The WiKID Blog

The WiKID Blog, musings on two-factor authentication, information security and some other stuff.

zdnet-looks-back-at-mcnealy

Posted by: admin 16 years, 3 months ago

ZDNet has a video of some of Scott McNealy's jabs at Microsoft. While they don't strike me as some of his funniest, I really like that it is sponsored by Microsoft.

it-propoganda-i-dont-think-so

Posted by: admin 16 years, 3 months ago

The anonymous CEO blogger has accused me of IT propoganda. Don't worry my feelings aren't hurt ;). Of course, it is in my interest as the CEO of a security firm that more CEOs recognize the value that investing in security brings. However, I would point out a few things that IMO, keep this post from being pure 'propoganda'.

maintaining-control-over-your-teleworkers

Posted by: admin 16 years, 3 months ago

Turns out even if you don't have a teleworking offering for your workers, they probably do it anyway by loading their laptop up with private, unencrypted information and taking it home. At least that seems to be the case in the Federal government according to a recent study by the Telework Exchange:

The report found that 63 percent of respondents who worked from home unauthorized -- more half of the non-teleworkers surveyed -- used their home computers in doing that work. "People were saving documents on their home computers that were unprotected," said Josh Wolfe of Utimaco, a data security company that underwrote the study.

I wonder how people get to telework if they are not authorized? I assume telework means that they are connecting via a VPN, right? Are over half of Federal employees technically able to remotely connect to their internal network, but on the honor system to not do it? Registering for the doc gets some answers. Teleworkering means that you are working away from the office. That could mean on your blackerry. However, the point of the study stands: unsanctioned teleworking occurs:

• 54% of non teleworkers carry files home
• 41% of non teleworkers log onto their agency’s network from home

Holy Cow! How do people log in to their agency network if they are not allowed! And unsanctioned teleworkers are less likely to be protected from malware:

When teleworkers and nonteleworkers where asked if they had antivirus protection on their laptop or desktop computers, 94 percent of teleworkers responded yes, while only 75 percent of non-teleworkers said yes.

I think implementing two-factor authentication for remote access in federal government agencies would be a huge win - it would immediately eliminate the 41% of unauthorized users accessing the network.

more-on-pci-security-random-pen-testing

Posted by: admin 16 years, 3 months ago

In thinking a bit more about PCI security since my post on PCI visibility. I think what Visa and Mastercard need to do is to hire independent 3rd party penetration testers to pen test merchants and processors.

The PCI Three are making a big switch in September, when they will start fining acquiring banks non-compliant merchants. However, there are two problems with the auditing procedures: Auditors are paid by the companies they are auditing and audits are static snapshots. I'm not insinuating anything here about the ethics of PCI auditors, just pointing out the agency conflict and that a company might get compliant for an audit, then lapse out of compliance.

worried-about-communicating-privately-with-your

Posted by: admin 16 years, 3 months ago

Is TOR not not cutting it for your top-secret embassy communications anymore? Try JAP, which is probably not sponsored by the NSA at all.

• Page 94 of 135
• ←
• 87
• 88
• 89
• 90
• 91
• 92
• 93
• 94
• 95
• 96
• 97
• 98
• 99
• 100
• 101
• →