Video Thumbnail: Data Breaches: Almost Like Clockwork

Data Breaches: Almost Li...

Last year, as part of our predictions for 2014 we said there would be one major data breach every month. At the time, many people said that our prediction was overly pessimistic. It was one prediction I would have been happy to have gotten wrong. Unfortunately, I haven’t been proven wrong. We’ve seen major data breaches hit large institutions left and right. In many cases, these breaches have been due to attacks of point-of-sale (POS) malware that hit these companies. In other cases, attackers got into their networks directly and stole the information of their users. People may think that financial information is the most valuable information that can be lost, but that’s not always the case. Banks and other financial institutions are very good about not letting consumers eat the...
Video Thumbnail: To Mobile App Developers: Compete on Privacy and Security, Too

To Mobile App Developers...

There are many mobile app developers today who want to develop the next hot mobile app. After all, if you pay your cards right, you could end up being bought by a much larger company like Facebook, Google, or Microsoft for billions of dollars. It’s hard enough to build a mobile app that will have the features and ease of use that will make it popular with millions of users. There are other things that apps can compete on, however: this includes the privacy and security of their users. How can developers do this? First of all, consider how the app is written. Are best practices being followed? Developers on PCs and Macs have already learned that their apps can suffer from vulnerabilities that can be exploited. Are you doing your best to avoid these issues? One reason to harden your apps...
Video Thumbnail: Rebuilding Trust: Is Your Data Safe?

Rebuilding Trust: Is You...

For the past year or so, I’ve noticed that people are increasingly concerned about how protected their information is – not just from hackers, but from governments and large Internet companies as well. Individual users and organizations are now saying – more than ever before – that privacy and security matters. Of course, the desire for privacy and security is sometimes trumped by the desire for added convenience and features. However, one thing that will cause changes in how data is protected is government regulation. In some quarters, it is perceived – rightly or wrongly – that private companies cannot be trusted with the data of their users, and that the government must step in with regulations. The European Union is planning new regulations that will control how...
Video Thumbnail: Will Bitcoin Succeed?

Will Bitcoin Succeed?

When you work for a security company, sometimes people think you must know everything there is to know about technology. So sometimes I get asked, “Will Bitcoin and other cryptocurrencies succeed?” Unfortunately, I’m an engineer, not an economist. I can’t speak to how big central banks like the Federal Reserve in America, the Bundesbank here in Germany, or the Bank of England in Britain will react to it. Maybe they’ll try to regulate it. Maybe they’ll try to ban it. Who knows? Ask an economist or a banker; they might know better. What I do know is that more and more brands are accepting cryptocurrencies as payment. In America, for example, online tech stores like Dell and Newegg have started to accept bitcoins. Not only can you buy your gadgets with bitcoins, but you can also...
Video Thumbnail: Securing the Internet of Everything

Securing the Internet of...

Whenever I hear about the Internet of Everything, I find myself somewhat conflicted. There’s no doubt that it is the new “mega trend” in technology, but at the same time I wonder how secure it is. Let me explain. When a company creates a smart device, they not only need to create the hardware for the device, they also need to write the software for it. This is not a simple task, particularly for complex items. Take, for example, a modern car. Think of all the features it has: distance assistance, lane assistance, and even notification of emergency services if I crash. It can even compile various statistics about how I drive and compare it to other drivers of that model. All this results in a very large amount of software that needs to be written. A modern car has more than 100...
Video Thumbnail: Privacy and the Right to be Forgotten

Privacy and the Right to...

Earlier this month there was a very interesting decision out of the European Court of Justice. The decision established what can be called the “right to be forgotten”. People can now ask search engines like Google to remove links from search results about them. So, for example, say you are now a successful businessman. However, the first search results for your name is a slightly embarrassing incident that took place in your youth. Now, you can ask Google to “forget” about that incident so it won’t show up first when someone searches for your name. You can debate whether this is a good idea or not. Europeans like myself tend to think this is a good idea – after all, who else should control but you, right? Americans tend to look at it as a free speech issue. There is a cultural...
Video Thumbnail: Data Gathering Is a Two-Way Street

Data Gathering Is a Two-...

Today’s technology is becoming better and better at an exponential clip. It was only a few decades ago that we had cellphones the size of bricks and Internet the speed of which is only a fraction of a single percent of today’s connections. Now we carry powerful computers in our pockets as well as wear them for watches, and we can download entire libraries in less than a couple of moments. But with all benefits there are prices to pay for such convenience. One of them is how the companies behind such conveniences use them to collect data from their customers – how they use the service, when and where and who and why. The fact is, these companies never reveal the fact that they do so readily – more often than not, it is discovered by someone who bothers to look, and whenever they do...
Video Thumbnail: Advice for Enterprises in 2014: Protect Your Core Data

Advice for Enterprises i...

It is an interesting time to be in IT security today. PRISM and Edward Snowden taught many lessons about how companies should secure their data. There’s been a lot of discussion about the surveillance aspect of this, but consider this whole affair from the side of the NSA. To the NSA, this was a data breach of unprecedented proportions. All indications are that Snowden was able to exfiltrate a significant amount of classified data; what has been published so far represents a relatively small proportion of what he was able to access. Consider that Snowden technically wasn’t even an employee – he was just a contractor. How did he do this? How could a contractor access this much information? Some companies may think – “if it can happen to a spy agency, there’s nothing we could...
Video Thumbnail: Mobile Banking and the Risks

Mobile Banking and the R...

There is no doubt that mobile banking is going to become very significant in 2014, if it isn’t already. In the United States, a quarter of all people selecting a bank say mobile banking is a “must-have”. In parts of the developing world, mobile banking is even the dominant form of banking. There is no doubt anymore that mobile banking is a big part of the banking landscape – which means, of course, that it is bound to become a big part of the threat landscape as well. In the past, smartphones were generally used to help protect normal online banking transactions. Banks would send users a Transaction Authorization Number (TAN) via SMS that they would have to enter on their PCs to verify that a transaction was valid. It’s essentially a form of two-factor authorization that...