If Ottawa thinks the census is invasive, what about the 64 trackers that popular websites install on visitors’ computers?
An interesting article from the Globe and Mail a few Saturday’s ago. More interesting were the comments on this article. They ranged from political jabs at Harper to security advice on browsers, cookies, etc. All valid… even the jabs at Harper ! One piece of advice I would add to businesses would be to ensure you have a web usage policy in place as well as the technology to help you inforce this policy… an ounce of prevetion… as the saying goes.
Here is the rest of the article…
In January of this year, researchers at the San Francisco-based Electronic Frontier Foundation tried an experiment. The online privacy advocacy group set up a Web page, and collected and stored the browser information of everyone who visited it.
There were no tricks. The site would not steal any data or urge casual visitors to install tracking software. It would simply log the same basic information almost all Internet users in the world inadvertently hand over each time they visit a website, including their time zone and Internet-protocol (IP) address – important clues to their location.
The most alarming result of the study of more than 470,000 Web surfers is that 83.6 per cent of them had an instantly identifiable, totally unique fingerprint: Their particular combination of settings and information was unlike that of any other user, increasing the chance they could be personally identified, even though they had done nothing but make a few clicks of the mouse.
“The ‘boogey man’ of the U.S.A. Patriot Act has just become an easy excuse to say no …Canadian authorities can get information in the U.S. without a warrant and American authorities can get information in Canada without a warrant” and this happens on a daily basis” David Fraser
Canadians are quick to use the U.S.A. Patriot Act as an excuse to avoid cloud computing, but they might not know many of the same laws already exist in Canada. Privacy lawyer David Fraser highlights the similarities in this interview with ComputerWorld Canada.
What do security personnel consider to be the biggest threat to the corporate world?
- 37% say Data loss through internal threats, negligence or accidental loss.
- Other top threats include evolved forms of worms, viruses ; malicious attacks ; bots
According to a straw poll of IT security managers conducted by CDW, here’s what is on the minds of security personnel:
Of the 200 IT security professionals surveyed, there is a little bit of optimism that executive management understands the business risks:
- 17 percent of participants say that nothing at all would convince their companies to invest in higher levels of threat prevention
- 18 percent say that only a significant breach of their systems would compel an escalation in security investment.
- 39 percent of respondents believe that a specific assessment pointing out vulnerabilities in their IT security systems would lead to an increased investment in network protection.
What do security personnel consider to be the biggest threat to the corporate world?
- Data loss through internal threats, negligence or accidental loss, said 37 percent of respondents.
- Other top threats include: evolved forms of current threats, such as worms and viruses ; malicious attacks ; bots
“It is troubling to see so many organizations still struggling with preventable threats such as viruses and worms, when the stakes are so much higher from the risks that newer threats pose. It’s critical for businesses to secure themselves with the effective, readily available shields against ordinary threats, to free up time and resources for more proactive action against data loss and the rising threats of botnets and malicious, targeted attacks”
Doug Eckrote, Senior vice president of strategic solutions and services at CDW
Although I was hoping to post daily updates, it just didn’t happen given my schedule and all of the sessions. So here’s a quick recap of RSA 2010.
The weather was great.. warm with a few drizzly moments. Although I didn’t stay there, the W Hotel Lobby seemed to be the hub for conference go-ers post event.
I connected with a lot of industry colleagues… mostly familiar faces and some new. Both on the show floor and off site. Tons of business cards were exchanged - one of the good barometers of the success of the event for me ! Having said that, the attendance seemed to lower than last year’s, but on the flip side, there seemed to more qualified/interested attendees as opposed to ‘tire kickers’ and ‘tchoki collectors’.
Here are my top highlights of the conference… in no particular order:
1. Celebrating Canada’s gold medal victory with my fellow Canadian at Websense, our CTO Dan Hubbard – as our US counterparts marvel at the deep meaning this win had for us.
2. General Session Panel Discussion on “Pandora’s Box: Youth on the Internet”. Given the high profile focus, the security industry is starting to see the importance age plays in our online world; and the need to provide better ways to protect children.
3. Panel on Top Cloud Threats and and presentation on Linking Malicious Web Through Statistical Modelling
The one disappointment I did have was seeing vendors on the show floor still treating the exposition like the old days… carnival-esque – ie gimmicky attractions that gather all of the ‘tire-kickers’ and none of the relevant potential customers. Oh well, different strokes I suppose.
All in all it was a good conference with informative content and great chance to reconnect or simply connect with peers and colleagues in the industry.
See you all there next year !!
When Parliament was prorogued last month by Canada’s Conservative party government, the so-called anti-malware bill, and three other tech-related bills died.
Getting them back on the legislative agenda will depend on the prime minister’s priorities
The bills are C-27, the Electronic Commerce Protection Act, which covers spam and malware; C-47, which gives police increased power for criminal investigations; and two pieces of legislation, C-46 and C-58, are for fighting child pornography.
Of particular interest to those gearing up their email campaign marketing plans for the new year, is Bill C-27 which forbids anyone in Canada from sending a commercial message to any electronic address unless the receiver has consented. An exception is if the person sending the message has had a business transaction with the recipient in the previous 18 months. Penalties range from up to $1 million for individual violators to up to $10 million for organizations.
As a business owner, this may be your window to run that email campaign to prospects you had planned. As an over spammed consumer, hopefully Bill C-27 gets resurrected and passed soon !
Read realetd story on Network World Canada.
Web 2.0 — the emerging social media world populated by entities like Facebook, Twitter and MySpace — represents the greatest danger in a sea of threats for 2010 … Read the rest of the security trends for 2010 on eChannelline.
Ontario’s privacy commissioner Ann Cavoukian says that banning employees from visiting social media sites, such as Facebook and Twitter at work isn’t a good idea.
“I think it’s a mistake,”Cavoukian said. She completely understands why in today’s environment some businesses may favour an outright ban, but says such prohibitions are almost always counterproductive.
What the commissioner has neglected to mention, is the fact that although a ‘blanket ban’ is not the solution, neither is unsecured open policy.
To leverage the advantages that twitter, facebook and other social networking/user generated content sites bring to your business, you have to allow access and mitigate the security risks associated with them.
I am a whole hearted advocate of saying ’yes’ to these Web 2.0 sites - as long as you have both a usage policy to educate your ‘users’ AND a security solution in place that can categorize pages on these sites in real time - thus giving you the ability to maximize the advantages, without compromising your security posture.
Read the story as reported on itbusiness.ca
On Wednesday the Canadian Radio-television and Telecommunications Commission said it realizes Internet providers may need “measures to manage the traffic on their networks at certain times.” But they must ask the CRTC before they block delivery of content to an end user or slow down time-sensitive traffic, such as video conferencing or voice over IP, “to the extent that content is degraded.”
“Canada is the first country to develop and implement a comprehensive approach to Internet traffic management practices,” said Konrad von Finckenstein, Q.C., Chairman of the CRTC.
Read the full press release here.
The Federal Privacy Commissioner’s annual report for 2008 was released to parliament today. It is clear that the focus is on the need to protect personal information online. The commissioner is cautioning the public to take greater responsibility for securing their privacy and thinking twice about what they post on the Internet. The need to be ‘Connected’ vs ‘privacy and security’… the ultimate balacing act.
“Many young people are choosing to open their lives in ways their parents would have thought impossible and their grandparents unthinkable. Their lives play out on a public stage of their own design as they strive for visibility, connectedness and knowledge,” says Jennifer Stoddart, the Privacy Commissioner of Canada.
Read the full report.
The Honourable Peter Van Loan, Minister of Public Safety was joined in Toronto on Friday October 2nd, by Tom Pownall, Officer In Charge of the RCMP Technological Crime Branch and Diane Brisebois, President and Chief Executive Officer of the Retail Council of Canada to kick off Cyber Security Awareness Month.
“As technology advances, criminal activity is moving online into the cyber world,” said Minister Van Loan. “This poses a real safety and security threat to individual Canadians, who can become victims. Cyber Security Awareness Month is an opportunity to inform individuals, families, and businesses of the risks we all face and how to stay safe online.”
Read the full press release, some key facts, as well as additional information on cyber security.
