If Ottawa thinks the census is invasive, what about the 64 trackers that popular websites install on visitors’ computers?
An interesting article from the Globe and Mail a few Saturday’s ago. More interesting were the comments on this article. They ranged from political jabs at Harper to security advice on browsers, cookies, etc. All valid… even the jabs at Harper ! One piece of advice I would add to businesses would be to ensure you have a web usage policy in place as well as the technology to help you inforce this policy… an ounce of prevetion… as the saying goes.
Here is the rest of the article…
In January of this year, researchers at the San Francisco-based Electronic Frontier Foundation tried an experiment. The online privacy advocacy group set up a Web page, and collected and stored the browser information of everyone who visited it.
There were no tricks. The site would not steal any data or urge casual visitors to install tracking software. It would simply log the same basic information almost all Internet users in the world inadvertently hand over each time they visit a website, including their time zone and Internet-protocol (IP) address – important clues to their location.
The most alarming result of the study of more than 470,000 Web surfers is that 83.6 per cent of them had an instantly identifiable, totally unique fingerprint: Their particular combination of settings and information was unlike that of any other user, increasing the chance they could be personally identified, even though they had done nothing but make a few clicks of the mouse.
Dear Facebook,
I appreciate your service. I really do. I’m sure that many of your 400 million active users appreciate it as well. But now that you have a market value estimated at billions of dollars, it is time for you to start acting like a grown-up company.
That means you have to provide basic security for your customers. And it means responding when your customers try to contact you, as I did recently to talk about an important security issue. Do you think you will be able to hold on to 400 million users if you treat them that way, and if you put their computers at risk? I don’t.
“you are leaving your users open to a major security risk.… I know malware when I see it, and I don’t allow scripts to run on my computer”
Read the rest of this open letter on IT Business.ca from Ira Winkler – the president of the Internet Security Advisors Group.
Dynamic, interactive Web 2.0 technologies have transformed the Web into a core business application platform. Traditional customer relationship and payroll applications are now delivered interactively over the Web, while applications like social networking are used on a daily basis for recruitment, lead generation, and other business processes.
Along with Web 2.0, however, comes new risk as dynamic and user-generated content renders traditional security technologies, such as antivirus and URL filtering, ineffective. These technologies also do not provide control over sensitive outbound data posted to Web 2.0 sites.
Websense® Web Security Gateway leads the secure Web gateway market by providing the best protection against modern Web 2.0 threats with the lowest total cost of ownership. Web Security Gateway secures the use of Web 2.0, with its real-time dynamic threat protection, and Web content categorization that classifies content within Web pages “on the fly,” helping to maintain productivity and compliance with acceptable use policy.
Based on ability to execute and completeness of vision, Gartner positions Websense in the Leaders Quadrant of its Magic Quadrant for Secure Web Gateway.
Access a complimentary copy of the Gartner Magic Quadrant for Secure Web Gateway and learn more.
Websense just launched the indurstry’s first real-time security app for Facebook !
It provides Facebook page owners real-time content and security analysis of comments, wall posts, third party applications, links and other content posted to their Facebook page. According to Dan Hubbard, CTO, Websense…
“Other Web security technologies that try to address uncategorized Web 2.0 content using only virus signatures, URL reputation or categorization are fundamentally flawed and limited,”
Whereas other security offerings are designed to clean a user’s computer after it has been infected, Websense worked with Facebook to create the first and only security application that helps protect Facebook users from encountering malicious links, inappropriate content, viruses or spam, and is the first application to do so for both corporate and individual Facebook page owners.
The Websense security application for Facebook is immediately available in limited beta. To download it for free, or to learn more about the Defensio 2.0 platform for Web 2.0 sites, visit Defensio. To view a video introduction to Defensio 2.0 and its new features, see the video on youtube.
It used to be coal if you weren’t nice … but Malware ??
Websense Security Labs™ ThreatSeeker™ Network has discovered that the Koobface Web site offers a video posted by ‘SantA’. The usual ruse of requiring a codec to watch the video is used to encourage the user to install and run a file that is, you guessed it, malware.
This malicioius file is currently detected by less than 40% of the available antivirus products according to VirusTotal
On the compromised Facebook page the user is presented with a link to a compromised site in Switzerland. The user is redirected to one of several Koobface Web sites through a malicious Flash movie file hosted on the compromised site. If the user runs the infected file, the worm will automatically login to their Facebook, Myspace, and several other social networking sites and send messages to all their friends.
See screenshot of the malicious wall posts here.
My advice… make sure you have the right technology that prevents you from connecting to this and other infected sites using various ‘lures’… and in this case … Santa !!
According to an Everything Channel study of CIOs, seven in 10 midsize CIOs are using social media technology for their businesses.
Although the survey found that midsize CIOs still use social media tools more for personal reasons (73.5 percent) than for business (69.9 percent), respondents also said that social media can help improve business networks and gather product ideas — that is, once they figure out how to use it.
Productivity and effieciency seemed to be the major concern…however, I would argue that SECURITY needs to be on that list of deciding factors when establishing and implementing a usage policy for these various social media tools.
Here is a good example of the increased ‘pressure’ from constituents with respect to using social media tools:
“… we’re investigating on how to manage and monitor connections while maintaining security,” Gary Allen, CTO at the Amarillo Independent School District in Amarillo, Texas.
Mr. Allen is investigating his organization’s future with social media, as …
the number of requests to incorporate it (social media) have increased.
To any of you in the same boat as Mr. Allen and his colleagues, here is a great whitepaper that should help provide some insight into implementing a security posture for these Web 2.0 sites.
Small businesses often assume that they are too tiny to catch hackers’ attention. But the truth is that hackers don’t care who you are. Most of the time, they use automated programs to exploit a flaw in some piece of common software used by millions and attack them en masse.
Read the rest of this article in the Wall Street Journal by Riva Richmond. Some good advice on how to protect your business.
Here is an excerpt from a post on Gartner’s Blog Network by Andrea DiMaio. Although he claims not be a security expert, Andrea provides some good insight on Web 2.0 risks in light of the affect of the Twitter outage.
He touches on three key risks:
- Malicious software that may be downloaded through sites
- Unavailability of those sites when they are needed
- Data posted on sites that may unwillingly reveal information that may negatively affect government operations
Click here to read his suggestions on how to address these risks.
Frost & Sullivan today awarded Websense, Inc. the 2009 North American Web Content Management Product Innovation of the Year Award and the 2009 Global Content Filtering Products Market Leadership Award.
The Product Innovation of the Year Award recognizes Websense’s development of an innovative, policy-based control Web security solution that addresses the latest Web security threats in today’s dynamic Web 2.0 environment.
The Market Leadership Award recognizes Websense’s leadership in the content filtering products market through innovation, product differentiation, acquisition, and integration of new products and technologies.
Read the full release here.
I recently attended a customer event where I presented a short overview of the Web 2.0 at Work study released by Websense.
Just to ensure everyone was on the same page with respect to what Web 2.0 was… I started by asking the audience for their definition of Web 2.0.
Although only a few were brave enough to respond, just as when I ask about DLP, each one had a different definition… ranging from the generic ‘social networks’ to technical references such as ’Ajax’. We finally agreed upon the common denominator of ‘user generated content’.
Even though I felt like that kid in Jerry Maguire having the ‘did you know?’ conversation, it was interesting to see the reactions of each attendee once presented with some of the facts and stats on the prevelance of Web 2.0 and the security misconceptions.
Needless to say, the dialogue following my breakfast presentation was dominated by…’ I didn’t realize that !” or ‘if I could do that, that would solve …’
Most if not all of the attendees knew that they needed an update in their security posture, but were unaware of how to address this shift from a technology perspective.
If are trying to figure out how to provide safe and secure access to sites like Facebook, Linkedin and others social media / web 2.0 sites, I recommend the following Best Practices document.
Web 2.0 is here to stay – we just need to adapt our security infrastructure and policies to better address it.
