Thrift shops are in general a great place for people to get slightly used clothing. Overall, it seems to be a great system because those that give would have just thrown away the clothes anyway, and those that receive can really use the discount. Have you ever considered, however, the potential for a thrift store to lead to a vulnerability in your company?
People of all types and sizes can donate to thrift stores. This includes Cisco and Comcast employees and others that are traditionally very trusted companies that might be looking at computers or access points. Picking up an official shirt can be one of the ways social engineers use to plant malware or gain access to your sensitive information.
This is a great reason to make sure anyone who may let the real or fake worker into your home of office is trained to call the company that the person is coming from before allowing them into sensitive areas or disclosing any information. Any of these service companie should be able to tell you if they had and who they had sent over to resolve any issues.
Monday, February 20, 2012
Thursday, February 16, 2012
Social Security
No, I do mean not your social security number. I am referring to encrypting your social media, or the oh-so-private information you think can only be seen by the people you have allowed. However, without TLS or Transport Layer Security, anyone nearby with a packet sniffing tool such as Wireshark can see what you are posting or the messages you are saying.
For those unfamiliar with IT, all of the information you put into or through the internet is sent in information segments called packets. These packets can then be "sniffed" or in essence caught out of the air and read, without disturbing the user's interaction with the internet. This means that things that the user may think is private, like an address for a friend's wedding invitation, can potentially be read.
The only way for users to protect their computers is to ensure that they are sending encrypted traffic. This can be shown by the https:// designation instead of http://. Currently, Facebook and LinkedIn have an option to use secure browsing, but it is not default. So, consider opting-in to protect yourself.
Google+ has it set as default, and I recently learned at The Register that Twitter has changed secure tweets from being opt-in to default. Just make sure to always check that your browser says https://. To much work? Use Firefox and install the add-in HTTPS Everywhere. It will force a secure connection with any site that has a secure option.
For those unfamiliar with IT, all of the information you put into or through the internet is sent in information segments called packets. These packets can then be "sniffed" or in essence caught out of the air and read, without disturbing the user's interaction with the internet. This means that things that the user may think is private, like an address for a friend's wedding invitation, can potentially be read.
The only way for users to protect their computers is to ensure that they are sending encrypted traffic. This can be shown by the https:// designation instead of http://. Currently, Facebook and LinkedIn have an option to use secure browsing, but it is not default. So, consider opting-in to protect yourself.
Google+ has it set as default, and I recently learned at The Register that Twitter has changed secure tweets from being opt-in to default. Just make sure to always check that your browser says https://. To much work? Use Firefox and install the add-in HTTPS Everywhere. It will force a secure connection with any site that has a secure option.
Subscribe to:
Comments (Atom)