Security Risk: Time to Move Off Windows XP SP2

Microsoft will stop supporting users of Windows XP SP2 as of July 13, 2010. This means that the company will no longer provide security patches for SP2. All Windows users should immediately upgrade to SP3 or Windows 7. According to a Computerworld article, Windows XP SP2 is still in use in more than 75% of organizations with 36% of the PCs in every organization run SP2.

Stan Stahl Ph.D. June 22, 2010 Filed in Cyber Security Management, Security Alert: Vulnerability Management No Responses

California Court Knowingly Exposes Confidential Data for 10 Days

The ABA Journal reports that a court in California’s Sacramento County made 443 confidential documents available on a public kiosk. The problem wasn’t fixed until June 4 even though a probate lawyer had brought the problem to the attention of the court on May 24. According to Presiding Judge Steve White, court technology employees didn’t act immediately because of another apparently more pressing computer problem.

Read the story here.

Stan Stahl Ph.D. June 16, 2010 Filed in Cyber Security Management, Law Firms, Online Privacy No Responses

Free WiFi at Starbucks — Reminder of Cybersecurity Risk

The New York Times reports that Starbuck’s will begin offering free WiFi on July 1. This makes it a good time to remind everyone about the need to be cautious when using public Wi-Fi. While the most common risk is eavesdropping, one cannot overlook the risk of computer compromise. Here are five basic rules anytime you’re on a WiFi network whose security cannot be verified:

  1. No online banking or other eCommerce
  2. No email containing sensitive information except via an approved encrypted link from PC to  Mail Server
  3. Keep anti-virus or host intrusion prevention software (better) up-to-date
  4. Make sure software patches are up-to-date
  5. Use VPN for access to office
    Stan Stahl Ph.D. June 14, 2010 Filed in Business at risk, Citadel: Thinking about Security, Consumers at risk, Cyber Security Management, Identity theft, Online Privacy No Responses

    “CyberWar: Sabotaging the System” on CBS 60 Minutes

    From 60 Minutes: Could foreign hackers get into the computer systems that run crucial elements of the world’s infrastructure, such as the power grids, water works or even a nation’s military arsenal, to create havoc? They already have. Steve Kroft reports.

    Watch the 60 Minutes report.
    Stan Stahl Ph.D. June 13, 2010 Filed in Cyber Security Management, national security No Responses

    e-Banking Bandits Target Title and Escrow Companies

    KrebsOnSecurity.com reports that in March, computer criminals broke into the network of Redondo Beach, California based Village View Escrow Inc. and sent 26 consecutive wire transfers to 20 individuals around the world who had no legitimate business with the firm.The escrow firm has been the victim of on-line bank theft. Cybercriminals hijacked the firm’s online bank account and stole $465,000.

    In discussions we’ve had with law enforcement and bank security personnel, we find that this is a cybercrime trend. Cybercriminals seem to have discovered that title and escrow companies are regular users of the ACH system while their security controls are too often easily bypassed by the advanced hacker tools now in use.

    We continue to recommend extreme caution in online banking, including

    1. When possible, have separate computer(s) used exclusively for online banking
    2. Utilize ‘out-of-band’ confirmation for all online bank transactions
    3. Keep systems patched and all anti-malware software up-to-date
    4. Diligently check bank accounts daily
    5. Limit use of social networking sites
    6. Be on guard for phishing and other social networking attacks
    Stan Stahl Ph.D. June 10, 2010 Filed in Business at risk, Cyber Security Management, Financial systems security, Internet badlands No Responses