontier Foundation tried an experiment. The online privacy advocacy group set up a Web page, and collected and stored the browser information of everyone who visited it.
There were no tricks. The site would not steal any data or urge casual visitors to install tracking software. It would simply log the same basic information almost all Internet users in the world inadvertently hand over each time they visit a website, including their time zone and Internet-protocol (IP) address – important clues to their location.
The most alarming result of the study of more than 470,000 Web surfers is that 83.6 per cent of them had an instantly identifiable, totally unique fingerprint: Their particular combination of settings and information was unlike that of any other user, increasing the chance they could be personally identified, even though they had done nothing but make a few clicks of the mouse.
“The ‘boogey man’ of the U.S.A. Patriot Act has just become an easy excuse to say no …Canadian authorities can get information in the U.S. without a warrant and American authorities can get information in Canada without a warrant” and this happens on a daily basis” David Fraser
Canadians are quick to use the U.S.A. Patriot Act as an excuse to avoid cloud computing, but they might not know many of the same laws already exist in Canada. Privacy lawyer David Fraser highlights the similarities in this interview with ComputerWorld Canada.
What do security personnel consider to be the biggest threat to the corporate world?
- 37% say Data loss through internal threats, negligence or accidental loss.
- Other top threats include evolved forms of worms, viruses ; malicious attacks ; bots
According to a straw poll of IT security managers conducted by CDW, here’s what is on the minds of security personnel:
Of the 200 IT security professionals surveyed, there is a little bit of optimism that executive management understands the business risks:
- 17 percent of participants say that nothing at all would convince their companies to invest in higher levels of threat prevention
- 18 percent say that only a significant breach of their systems would compel an escalation in security investment.
- 39 percent of respondents believe that a specific assessment pointing out vulnerabilities in their IT security systems would lead to an increased investment in network protection.
What do security personnel consider to be the biggest threat to the corporate world?
- Data loss through internal threats, negligence or accidental loss, said 37 percent of respondents.
- Other top threats include: evolved forms of current threats, such as worms and viruses ; malicious attacks ; bots
“It is troubling to see so many organizations still struggling with preventable threats such as viruses and worms, when the stakes are so much higher from the risks that newer threats pose. It’s critical for businesses to secure themselves with the effective, readily available shields against ordinary threats, to free up time and resources for more proactive action against data loss and the rising threats of botnets and malicious, targeted attacks”
Doug Eckrote, Senior vice president of strategic solutions and services at CDW
Assaf Litai, a well-known authority on data loss prevention (DLP) technologies discusses his definition of DLP, considerations for CIO’s, what to expect from vendors, the evolution of DLP as well as his take on the convergence of anti virus and DLP.
How would you define a data loss prevention solution?
The tricky questions in front of enterprises today are – which is my most important data? How is it being used? These are the questions that a DLP solution answers. To put it in simple words, it assesses risk associated with data. This is a DLP’s core responsibility – to give the management visibility into data and its usage.
Read the remainder of the excerpts from his interview on CXO.com.
Toronto-based security researchers have helped uncover a China-based cyber espionage network — Ghostnet 2.0 — that has stolen sensitive documents from the Indian government and visa information from Canadians.
Cyber spies used phishing e-mail attacks and a bot network — abetted by social media — to steal top secret Indian government documents and visa information from Canadian citizens.
The University of Toronto’s Citizen Lab worked with Ottawa-based security research computer SecDev Group and other American researchers to uncover an even more widespread cyber espionage operation. The total number of stolen documents is greater than 700.
The researchers released their findings yesterday. Read the full story at itbusiness.ca .
Dear Facebook,
I appreciate your service. I really do. I’m sure that many of your 400 million active users appreciate it as well. But now that you have a market value estimated at billions of dollars, it is time for you to start acting like a grown-up company.
That means you have to provide basic security for your customers. And it means responding when your customers try to contact you, as I did recently to talk about an important security issue. Do you think you will be able to hold on to 400 million users if you treat them that way, and if you put their computers at risk? I don’t.
“you are leaving your users open to a major security risk.… I know malware when I see it, and I don’t allow scripts to run on my computer”
Read the rest of this open letter on IT Business.ca from Ira Winkler – the president of the Internet Security Advisors Group.
Although I was hoping to post daily updates, it just didn’t happen given my schedule and all of the sessions. So here’s a quick recap of RSA 2010.
The weather was great.. warm with a few drizzly moments. Although I didn’t stay there, the W Hotel Lobby seemed to be the hub for conference go-ers post event.
I connected with a lot of industry colleagues… mostly familiar faces and some new. Both on the show floor and off site. Tons of business cards were exchanged - one of the good barometers of the success of the event for me ! Having said that, the attendance seemed to lower than last year’s, but on the flip side, there seemed to more qualified/interested attendees as opposed to ‘tire kickers’ and ‘tchoki collectors’.
Here are my top highlights of the conference… in no particular order:
1. Celebrating Canada’s gold medal victory with my fellow Canadian at Websense, our CTO Dan Hubbard – as our US counterparts marvel at the deep meaning this win had for us.
2. General Session Panel Discussion on “Pandora’s Box: Youth on the Internet”. Given the high profile focus, the security industry is starting to see the importance age plays in our online world; and the need to provide better ways to protect children.
3. Panel on Top Cloud Threats and and presentation on Linking Malicious Web Through Statistical Modelling
The one disappointment I did have was seeing vendors on the show floor still treating the exposition like the old days… carnival-esque – ie gimmicky attractions that gather all of the ‘tire-kickers’ and none of the relevant potential customers. Oh well, different strokes I suppose.
All in all it was a good conference with informative content and great chance to reconnect or simply connect with peers and colleagues in the industry.
See you all there next year !!
Dynamic, interactive Web 2.0 technologies have transformed the Web into a core business application platform. Traditional customer relationship and payroll applications are now delivered interactively over the Web, while applications like social networking are used on a daily basis for recruitment, lead generation, and other business processes.
Along with Web 2.0, however, comes new risk as dynamic and user-generated content renders traditional security technologies, such as antivirus and URL filtering, ineffective. These technologies also do not provide control over sensitive outbound data posted to Web 2.0 sites.
Websense® Web Security Gateway leads the secure Web gateway market by providing the best protection against modern Web 2.0 threats with the lowest total cost of ownership. Web Security Gateway secures the use of Web 2.0, with its real-time dynamic threat protection, and Web content categorization that classifies content within Web pages “on the fly,” helping to maintain productivity and compliance with acceptable use policy.
Based on ability to execute and completeness of vision, Gartner positions Websense in the Leaders Quadrant of its Magic Quadrant for Secure Web Gateway.
Access a complimentary copy of the Gartner Magic Quadrant for Secure Web Gateway and learn more.
Websense just launched the indurstry’s first real-time security app for Facebook !
It provides Facebook page owners real-time content and security analysis of comments, wall posts, third party applications, links and other content posted to their Facebook page. According to Dan Hubbard, CTO, Websense…
“Other Web security technologies that try to address uncategorized Web 2.0 content using only virus signatures, URL reputation or categorization are fundamentally flawed and limited,”
Whereas other security offerings are designed to clean a user’s computer after it has been infected, Websense worked with Facebook to create the first and only security application that helps protect Facebook users from encountering malicious links, inappropriate content, viruses or spam, and is the first application to do so for both corporate and individual Facebook page owners.
The Websense security application for Facebook is immediately available in limited beta. To download it for free, or to learn more about the Defensio 2.0 platform for Web 2.0 sites, visit Defensio. To view a video introduction to Defensio 2.0 and its new features, see the video on youtube.
