Fred Avolio's Musings

iChat Status

musings on security and other topics topics archives
June
Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30    
most recent headlines other links, other blogs  

:: home ::
Fri, 24 Jun 2005
Audit Those PCs

Are file-sharing programs a security matter? Today, the Associated Press reports "Confidential Data From Japanese Nuclear Plants Leaks Onto Net". The culprit was a virus-infected PC "loaded with file-swapping software." It included "photos of power generation facilities and workers' medical files--data that should not have been loaded onto a personal computer..."

No duh, as they say.

Have a policy about what is on your PCs, know what is on them, and deal with infractions.

Axel Eble blogged the following (at balrog.de/security/archives/2005/06/24/99_re-audit-those-pcs):
While I agree with what he says about having policies and dealing with infractions current viruses and worms bring their own file sharing software. It's not even necessary to have something pre-installed.

True, of course. I dashed the original off before leaving the office. I neglected to add, that this is yet another example of where egress filtering in the firewall might have helped. Also, perhaps some of the things we discussed in January 2005 in Malware -- the threat is real would help.

Comment on this.
[/security/] permanent link

Suggestions from my Credit Card Company

I (almost) never read the extra pages included in my credit card bill. This is the case now when I get electronic notifications as before with paper bills. But, I guess after the latest MasterCard news (mentioned here), I was doing more reading.

The company adds the following:

SECURITY/ PROTECTING YOURSELF ONLINE
There are simple steps you can take to protect yourself from fraud while online, such as never sending personal or financial information by email. (We'll never ask for it.) For more information, please review the recommendations of the U.S. Government and others at the following sites:
http://www.nipc.gov/warnings/computertips.htm http://iisw.cerias.purdue.edu/home_computing/topten.php

Now, the NIPC one no longer works. NIPC disappeared (as far as I can tell) into the Department for Homeland Security. CERIAS is always a good bet for anyone interested in computer security. So, while I wish their list was more up-to-date (and I wish they pointed to my site :-)) I'm glad they are thinking about this. But, then, most people do what I do and throw away those "extra" pages.

Comment on this.
[/security/] permanent link