Living Security
A lot of my writing these days appears on We Live Security, the website that grew out of the Threat Blog at blog.eset.com. Here are some highlights:
- The state of healthcare IT security: are Americans concerned enough?: The privacy and security of medical records is a matter of concern to many Americans now that most are now stored electronically, but is there cause for concern? And who is most concerned?
- Malware is called malicious for a reason: the risks of weaponizing code: The risks of using government use of malicious code in cyber conflict are examined in this paper by Andrew Lee and Stephen Cobb: Malware is called malicious for a reason: the risks of weaponizing code.
- Could latest NSA revelations further impact online behavior, denting the economy?: Internet surveillance by America’s National Security Agency (NSA) has been further exposed by two new developments: the analysis of leaked NSA surveillance reports and the XKeyscore targeting code. Will these stories increase the number of Internet users who say they are inclined to reduce their online engagement due to the activities of the NSA and GCHQ.
- Facebook may face FTC fines over research into users’ emotions: With EPIC filing an FTC privacy complaint against Facebook, which is already the subject of a Consent Order due to a previous privacy settlement, the social network could be facing a hefty fine for emotion-based manipulation of the Newsfeed for research purposes.
- Cyber Boot Camp and tomorrow’s cyber security professionals: The top three teams from the fifth annual Mayors’ Cyber Cup will attend Cyber Boot Camp at the headquarters of ESET North America for five days of hands-on security training and lectures from IT experts, law enforcement, and career advisors.
- Encryption essential for cyber security: A million reasons to encrypt sensitive data: Encryption is essential to cyber security today, with encryption of personally identifiable information (PII) being a top priority for organizations large and small, to protect customers and avoid fines and penalties after data breaches.
- NSA faces fresh revelations as Snowden anniversary arrives: On the one year anniversary of Edward Snowden’s public revelations of mass surveillance conducted by the U.S. National Security Agency we look back on the impact, even as we face the prospect of more revelations to come.
- GameOver Zeus and Cryptolocker: Law enforcement hits gang responsible: FBI names as “Most Wanted” the leader of cyber criminal gang based in Russia and Ukraine responsible for both GameOver Zeus and Cryptolocker schemes, as law enforcement agencies crack down on cyber crime infrastructure.
- Behind Blackshades: a closer look at the latest FBI cyber crime arrests: Blackshades is a RAT and the FBI has just arrested a lot of people involved in its use and distribution. But what’s a RAT and how will these arrests impact cyber crime?
- Don’t forget flash: memory cards can be a data loss and infection vector: A reminder that malicious code can be spread via flash memory cards like SD cards, just as easily as it can spread on USB flash drives. Check these tips to get protected.
- Business continuity management: key to securing your digital future: Business continuity management is the key to securing your company’s digital future despite disruptive incidents, from power outages and IT errors to fires, floods, tornadoes, earthquakes, and tsunamis.
- Taxing Times: Dealing with tax identity fraud in America: Filing your taxes on April 15? What if someone has already filed “your” income tax return? Sadly, this can happen, and it does happen, all too often. Here’s why, and what you can do about it.
- NSA revelations shake faith in U.S. tech firms as Harris poll shows public conflicted: The National Security Agency (NSA) surveillance activities revealed by former CIA contractor Edward Snowden appear to be taking a serious toll on public confidence in technology companies in America, such as Internet service providers and software companies, according to a Harris poll commissioned by ESET. The poll found that two-thirds of adult Americans who said
- New Harris poll shows NSA revelations impact online shopping, banking, and more: A new Harris poll shows that revelations about the National Security Agency’s digital surveillance activities are changing online behavior for many Americans and some say they are doing less online banking and less online shopping because of what they have learned about the NSA.
- STEM education, the Target data breach, and the Apple SSL vulnerability: Could holes in security code and major information systems in America be due, at least in part, to the dire state of education in subjects like Science, Technology, Engineering, and Mathematics (STEM)?
Being Security
I have also been writing some posts about security and privacy on my first blog, Scobbs Blogspot. The idea is to put security pieces there when they are not a good fit for We Live Security, for example, a strong personal opinion, or a speculative piece. (In general, I want to keep this blog here, Cobbsblog, for non-security stuff.) Recent posts on Scobbs Blogspot include:
- Is this your Sample Information Security Policy?
- Business Continuity Management: Sounds boring yet saves lives, companies, butts
- Internet voting security: a scary tweet that reached 227,391 (even before Heartbleed)
- A call to action we ignore at our peril
- The Privacy Meter Redux
- Why there is so much cyber crime: #1 It's our spending priorities
- My #4 personal privacy and security prediction for 2014: A BIG year for good/bad news
Security Slides and Webinars and Podcasts
You can find some of the slides from my security presentations at SlideShare under the zcobb account. These include slides that ESET graciously makes available for anyone who is working to increase security awareness in their organization. Here is a recent example from a webinar on cybercrime:
Some of my security education presentations are done as webinars and you can find these in the ESET channel on a service called BrightTalk. The channel requires a one-time registration process but is free and there are dozens of recorded webinars available from myself and my colleagues.
I have also recorded a lot of podcasts on security and privacy. These are available on this page but they are not marked as to author. All of the podcasts are worth a listen and feature my fellow researchers at ESET.
Earlier this year I answered several questions for a reporter while visiting the Latin America headquarters of ESET. Topics covered in the resulting video include the effects of Snowden's revelations about the NSA, the relationship between privacy and security, and social media issues for young people. Spanish subtitles are provided.
Fighting Hemochromatosis
My writings on hemochromatosis started here on this blog in 2008, with "dsgds". Then, in 2010, I created CelticCurse.org and post there when I have something substantial. Here are some recent posts.
- Introducing Hemo-Doc-Stars: doctors who ‘get’ hemochromatosis
- Death by Ignorance: Millions of Americans at risk from hemochromatosis, but few doctors know much about it
In addition to Celtic Curse, I created another channel of communication about hemochromatosis, the Hemochromatosis page on Facebook. This has reached over 100,000 people so far this year and led to the publication of the first ever "Hemo Doc Stars" list of recommended hemochromatosis doctors from around the world.
So, the next time I am wondering to myself "what have I accomplished this year?" I can look at this page and refresh my memory. And the above is not everything. I also got accepted into a postgraduate degree program in security and risk management in the Criminology Department of the University of Leicester, in England. I hope to have time to share some instructive tales of distance learning here as the program progresses.