Posts Tagged ‘internet security’

By now one would hope that the worst of the Heartbleed crisis is behind us. All the servers should be patched, new certificates generated and passwords changed, right? The answers are: probably, hopefully and unlikely, respectively. Compromised passwords are still floating around in the ether so if you haven’t fixed them, do so.

But what about the next Heartbleed? One thing that is about as sure as death and taxes is that there will be another massive vulnerability that will, no doubt, expose millions of user accounts. So, do we just sit tight and wait for the oncoming storm or is there a preemptive strike you can make now to less the likelihood it will impact you in a big way?

I think there is and it’s the subject of my recent post to the IBM Security Intelligence blog. Take a read through it and stay safe.

For those of you in the London area (or those who would like to be), I’ll be presenting on the topic of social media security threats with a focus on identity management aspects at Data Management and Information Quality Conference Europe 2012 on 7 November. Please look me up if you are planning to attend.

 

I attended IBM’s Pulse Conference in Las Vegas this week (March 4-7, 2012) and what a show it was! IBM Fellow Grady Booch’s interview with Apple co-founder, Steve Wozniak (Woz starts about 56 mins in), was a real highlight as was the Maroon 5 concert the night before. They even let me join in on the fun with a video interview of “all things security” which ranged from discussing the significance of launching of the new IBM Security Systems division to the changing nature in both motivation and sophistication in the current hacker threat.

Welcome to Inside Internet Security — the blog. I qualify it that way since it is named after a book I wrote about a dozen years ago which, in a sense, served as the launch pad for what has been an amazing personal journey through the intricacies of IT security in the age of the Internet.

It seems somehow appropriate to commence this new (for me) means of outreach through social media with an exploration of some of the security risks inherent in this format. So in that spirit, I offer up a link to a keynote talk I did in September of 2011 at the New York Institute of Technology’s Cyber Security Conference for your consideration in hopes that it will provoke some thinking on the topic.

In this talk I discuss some of the vulnerabilities in the social networking format as well as cite examples of real world attacks and compromises that have occurred on Facebook and LinkedIn along with some discussion of the weaknesses that exist in current authentication technologies such as passwords and biometrics. (There were some technical difficulties with the audio at the start but it smooths out soon.)

Enjoy …

https://i0.wp.com/www.nyit.edu/images/uploads/calendar/cybersecurity-200_1.gif

NYIT Cyber Security Conference: How Secure Are We? Identify Management and Social Networking Threats