BBC News - Technology

Monday, 28 February 2011

Egyptian baby named 'Facebook' as Libya attempts to block the Internet | Crave | CNET UK

Egyptian baby named 'Facebook' as Libya attempts to block the Internet | Crave | CNET UK

Database tasks

See the ICT room, then Student resources, AS ict, then Database coursework structure unit 2.doc for details of the tasks that we will be working through.

Anonymous vs. HBGary: the aftermath

Anonymous vs. HBGary: the aftermath: "'Millions in damages'

The fallout from the whole debacle endures. In the wake of the attack, HBGary's Penny Leavy and Greg Hoglund (they are married) entered the Anonymous IRC channel #ophbgary to plead in vain for Greg's e-mails to stay private. (Several less relevant remarks have been removed from the transcript for easier reading.)

< greg> so you got my email spool too then

<&Sabu> yes greg.

<@`k> greg we got everything

< Agamemnon> Greg, I'm curious to know if you understand what we are about?
Do you understand why we do what we do?

< greg> you realize that releasing my email spool will cause
millions in damages to HBGary?

<@`k> yes

< c0s> greg: another reason its not out yet.

< Agamemnon> yes we do greg

<@`k> greg is will be end of you :) and your company"

Anonymous vs. HBGary: the aftermath

Anonymous vs. HBGary: the aftermath

Interesting cyber war between security company and the anonymous hacking group.

Unit 2 database task

Unit 2 CD Orders English Dates.txt - txt datafile is in the ict room on fronter, in student resources, as ict.

This will need to be imported into Access.

Friday, 18 February 2011

Constant Connectivity: The Way We Work Today - IT Management

1.7 Million Patient Records in Massive Data Heist at NYC Hospitals - Latest News

1.7 Million Patient Records in Massive Data Heist at NYC Hospitals - Latest News

Thieves made off with the personal health records of about 1.7 million New Yorkers' when they stole backup tapes from four Bronx hospitals in December, the city's Health and Hospitals Corp. revealed.

Constant Connectivity: The Way We Work Today - IT Management

BBC News - UK cyber crime costs �27bn a year - government report

BBC News - UK cyber crime costs �27bn a year - government report

Cyber crime costs Britain �27bn a year | Metro.co.uk

Good info about current situation with cyber crime in uk use for introduction.

Cyber crime costs Britain �27bn a year | Metro.co.uk

Tuesday, 15 February 2011

Threats to data word cloud

Wordle: threats to data
Wordle: security report as ict
Here's a wordle word cloud of the security report exemplar!  click the graphic to see the full quality version.

It helps you think about some of the key words to include in your report.

Monday, 14 February 2011

Article: iPads storm the enterprise | Tablets

Security features of the iPad , how they can be remote deleted and policies can be set by ICT departments. 


Sent from my iPad

2,500 UK web sites hacked every hour - 02 Nov 2010 - Computing News

How companies have weak security.

Also mentions two factor authentication.

http://www.computing.co.uk/ctg/news/1895960/-500-uk-web-sites-hacked-hour

The Mobile Device Challenge | Blog Central

How companies have to manage employees mobile devices.

http://blogs.mcafee.com/enterprise/mobile/the-mobile-device-challenge

Global Energy Industry Hit In “Night Dragon” Attacks | Blog Central

Good diagram to illustrate how hacking occurred.
http://blogs.mcafee.com/corporate/cto/global-energy-industry-hit-in-night-dragon-attacks

BBC News - Hackers hit 'at least five oil and gas firms'

Security info, how hackers infiltrate companies.
http://www.bbc.co.uk/news/technology-12416580

BBC News - Technology of Business

Useful for unit 1 section 2 : how business is affected by technology
http://www.bbc.co.uk/news/business-11428889

Example of Phishing

Here's a message I have received it looks legitimate but there are a few warning signs, what are they?

What is the message trying to get me to do?

Begin forwarded message:

From: HM Revenue & Customs <info@hmrc.gov.uk>
Date: 14 February 2011 09:56:23 GMT
Subject: [BULK] Tax Refund Notification

From:   HM Revenue & Customs (info@hmrc.gov.uk<mailto:info@hmrc.gov.uk>) [http://./clear.gif]
Sent:   Mon 2/14/11 9:02 AM
To:

[http://www.businesslink.gov.uk/Horizontal_Services_images/logo.gif]

Tax Refund Notification

After the last annual calculations of your fiscal activity, we have determined that you
are eligible to receive a tax refund of 468.50 GBP. Please submit the tax refund
request and click here by having your tax refund send to your bank account in due time

Please Click Here <http://www.xsima.com/front/libraries/pear/archive_tar/hmrc/hmrc/refundportal.htm> to have your tax refund to your bank account, your tax refund will be sent
to your bank account in due time take your time to go through the bank we have on our list

Note : A refund can be delayed a variety of reasons, for example submitting invalid
records or applying after deadline.

Best Regards

HM Revenue & Customs

[http://www.hmrc.gov.uk/images/log_dg.gif]<http://www.businesslink.gov.uk/bdotg/action/home> © Crown Copyright<http://www.hmrc.gov.uk/copyright/index.htm> | Terms & Conditions<http://www.hmrc.gov.uk/terms/index.htm> | Privacy Policy<http://www.hmrc.gov.uk/about/privacy.htm> | Accessibility<http://www.hmrc.gov.uk/about/accessibility.htm> [http://www.hmrc.gov.uk/images/log_bl.gif] <http://www.direct.gov.uk/en/index.htm>

Thursday, 10 February 2011

Advanced sign-in security for your Google account

http://feedproxy.google.com/~r/OfficialGmailBlog/~3/wEV3fUStB64/advanced-sign-in-security-for-your.html


Sent from my iPhone

Commentary on security report exemplar

The evidence for this strand is given in context of transactional websites which is good practice. Cookies, spyware and hacking are identified as threats and explained. Various methods of prevention are also described and these include encryption, SET, firewalls and virus protection. The Data Protection Act is covered. However, there is no mention of the Computer Misuse Act. There is sufficient evidence to reach mark band 2 but there is an insufficient number of preventative measures and legislation described to access all the marks in this mark band.

 

4 marks out of 6

Information Security Threats in the Second Quarter of 2010 - Securelist

Beware opening PDFs, they can launch other files, see this extract -

Information Security Threats in the Second Quarter of 2010 - Securelist: "Another notable innovation is that ZeuS is distributed using pdf files. An independent researcher has discovered that executable files embedded in pdf documents can be executed without having to exploit any vulnerabilities. The file is executed using the Launch function described in the pdf format specification. Just a few days after this information was published on March 29, people started to get emails with a specially crafted pdf document, which used the file launching method described above to infect computers with the ZeuS Trojan. In order for the computer to become part of a botnet, all the user needed to do was open the attachment."

Information Security Threats in the Second Quarter of 2010 - Securelist

Information Security Threats in the Second Quarter of 2010 - Securelist - up to date list of current ICT threats

Can Firefox 3.5 wean universities off their IE addiction? | ZDNet

http://www.zdnet.com/blog/igeneration/can-firefox-35-wean-universities-off-their-ie-addiction/1969

Is it a good idea to move to another browser with less security issues, bear in mind most companies and organisations, including SHSG use IE as their main browser on all machines.

FW: Recent IE security flaw is one flaw too many: Time to jump ship?

 

Feed: iGeneration Blog RSS | ZDNet
Posted on: 01 February 2011 18:37
Author: Zack Whittaker
Subject: Recent IE security flaw is one flaw too many: Time to jump ship?

 

A new critical security vulnerability in Internet Explorer has been exposed, allowing attackers to obtain personal information by running malicious scripts on websites.

As Adrian Kingsley-Hughes reports, this affects all users of Windows. In total, its estimated to affect 900 million people worldwide.

Nearly one billion people. That's nearly one in six of all people on the planet. Enough is enough. I think it's time to jump ship, don't you?

For me, this is too much, and one step too far. There is near no doubt that Internet Explorer 9, the latest incarnation of the browser, soon to be out in release candidate stage, is the most secure, dynamic and powerful yet.

But without effective systems in place to prevent lax security and quality assurance, to the actual fixes themselves, millions of users, in particular pirate copy users of Windows will go about unpatched.

The simplicity factor in being able to patch the browser is another problem users of Internet Explorer have.

Both Google Chrome and Mozilla Firefox update on a regular basis with fixes, tweaks and community submitted reports. Firefox reports on these changes and asks for permission to update - seemingly out of respect and courtesy, whereas Chrome updates constantly through a running background service.

But when Internet Explorer is found to suffer from such wide scale vulnerabilities, the general public have to resort to being told by the technology media, rather than the browser itself.

And in my experience, the Windows Update service is too slow. Nearly a full day after this was discovered, the only update I have on my machines is a definition update for Microsoft's anti-virus program. It's not good enough.

With this particular flaw exploiting scripts and attaining information held on the computer, combined with the fact that so many enterprise workplaces and universities run the browser on their Windows machines, huge quanitites of data could be harvested.

Is it time for an Internet Explorer mass exodus? 


View article...

ICT legislation

Legislation affecting IT.

   * The Digital Economy Act: This is basically a long set of instructions to Ofcom to draw up guidelines for rights holders and ISPs on how they deal with net piracy. http://news.bbc.co.uk/1/hi/technology/8604602.stm
  • The Data Protection Act. - http://news.bbc.co.uk/1/hi/uk/3344075.stm
    • aimed at protecting the rights of the individual to privacy.
    • If an organisation holds data on individuals it must register under the act.
    • Personal Data should be processed fairly and lawfully.
    • Personal Data should be held only for registered purpose/s.
    • Personal Data should not be disclosed in anyway other than lawfully and within the registered purpose.
    • Personal Data held should be adequate and relevant and not excessive for the required purpose.
    • Personal data should be accurate and kept up-to-date.
    • Personal data should not be kept for longer than is necessary.
    • Data must be processed in accordance with the rights of the data subjects.
    • Appropriate security measures must be taken against unauthorised access.
    • Individuals should be informed about the data stored and should be entitled to have access to it and be able to correct errors.
    • Personal data cannot be transferred to countries outside the European Union unless the country provides an adequate level of protection.
  • The Computer Misuse Act - http://www.bbc.co.uk/schools/gcsebitesize/ict/legal/1dataandcomputermisuserev2.shtml
    • Before this act it was not possible to prosecute a 'hacker'. The act created 3 new offences.
    • Unauthorised access to computer material (viewing data which you are not authorised to see).
    • Unauthorised access with intent to commit or facilitate commission of further offences (hacking).
    • Unauthorised modification of computer material.
  • Copyright Designs and Patents Act - http://news.bbc.co.uk/1/hi/england/somerset/8221014.stm
    • This act protects software developers from having their software copied and pirated.
    • A software audit should be carried out by an organisation to ensure all its software is legal.
  • Health and Safety - not applicable to the security report
    • Both employers and employees are obliged to implement the relevant Health and Safety provisions, which are designed to provide a safe and healthy working environment.

BBC - GCSE Bitesize: Types of computer misuse

BBC - GCSE Bitesize: Types of computer misuse : basic but covers the key points, you will need to expand on this for the report

HowStuffWorks Videos "It's All Geek to Me: Wireless Internet Security"

HowStuffWorks Videos "It's All Geek to Me: Wireless Internet Security" - good video about dangers of public wifi

BBC - Can the whole of London go wi-fi?

BBC - Can the whole of London go wi-fi?: "At the moment there are no detailed plans on the type of security that will be used for 'wi-fi London'.
However, a recent investigation by Watchdog revealed that some users of wi-fi hotspots are susceptible to attack by hackers - leaving tens of thousands of users at risk of fraud.
When using wi-fi your data (e-mails, internet addresses, keystrokes) is being transmitted across the airwaves and encrypted for security. It is possible malicious hackers can intercept this data unless you set up a security such as a remote access virtual private network (VPN).
This is something advised by major providers of wi-fi but not often set up by the user."

VPNs or virual private networks are needed when wifi if used to transmit or recieve company data.

Apple - iPhone in Business - Integration

Apple - iPhone in Business - Integration

More security features of the iphone for business

How-To: Remotely Wipe an iPhone Using Exchange: Apple News, Tips and Reviews �

How-To: Remotely Wipe an iPhone Using Exchange: Apple News, Tips and Reviews �

A security feature that exist on IOS devices and also blackberrys, one that can be used if the device gets lost or the employee is not to be trusted.

Full disk encryption for desktops, laptops, and USB devices | Whole Disk Encryption

Full disk encryption for desktops, laptops, and USB devices | Whole Disk Encryption - why is this useful?

Think about theft, laptops/usb pens getting lost, hackers, corrupt employees?

1Password | Videos

1Password | Videos : software to generate secure passwords, and remember them on devices such as Iphone, PC, Mac etc.


Is this better than expecting people to make and remember their own passwords?

BBC News - Gawker hack triggers password resets at major sites

BBC News - Gawker hack triggers password resets at major sites

Examples of password security problems, eg sites getting hacked and passwords being stolen, weak passwords and other related issues.

You do change your passwords every 6 months don't you? And you don't use the same password for everything?

BBC News - Hacker faces jail over poker chip theft

BBC News - Hacker faces jail over poker chip theft - example of the computer misuse act being used to prosecute someone.

The Hacker Crackdown - Wikipedia, the free encyclopedia

The Hacker Crackdown - Wikipedia, the free encyclopedia - you can download a free ebook of this classic 90's tome about hacking and attempts to stop it in what was then the new world of cyberspace, it was written in 92 but many of the key issues still exist.

Threats caused by employees

These are all possible threats that an employee could cause, how could an organisation prevent these or minimise the chances of them happening?



  1. Telling outsiders their password, or other security info
  2. Taking sensitive information away on paper, usb pen, ipod, via email, fax, or mobile phone.
  3. Clicking on an unsafe link in an email.
  4. Forgetting to lock their screen when away from the computer.
  5. Using an insecure password.
  6. Bringing in an virus infected usb pen.
  7. Losing their company laptop.
  8. Can you think of any more?

Threats to consider for the security report


Threat
Notes about this threat
How could your business safeguard against this threat?
Unauthorised access


Hacker


Cracker


Phreak


Pirate


Virus Author


Password cracker


Key logger


Employee 


Viruses


Worms


Trojans


Unauthorised access


Natural Disasters


Malicious damage


Technical failures


Human errors


Theft


Confidentiality




Security report criteria

A description of potential threats to customer data collected by organisations via their websites and of the measures taken to protect it, including legislation, with a clear and balanced assessment of their effectiveness.


Structure:
1. Description of threats (use articles - put into your own words to illustrate and backup your points.)
2. Measures to prevent the threats
3. Legislation that is working to prevent the threats
4. Assessment of the measures being taken to prevent the threats.

Prevent Identity Theft with Responsible Information-Handling Practices in the Workplace | Privacy Rights Clearinghouse

Prevent Identity Theft with Responsible Information-Handling Practices in the Workplace | Privacy Rights Clearinghouse: useful policies for the security report

security threats ict - Google Search

security threats ict - Google Search: this is what I typed in for the security report to find lots of good sites

Are you a middle-class pirate? This man wants a word with you... - Telegraph

Are you a middle-class pirate? This man wants a word with you... - Telegraph

Interesting bit about how the BBC had to bring forward the new season of Mad Men because of mass downloading in the UK when the show was broadcast in the US.