Security

For most small businesses reading this article, I�ve lost them with the headline. A Cloud Access Security Broker (CASB) is likely to be something they�ve never heard of, let alone considered. Yet more small businesses are becoming Cloud-friendly, especially with their adoption of Software as a Service applications. Funny thing is, some security-focused IT professionals would never consider using Cloud services without a CASB.

I had the pleasure of spending some time with a company called Forcepoint, in Austin, Texas, as a Tech Field Day delegate. David Coffey (VP Research & Development) says �How do you secure things that you don�t own or manage?� IT Pros understand that challenge. Traditionally we�ve focused on securing the devices that you use and the networks that you access. We�ve put firewalls between your PC and the Internet and we�ve prevented you from using random USB sticks. Today�s challenge for IT is ensuring security from your iPad in an airport lounge, to corporate data in the Cloud.

Just a quick post to show you some spam emails I�ve been receiving. My fantastic spam filter (http://www.ctscleanmail.com/) has been quarantining this stuff, but the subject AND the fact they are coming from the same domain name earthlink.net made me curious enough to do a little more research.

A quick internet search shows that while earthlink.net is a valid email provider, it has been known to have issues with spam from user�s accounts in the past, especially spam that has been coded to include your name in the subject. See this July 2011 blog post�http://blog.onlymyemail.com/endless-spam-from-earthlink/

The latest scandal to hit Facebook is from users reporting that old private messages (circa 2007-2008) have now been made public on their timeline.

Facebook is denying this, saying they aren�t private messages at all, just old wall posts.

Despite Facebook engineers knowing what they are talking about with their own software (or do they?), users �saw it with their own eyes� so it must be a privacy breach.

Let�s back the truck up for a minute and find some evidence. Remember that? Facts that may help explain what has actually happened and an prove or disprove a theory?

Disturbing email doing the rounds over the long Easter weekend in Australia, pretending to be from BigPond. I?m blogging about this in the hope that you?ll find this entry?if you receive that email and Google it first.? It?s a scam, and a very clever one.

First the details: sender address?ebilling@bt.com?(that?s your first alarm bell-bt.com is not a bigpond or telstra domain name)

Subject: Your ADSL Service Cancellation Notice?(second alarm bell ? I am not and have never been a BigPond ADSL customer)

Our friends at the Kaseya NOC have decided not to rollout out a Microsoft security patch just released for Internet Explorere 7 machines (on Windows XP).� They�ve seen some issues once it�s been installed and there are a few blog sites with people reporting problems.� Suggest hold off installing this one for a while until it�s sorted:

�Post: We have noticed that after applying the patch KB2416400 (MS10-090), when browsing a particular site, all links stop working following clicking a link to open a java script pop-up window. Hitting F-5 to reload the page restores functionality of the links. So to avoid this miss-functionality we have denied this patch from all Virtual Manage machines.

.. and you can�t get an access to them without making of what we need!

Read �How to decrypt� txt-file on your desktop for details

Just do it as fast as you can!

Remember: Don�t try to tell someone about this message if you want to get your files back! Just do all we told.

*Eeek*� If your computer�s desktop has suddenly turned very pale and is displaying the above message, I hope you have a good backup*.

Not an original blog entry this time, but advice definately worth sharing from the security experts at AVG � thanks Lloyd!

Melbourne and Amsterdam, 13 August 2010�� It should go without saying that the best way to deal with malware is, of course, not to get infected in the first place.

Lloyd Borrett, Security Evangelist�for�AVG (AU/NZ)�says, �Being aware of what products are being targeted by the bad guys may help you as well, so it may be useful to know that at the moment Adobe products are virtually the number one target across the world with millions of PCs being hit by infected Adobe PDFs. Others are being pwned via Adobe Flash ads via Facebook and other social media web sites.�

Thanks to Kate Booby at Spinefex (www.spinefex.com.au) for alerting us to this one!

�I thought I should bring your attention to a scam that we have 3 separate cases of occur within our immediate friends/family.

All of these people had advertised to sell items (2 x cars, 1 x horse) and had been contacted by email and phone calls from a buyer.

The buyer has asked to pay for the items through paypal (and the sellers had to set up paypal accounts) because the buyer is overseas or can�t use their internet banking (one case the man said he was on an oil rig, another was overseas).� Paypal is generally a safe & secure way to receive funds or pay for items.

So many people I know are cynical about Microsoft�s �Windows Updates� .. that is, if they even know it exists.� Valiant attempts by Microsoft to make these updates deploy automatically (to your internet-connected PC) have hit some snags � the installations don�t always work and sometimes they can even break the functionality of corporate applications.� To ease the headache for system administrators, Microsoft�instituted �Patch Tuesday� .. being the 2nd Tuesday of every month when all the newest, tested updates would be sent out.� This lets systems administrators know when they will be hit and gives them a chance to test the latest updates in a lab against their corporate software programs, before releasing�them into the bigger corporate network.