It's Not A Con » Miscellaneous

Guan yersel Glasgow!

con — Thu, 06 Aug 2009 05:35:30 +0000

This article from the BBC caught my attention – being Scottish and all that. It suggests, that we Scots, would cut back on eating, or holidays, rather than give up satellite TV or broadband access, according to OFCOM. I am aware that this opens up many opportunities to joke at the expense of my countrymen! Not only am I Scottish, I am a Glaswegian. The OFCOM report shows that the number of homes in Glasgow where people use a broadband internet connection is the lowest of any major UK city. This is both curious and worrisome. It begs the question, that if Glaswegians, are to continue their rich heritage of bringing learning, culture and innovation to the world at large, they need to get better connected to the ‘net.

For those of you who are interested, ‘Guan yersel’ is some Glasgow patter and it is our version of, ‘Go on yourself’. Now, all I need to do is tell my wife that the holiday is off!

Symantec Supports FTC in Shutdown of Pricewert

con — Fri, 05 Jun 2009 11:44:11 +0000

The BBC amongst other sites, is reporting that the US Federal Trade Commission has asked for an American ISP called Pricewert LLC to be shut down. Pricewert has been accused of knowingly distributing child pornography, viruses, spam, and other personal information, which hasn’t exactly endeared it to the FTC.

Symantec were approached to back up the FTC’s case with security data gathered through the use of our Global Intelligence Network, basically to provide a flavor of the type of malicious activity taking place on these sites.

Obviously I don’t just want to sound like I’m banging the corporate drum, but it’s pretty important that as a company we not only protect our customers but also work with enforcement groups like the FTC to help stop malicious activity at its source, by eradicating the organizations that foster cybercrime.

Our Intelligence Network has a pretty incredible reach, and whilst it means we can keep our finger on the pulse, the Internet is a truly massive space and it takes cooperation across the whole industry to make sure that everyone has a safe and fruitful surfing experience.

Industry-wide cooperation is a topic I feel very strongly about and it’s something I hope to blog more about in the future, mainly because I want to make the consumer more aware of their role in the whole ecosystem. It’s all well and good governments, security vendors, ISPs and the like working together to secure the environment, but the consumer has more influence than they realise and getting them to unilaterally apply sensible surfing practices is the Everest that we’re all aiming for.

Take that!

con — Thu, 04 Jun 2009 13:24:40 +0000

The Guardian has published a story that suggests that UK and US security authorities are preparing themselves to strike back at the ‘bad-guys’ who misuse the internet. Hackers who attack defence or commercial computers in the US and UK in future may be in for a surprise: a counterattack, authorised and carried out by the police and defence agencies that aims to disrupt and even knock them off the net.

I am sure that many of you and the public at large would say: ‘about time too’ and ‘ serves them right’. There is some sense of justice, if it were felt that the bad-guys could be brought to account and punished. The story in The Guardian refers to ‘secret plans’ and un-named senior officials, and generally, ‘people familiar with the topic’. As such, this is when we all have to start to take a sanity check on all of this.

This is an idea that has been around for a long time, and for as long as it has been around, nothing has come to pass. Why? I think it comes down to practicalities and to ethics. If it were that easy to be able to directly target and find the ‘bad-guys’ do you not think, the authorities would not have been doing something already? Exactly, tracking down the bad-guys is a tough and involved exercise. The other issue is that in ‘taking them out’, via denial of service approaches for example, is that you can impact and impinge upon other legitimate users of the internet. This is what is referred to as collateral damage.

The other consideration is ethics and the rule of law. It has long be suggested that in the real world, the Police and authorities know who most of the criminals potentially are. However, in most democracies to convict someone you need to prove cause and provide evidence. It is not just a matter of going along to the houses of known and suspected criminals and throwing them in jail or ‘taking them out’ so-to-speak. I believe that that the authorities who are involved in tracking down the cyber-criminals and ‘bad-guys’ have a very difficult and complex job. However, they need to continue to operate within the confines of what is both practical and ethical. They deserve our thanks and support and all the resources they need to help bring the rule of law to ‘net.

How much information is too much?

con — Wed, 13 May 2009 12:37:30 +0000

I came across this very sad and terrible story. A murderer used a social networking site to gain information on his victim and in doing so help him commit this awful crime. David Heiss, 21, from Dauborn, Germany, developed an obsession with his victim’s girlfriend, and used information the couple had posted online to plan his attack in September last year. Matthew Pyke, 20, died of 86 stab wounds in the flat he shared with his girlfriend, Joanna Witton.

I do not want to be sensationalist, but the danger is there for people to see. I do not want to be accused of scaremongering: rather to continue to council reserve and caution about just how much information we disclose on social networking sites. Most of the stakeholders in internet security (security vendors, ISPs, governments, businesses, NGOs) constantly put the issues of financial loss (phishing) and inconvenience (spam) in the forefront of consumer’s minds. However, we all need to remember that security is exactly the same in the on and offline worlds. Yes, financial security is important, but there are also (fortunately less common) physical risks associated, and keeping your personal identity and information safe and secure is very important for your wellbeing. So, a little forethought and caution can and will keep you safe on-line, just as much as it would do in the real world.

A new browser enters the fray: Google Chrome

con — Tue, 02 Sep 2008 12:06:03 +0000

Word of a new open-source based browser leaked from Google yesterday. It will be officially introduced today. Google, by their own admission, hit the ‘send button’ a bit too early and details of Chrome appeared yesterday. Creatively, they outline the ideas behind and techniques used in Chrome using the metaphor of a comic-book.

When FireFox 3 launched in June, I wrote that it was good to see competition in the browser space as it would spur innovation and choice. Well, with Google now getting into this space it is going to get plenty interesting. The timing is of note. Microsoft are continuing to push the BETA development of IE8. Now with the arrival of Chrome it will be interesting to see what this does for the development and launch of IE8.

Now, not every ‘ball’ that Google ‘swipes at’, do they hit out the ‘ground’, to use a baseball metaphor. OpenSocial and Android, whilst met with a lot of excitement and interest are still very much still just making their way.

Bosses most at risk of Identity Theft?

con — Wed, 28 May 2008 16:11:19 +0000

The media has been quick to cover the story from Experian, the credit reference agency, of the rise in reports of identity theft. Many covered the story under the headline of ‘Bosses most at risk of ID theft’. What was notable in this news release was the profiling of reported victims and the ability to show ‘hot-spots’ for identity theft in the UK.

But why is it company directors or bosses who run their own businesses are most prone to identity theft? Of course criminals go where the money is, and by and large, ‘Bosses’ have more money than other mere mortals. I can see some logic there. Given the growing sophistication of identity theft attacks and the ancillary capability to gather more information on people, the criminals can start to separate the ‘bosses’ from the ‘non-bosses’.

Then again, it may simply be that given the legal and reporting requirements of being a ‘Boss’ there is more publicly available information out there if you a company director. Is it time to look back into this to assess if there is a potential risk?

Or, it may just be a lifestyle issue. If you are a ‘Boss’ then maybe you rely on others to help you with some of the admin that goes with being in charge and trying to organise a hectic lifestyle. This plays in the risk of personal identifiable information being shared amongst the boss and maybe an admin assistant PA etc. You see the picture; shared logins, shared passwords, weak passwords so that a number of people can remember what it is etc. The other reality maybe that many of these people are just so busy building and running their businesses, they do not have time to focus on ‘security’?

So, my messages to the ‘Bosses’ is hopefully something they can appreciate – do the basics well and do them all the time. So, use strong passwords. We found that 50 per cent of people still use really weak passwords (http://www.symantec.com/norton/theme2.jsp?themeid=nol). Use some sort of anti-phishing tool in your browser and ensure you have good anti-spam tool for your email.