Open S3 Buckets: From Bad to Worse

Just when you thought that the whole “globally readable Amazon S3 storage buckets” thing couldn’t get any worse, it did. According to a study by a French cybersecurity firm which looked at 100,000 Amazon S3 buckets… 90% of buckets are private, and therefore not at risk of leaking data or ... Read More

The (not paranoid enough) Android

| | hacks, Malware, online security
The train wreck that is Android security continues… A new strain of malware by security firm Wandera found in China has the following charming characteristics, according to a recent blog post. Zero-day threat previously unknown within the mobile security community Group of at least 50 functioning apps containing the sophisticated ... Read More
jim jefferies australian airport security

Jim Jeffries on US airport security

| | Humor, Travel Security
The rest of the world tends to look askance at the way that we here in the US handle airport security. Many of the measures we take are pure “security theatre,” reacting to the last terrorist scheme (exploding shoes, bombs in underwear) that we happened to catch. Checking electronics seems ... Read More

Outsourced security program failure leads to $100K regulatory fine

| | cloud computing, CSO, online security
Another reminder of the importance of managing third party vendor relationships… The Commodity Futures Trading Commission fined AMP Global Clearing (an electronic trading firm) $100,000 for a disclosure of 97,000 files containing customer information to an unauthorized third party due to a misconfigured network attached storage device. AMP had outsourced ... Read More

Leaky buckets and acquisition best practices

There are three interesting things for CSOs to think about in this story on a leak of passport and other personal information on tens of thousands of people: If you are going to use Infrastructure as a Service providers like Amazon, make sure that the people using them take the ... Read More

Malicious data leaks and corporate liability – a tale of two countries

| | CSO, insider threat, Law, Privacy had a link to a very interesting article about corporate liability for an employee’s malicious leaking of employee information. What was most striking to me was the contrast between cases in the UK and the US. In the UK, a disgruntled employee leaked payroll data for 100,000 employees of ... Read More

Two factor authentication on web apps should be the default

tl;dr – If you are using Microsoft Office 365 (or any other hosted email solution) and have not enabled two factor authentication, you are bad and you should feel bad Microsoft and other cloud vendors really need to make two factor authentication the default for their email and other business ... Read More