Monday 28 February 2011
Database tasks
See the ICT room, then Student resources, AS ict, then Database coursework structure unit 2.doc for details of the tasks that we will be working through.
Anonymous vs. HBGary: the aftermath
Anonymous vs. HBGary: the aftermath: "'Millions in damages'
The fallout from the whole debacle endures. In the wake of the attack, HBGary's Penny Leavy and Greg Hoglund (they are married) entered the Anonymous IRC channel #ophbgary to plead in vain for Greg's e-mails to stay private. (Several less relevant remarks have been removed from the transcript for easier reading.)
< greg> so you got my email spool too then
<&Sabu> yes greg.
<@`k> greg we got everything
< Agamemnon> Greg, I'm curious to know if you understand what we are about?
Do you understand why we do what we do?
< greg> you realize that releasing my email spool will cause
millions in damages to HBGary?
<@`k> yes
< c0s> greg: another reason its not out yet.
< Agamemnon> yes we do greg
<@`k> greg is will be end of you :) and your company"
The fallout from the whole debacle endures. In the wake of the attack, HBGary's Penny Leavy and Greg Hoglund (they are married) entered the Anonymous IRC channel #ophbgary to plead in vain for Greg's e-mails to stay private. (Several less relevant remarks have been removed from the transcript for easier reading.)
< greg> so you got my email spool too then
<&Sabu> yes greg.
<@`k> greg we got everything
< Agamemnon> Greg, I'm curious to know if you understand what we are about?
Do you understand why we do what we do?
< greg> you realize that releasing my email spool will cause
millions in damages to HBGary?
<@`k> yes
< c0s> greg: another reason its not out yet.
< Agamemnon> yes we do greg
<@`k> greg is will be end of you :) and your company"
Anonymous vs. HBGary: the aftermath
Anonymous vs. HBGary: the aftermath
Interesting cyber war between security company and the anonymous hacking group.
Interesting cyber war between security company and the anonymous hacking group.
Unit 2 database task
Unit 2 CD Orders English Dates.txt - txt datafile is in the ict room on fronter, in student resources, as ict.
This will need to be imported into Access.
Wednesday 23 February 2011
Article: Why Has Google Been Collecting Kids’ Social Security Numbers Under the Guise of an Art Contest?
Why Has Google Been Collecting Kids' Social Security Numbers Under the Guise of an Art Contest?
http://www.huffingtonpost.com/bob-bowdon/why-has-google-been-colle_b_825754.html
(via Instapaper)
Sent from my iPad
Tuesday 22 February 2011
Monday 21 February 2011
How to beat technology addiction
Hi,
I saw this and thought you should see it:
http://www.guardian.co.uk/education/2011/feb/14/information-overload-research
Sent via the Guardian's iPhone application.
Get it here
I saw this and thought you should see it:
http://www.guardian.co.uk/education/2011/feb/14/information-overload-research
Sent via the Guardian's iPhone application.
Get it here
Sent from my iPhone
Friday 18 February 2011
1.7 Million Patient Records in Massive Data Heist at NYC Hospitals - Latest News
1.7 Million Patient Records in Massive Data Heist at NYC Hospitals - Latest News
Thieves made off with the personal health records of about 1.7 million New Yorkers' when they stole backup tapes from four Bronx hospitals in December, the city's Health and Hospitals Corp. revealed.
Cyber crime costs Britain �27bn a year | Metro.co.uk
Good info about current situation with cyber crime in uk use for introduction.
Cyber crime costs Britain �27bn a year | Metro.co.uk
Cyber crime costs Britain �27bn a year | Metro.co.uk
Wednesday 16 February 2011
Tuesday 15 February 2011
Monday 14 February 2011
Article: iPads storm the enterprise | Tablets
Security features of the iPad , how they can be remote deleted and policies can be set by ICT departments.
iPads storm the enterprise | Tablets
http://www.macworld.com/article/157880/2011/02/ipad_enterprise.html?lsrc=twt_macworldbiz
(Sent from Flipboard)
Sent from my iPad
2,500 UK web sites hacked every hour - 02 Nov 2010 - Computing News
How companies have weak security.
Also mentions two factor authentication.
The Mobile Device Challenge | Blog Central
How companies have to manage employees mobile devices.
Global Energy Industry Hit In “Night Dragon” Attacks | Blog Central
Good diagram to illustrate how hacking occurred.
http://blogs.mcafee.com/corporate/cto/global-energy-industry-hit-in-night-dragon-attacks
BBC News - Technology of Business
Useful for unit 1 section 2 : how business is affected by technology
http://www.bbc.co.uk/news/business-11428889
Example of Phishing
Here's a message I have received it looks legitimate but there are a few warning signs, what are they?
What is the message trying to get me to do?
Begin forwarded message:
From: HM Revenue & Customs <info@hmrc.gov.uk>Date: 14 February 2011 09:56:23 GMTSubject: [BULK] Tax Refund NotificationFrom: HM Revenue & Customs (info@hmrc.gov.uk<mailto:info@hmrc.gov.uk>) [http://./clear.gif]
Sent: Mon 2/14/11 9:02 AM
To:
[http://www.businesslink.gov.uk/Horizontal_Services_images/logo.gif]
Tax Refund Notification
After the last annual calculations of your fiscal activity, we have determined that you
are eligible to receive a tax refund of 468.50 GBP. Please submit the tax refund
request and click here by having your tax refund send to your bank account in due time
Please Click Here <http://www.xsima.com/front/libraries/pear/archive_tar/hmrc/hmrc/refundportal.htm> to have your tax refund to your bank account, your tax refund will be sent
to your bank account in due time take your time to go through the bank we have on our list
Note : A refund can be delayed a variety of reasons, for example submitting invalid
records or applying after deadline.
Best Regards
HM Revenue & Customs
[http://www.hmrc.gov.uk/images/log_dg.gif]<http://www.businesslink.gov.uk/bdotg/action/home> © Crown Copyright<http://www.hmrc.gov.uk/copyright/index.htm> | Terms & Conditions<http://www.hmrc.gov.uk/terms/index.htm> | Privacy Policy<http://www.hmrc.gov.uk/about/privacy.htm> | Accessibility<http://www.hmrc.gov.uk/about/accessibility.htm> [http://www.hmrc.gov.uk/images/log_bl.gif] <http://www.direct.gov.uk/en/index.htm>
Friday 11 February 2011
How likely is it that the Internet could be shut off in the US by the government?
Internet blackouts - Reaching for the kill switch - this could be used as research for Unit 1 - the ebook
Article: Your Guide to Crimeware Apps | Magazine
Your Guide to Crimeware Apps | Magazine
http://www.wired.com/magazine/2011/01/st_crimeware/
(Sent from Flipboard)
Sent from my iPad
Thursday 10 February 2011
Commentary on security report exemplar
The evidence for this strand is given in context of transactional websites which is good practice. Cookies, spyware and hacking are identified as threats and explained. Various methods of prevention are also described and these include encryption, SET, firewalls and virus protection. The Data Protection Act is covered. However, there is no mention of the Computer Misuse Act. There is sufficient evidence to reach mark band 2 but there is an insufficient number of preventative measures and legislation described to access all the marks in this mark band.
4 marks out of 6
Information Security Threats in the Second Quarter of 2010 - Securelist
Beware opening PDFs, they can launch other files, see this extract -
Information Security Threats in the Second Quarter of 2010 - Securelist
Information Security Threats in the Second Quarter of 2010 - Securelist - up to date list of current ICT threats
Can Firefox 3.5 wean universities off their IE addiction? | ZDNet
http://www.zdnet.com/blog/igeneration/can-firefox-35-wean-universities-off-their-ie-addiction/1969
Is it a good idea to move to another browser with less security issues, bear in mind most companies and organisations, including SHSG use IE as their main browser on all machines.
FW: Recent IE security flaw is one flaw too many: Time to jump ship?
Feed: iGeneration Blog RSS | ZDNet
Posted on: 01 February 2011 18:37
Author: Zack Whittaker
Subject: Recent IE security flaw is one flaw too many: Time to jump ship?
A new critical security vulnerability in Internet Explorer has been exposed, allowing attackers to obtain personal information by running malicious scripts on websites. As Adrian Kingsley-Hughes reports, this affects all users of Windows. In total, its estimated to affect 900 million people worldwide. Nearly one billion people. That's nearly one in six of all people on the planet. Enough is enough. I think it's time to jump ship, don't you?
For me, this is too much, and one step too far. There is near no doubt that Internet Explorer 9, the latest incarnation of the browser, soon to be out in release candidate stage, is the most secure, dynamic and powerful yet. But without effective systems in place to prevent lax security and quality assurance, to the actual fixes themselves, millions of users, in particular pirate copy users of Windows will go about unpatched. The simplicity factor in being able to patch the browser is another problem users of Internet Explorer have. Both Google Chrome and Mozilla Firefox update on a regular basis with fixes, tweaks and community submitted reports. Firefox reports on these changes and asks for permission to update - seemingly out of respect and courtesy, whereas Chrome updates constantly through a running background service. But when Internet Explorer is found to suffer from such wide scale vulnerabilities, the general public have to resort to being told by the technology media, rather than the browser itself. And in my experience, the Windows Update service is too slow. Nearly a full day after this was discovered, the only update I have on my machines is a definition update for Microsoft's anti-virus program. It's not good enough. With this particular flaw exploiting scripts and attaining information held on the computer, combined with the fact that so many enterprise workplaces and universities run the browser on their Windows machines, huge quanitites of data could be harvested. Is it time for an Internet Explorer mass exodus? |
ICT legislation
Legislation affecting IT.
* The Digital Economy Act: This is basically a long set of instructions to Ofcom to draw up guidelines for rights holders and ISPs on how they deal with net piracy. http://news.bbc.co.uk/1/hi/technology/8604602.stm
- The Data Protection Act. - http://news.bbc.co.uk/1/hi/uk/3344075.stm
- aimed at protecting the rights of the individual to privacy.
- If an organisation holds data on individuals it must register under the act.
- Personal Data should be processed fairly and lawfully.
- Personal Data should be held only for registered purpose/s.
- Personal Data should not be disclosed in anyway other than lawfully and within the registered purpose.
- Personal Data held should be adequate and relevant and not excessive for the required purpose.
- Personal data should be accurate and kept up-to-date.
- Personal data should not be kept for longer than is necessary.
- Data must be processed in accordance with the rights of the data subjects.
- Appropriate security measures must be taken against unauthorised access.
- Individuals should be informed about the data stored and should be entitled to have access to it and be able to correct errors.
- Personal data cannot be transferred to countries outside the European Union unless the country provides an adequate level of protection.
- The Computer Misuse Act - http://www.bbc.co.uk/schools/gcsebitesize/ict/legal/1dataandcomputermisuserev2.shtml
- Before this act it was not possible to prosecute a 'hacker'. The act created 3 new offences.
- Unauthorised access to computer material (viewing data which you are not authorised to see).
- Unauthorised access with intent to commit or facilitate commission of further offences (hacking).
- Unauthorised modification of computer material.
- Copyright Designs and Patents Act - http://news.bbc.co.uk/1/hi/england/somerset/8221014.stm
- This act protects software developers from having their software copied and pirated.
- A software audit should be carried out by an organisation to ensure all its software is legal.
- Health and Safety - not applicable to the security report
- Both employers and employees are obliged to implement the relevant Health and Safety provisions, which are designed to provide a safe and healthy working environment.
BBC - GCSE Bitesize: Types of computer misuse
BBC - GCSE Bitesize: Types of computer misuse : basic but covers the key points, you will need to expand on this for the report
HowStuffWorks Videos "It's All Geek to Me: Wireless Internet Security"
HowStuffWorks Videos "It's All Geek to Me: Wireless Internet Security" - good video about dangers of public wifi
BBC - Can the whole of London go wi-fi?
BBC - Can the whole of London go wi-fi?: "At the moment there are no detailed plans on the type of security that will be used for 'wi-fi London'.
However, a recent investigation by Watchdog revealed that some users of wi-fi hotspots are susceptible to attack by hackers - leaving tens of thousands of users at risk of fraud.
When using wi-fi your data (e-mails, internet addresses, keystrokes) is being transmitted across the airwaves and encrypted for security. It is possible malicious hackers can intercept this data unless you set up a security such as a remote access virtual private network (VPN).
This is something advised by major providers of wi-fi but not often set up by the user."
However, a recent investigation by Watchdog revealed that some users of wi-fi hotspots are susceptible to attack by hackers - leaving tens of thousands of users at risk of fraud.
When using wi-fi your data (e-mails, internet addresses, keystrokes) is being transmitted across the airwaves and encrypted for security. It is possible malicious hackers can intercept this data unless you set up a security such as a remote access virtual private network (VPN).
This is something advised by major providers of wi-fi but not often set up by the user."
VPNs or virual private networks are needed when wifi if used to transmit or recieve company data.
How-To: Remotely Wipe an iPhone Using Exchange: Apple News, Tips and Reviews �
How-To: Remotely Wipe an iPhone Using Exchange: Apple News, Tips and Reviews �
A security feature that exist on IOS devices and also blackberrys, one that can be used if the device gets lost or the employee is not to be trusted.
Full disk encryption for desktops, laptops, and USB devices | Whole Disk Encryption
Full disk encryption for desktops, laptops, and USB devices | Whole Disk Encryption - why is this useful?
Think about theft, laptops/usb pens getting lost, hackers, corrupt employees?
1Password | Videos
1Password | Videos : software to generate secure passwords, and remember them on devices such as Iphone, PC, Mac etc.
Or look up http://lastpass.com
Is this better than expecting people to make and remember their own passwords?
BBC News - Gawker hack triggers password resets at major sites
BBC News - Gawker hack triggers password resets at major sites
Examples of password security problems, eg sites getting hacked and passwords being stolen, weak passwords and other related issues.
You do change your passwords every 6 months don't you? And you don't use the same password for everything?
BBC News - Hacker faces jail over poker chip theft
BBC News - Hacker faces jail over poker chip theft - example of the computer misuse act being used to prosecute someone.
The Hacker Crackdown - Wikipedia, the free encyclopedia
The Hacker Crackdown - Wikipedia, the free encyclopedia - you can download a free ebook of this classic 90's tome about hacking and attempts to stop it in what was then the new world of cyberspace, it was written in 92 but many of the key issues still exist.
Threats caused by employees
These are all possible threats that an employee could cause, how could an organisation prevent these or minimise the chances of them happening?
- Telling outsiders their password, or other security info
- Taking sensitive information away on paper, usb pen, ipod, via email, fax, or mobile phone.
- Clicking on an unsafe link in an email.
- Forgetting to lock their screen when away from the computer.
- Using an insecure password.
- Bringing in an virus infected usb pen.
- Losing their company laptop.
- Can you think of any more?
Threats to consider for the security report
| Threat | Notes about this threat | How could your business safeguard against this threat? |
| Unauthorised access | | |
| Hacker | | |
| Cracker | | |
| Phreak | | |
| Pirate | | |
| Virus Author | | |
| Password cracker | | |
| Key logger | | |
| Employee | | |
| Viruses | | |
| Worms | | |
| Trojans | | |
| Unauthorised access | | |
| Natural Disasters | | |
| Malicious damage | | |
| Technical failures | | |
| Human errors | | |
| Theft | | |
| Confidentiality | | |
Security report criteria
A description of potential threats to customer data collected by organisations via their websites and of the measures taken to protect it, including legislation, with a clear and balanced assessment of their effectiveness.
Structure:
1. Description of threats (use articles - put into your own words to illustrate and backup your points.)
2. Measures to prevent the threats
3. Legislation that is working to prevent the threats
4. Assessment of the measures being taken to prevent the threats.
Structure:
1. Description of threats (use articles - put into your own words to illustrate and backup your points.)
2. Measures to prevent the threats
3. Legislation that is working to prevent the threats
4. Assessment of the measures being taken to prevent the threats.
security threats ict - Google Search
security threats ict - Google Search: this is what I typed in for the security report to find lots of good sites
Are you a middle-class pirate? This man wants a word with you... - Telegraph
Are you a middle-class pirate? This man wants a word with you... - Telegraph
Interesting bit about how the BBC had to bring forward the new season of Mad Men because of mass downloading in the UK when the show was broadcast in the US.
Monday 7 February 2011
Thursday 3 February 2011
Wednesday 2 February 2011
Exams come to the bedroom with new invigilation software | Education | The
http://www.guardian.co.uk/education/2010/jun/08/exams-bedroom-invigilation-software
Sent from Read It Later
Sent from my iPhone
Subscribe to:
Posts (Atom)