Interim Market Report - July 2010

Submitted by Kai on Wed, 2010-08-11 13:32.

Barclay Simpson Market Report 2010 Midway through 2010 the recovery in the corporate governance recruitment market that was evident at the start of the year is now firmly established. As recruitment consultants we have been genuinely surprised at the strength of the recovery. The recovery is focused on the financial sector and is a result of both renewed growth in the sector and greater regulatory oversight. Investment in corporate governance has clearly become a priority.

 

 

wifi

WIFI fun

Submitted by Kai on Tue, 2009-06-16 15:04.

Ever since moving back to Oslo, I have had some challenges with my network access from my office. Due to walls thick as an average american (excuse me if I offend you), made out of steel enforced stone and concrete, I decided that I would use two Wifi APs and just bridge them. I have Wifi just out in the hallway, and the reception has been fine with my laptop.

Since I moved my workstation here some time ago, I have had some real challenges with accessing any segments of the net outside of my small office segment (laptop, workstation, testbench, printer). I knew that the wifi connection where to blame. And I knew I had to fix it myself. And as you know, I fix my own stuff only after I have fixed all the other stuff (I believe I am not alone in this...).

I dreaded to have to drill holes in the walls, and stretch cables (from a security point of view, I probably should), and being lazy, I just postponed it.

Until today. I just had enough of Skype dropping every other minute, downloading being impossible, and worse - not being able to use my workstation to upload changes and administer the all the secret stuff that I mess up around the mesh. (No, I will not tell you where and what, since I do not want you to know that it is me that creates the mess!!)

Since I am still lazy, I decided that I would not take the elevator down to the server room and fetch cable, connectors, drill and the rest of the bits and pieces required to mount a cable. Instead, I went out in the sunshine, and just bought myself a new AP, reasoning that the Linksys ethernet bridge that I bought back in 2005 (possibly earlier too), had finally decided to die on me, and that it was just a matter of switching it with a different box. I picked up a Jensen AP with switch included, and where able to clean my office while ditching two devices, bundles of cable and two PSUs.

The Jensen thingie is a cheap box, and after some initial fidling with the setting, connected straight to the AP in the hallway. So far, it seems to be stable, and give me a link to the net that is not going to bug me too much. I hope!

10 golden rules of using public WIFI

Submitted by Kai on Wed, 2008-12-17 11:34.
In this article David Hobson from Global Secure Systems, looks at the top 10 golden rules that you should adhere to in order to stay safe on line when using a public WiFi connection. Thank you David!

Access to the Internet via public “hotspots” is growing and will continue to grow as more and more hotspots are made available. We have McDonalds offering free Internet access and even Boris Johnson proposing that London becomes a WiFi city, with free WiFi, following the likes of Norwich!

This free bandwidth does come with an element of risk. Once you are associated to an access point, you are on the same network as others connected to the same access point, in the same way as plugging into the same network segment. A simple network discovery will show who else is connected....and from there an unscrupulous user could try and access your machine. This may not be deliberate - a Trojan may automatically be scanning in the background for, and trying to infect other machines. In addition to the possibility of direct attack, your data is probably going to be “clear text” – not encrypted.

So what are issues we face when using public ‘hotspots’?

1)    Clear text data – by its very nature a hotspot will not have any encryption or security on it. It is there to enable as many people as possible to connect, as easily as possible. To offer a pre-shared security key is impractical, and the more people have a key, the less valuable a key is.

What does this mean? Well if you are sending email, someone on that network will be able to see, and read that data. It is a bit like handing a postcard over a post office counter. Everyone in the post office can read it. So you really would not write anything confidential on it. To say “Hi, having a wonderful time, wish you were here” is not exactly top secret. You may not want to put all your credit card information on it!

2)    Most web traffic is, by its very nature clear text. Most web sites will switch to secure, encrypted HTTPS traffic when doing commercial transactions. Web mail is normally in the clear...How can you tell if you have changed? Look for the little padlock in your browser!

3)    If you are using business email, we strongly recommend using a VPN (Virtual Private Network) between you and the business mail server. This should be provided by the business. This normally is a security overlay on your traffic. This will encrypt data and ensure no eaves droppers read it.

4)    Your PC needs to have a personal firewall installed, and switched on. A basic firewall is provided within Windows now. Use it! This stops unauthorised access on to the PC.

5)    Many businesses will add an additional personal firewall. The clever ones will actually change the policy based upon your location, which will control the flow of data in and out of your PC in accordance with your policy.

6)    Ensure your anti-virus software is installed, up-to-date and working! This will defend against known virus or Trojan attacks.

7)    Turn off ad-hoc networking – WiFi has two methods of working – ad hoc and infrastructure. Infrastructure is when your PC connects to an Access Point, and then on to a wired network. Ad-hoc is when two PC’s communicate to each other directly without an Access Point. You really should ensure no one can network directly, unless there is a specific reason!

8)    Shoulder surfing. Always be aware who is watching you. Don’t sit with your back to a crowd or window inviting unwanted snoopers to see you type your password or read your documents.

9)    Think about the length of time you are connected. As a precaution, prepare messages off line and only connect to send and receive. This will reduce the window of opportunity for someone to capture your data.

10)    Lastly, when accessing a hot spot be aware of hot spot high jacking. This is when a fake access point is used to fool you into connecting to it. It will record all traffic from your system. This type of attack is mainly used in internet cafes since access is open. Always try and make sure you connect to genuine access points.

For more information on security and WiFi visit www.gss.co.uk


Welcoming Stepstone IT CEO Blog

Submitted by Kai on Thu, 2008-11-13 07:16.
Yes, I admit it. I am an addict to myself. Or at least my blogs and sites linking to me. So when someone links to me, I usually get a notice (using Snarfer), and I usually take a look (unless I know the source to be one of the harvesting sites out there).

No change with that this morning, so I head out to the blogosphere enjoying the attention I get. Yes, I like attention. Had not noticed, had you?

And surely enough, a link back to my blog showed up. This time, the link comes from the Stepstone IT CEO Blog, which seems to be fairly new. Not only does Nauman Kuraishi link to my post on WIFI security in his first post - something I enjoy very much on its own.

He goes beyond. He mention my post in the same sentence as he links to Wired and BBC. And he says these sites offer some:

"... interesting information on the state of wireless security ..."

I am bewildered. I am honored. And I am very happy.

On a sidenote, this happens the same week as I am introduced as the Information Security GURU (!!!!!) at the Norwegian school of Management (BI). What a week!

The TJX case goes to court

Submitted by Kai on Thu, 2008-08-07 07:48.
The TJX case, one of the largest ID- and CC-theft cases so far, has finally gone to court.

The Feds rolled up a large, international circle of criminals who are charged for hacking their way to access a wide array of personal data. According to Attorney General Michael Mukasey, this is the single largest and most complex identity theft case that's ever been charged in the US.

Companies that got hacked include major brands like the OfficeMax, Barnes & Noble, Boston Market, Sports Authority, Forever 21, DSW, BJ's Wholesale Club and TJX Companies.

"They used sophisticated computer hacking techniques that would allow them to breach security systems and then install computer programs that gathered enormous quantities of personal financial data, which they then allegedly either sold to others or used themselves," Mukasey said. "They caused widespread losses by banks, retailers and customers."

The TJX Senior Vice President Sherry Lang ensures that TJX has gone a long way in order to assist the investigation:

"With our customers always being our primary focus, TJX has gone to great lengths to secure its customers' data," Lang said. "However, broader action beyond retailers alone is required to protect consumer data. Banks and the U.S. payment card industry must join retailers and work together, including installing the proven card security measures in the U.S. that are already in use throughout much of the rest of the world."

I like Lang's request - there is no doubt in my mind that the more we integrate and consolidate technology, solutions and tools - into what we consider efficient communication - the easier it is to exploit those tools. Remember - a few years back, you had to hack into each shop. A little later, you could reach the HQ, as the shops started to interconnect. Today, you can reach almost anything, anywhere - just using your brains and a computer.

Compliance is one thing that may help, better understanding of the technology and it's potential is equally important. From a business point of view, I think it is very important to consider the upside of adopting new (young) technology against the potential damage the new technology may inflict.

I am looking forward to following this case!

Other TJX related information




Hacking WIFI - simple and efficiently

Submitted by Kai on Thu, 2008-02-28 09:00.

I enjoy the occasional fun of testing IT security devices and systems. Yes, I cannot hide that fact.

And as many of you know, I am always a bit surprised by the ignorance most people show when it comes to understanding even the most basic threats.

I came by this whitepaper made by a Mr. Antoniewicz, at Foundstone (part of McAfee). Most whitepapers tends to focus on how wonderful the manufacturers tools and solutions are, and quite frankly, I find most of the boring.

Not so this time.

Mr. Antoniewicz has authored a nice overview of some of the methods of hacking WIFI. He does not provide you a step-by-step how-to, but it is not far from it. Most of my readers may find it too technical - but I suggest you speed read it anyway - as it will help you realize just how vulnerable you are! 

Go on! Read it! 

Hacking WEP enabled WIFI

Submitted by Kai on Wed, 2007-11-07 08:00.

To many of us, hacking WEP encryption is yesterdays news. However, to those not so technical out there, I would like to show you how easy and quick it is to hack a WEP-enabled wireless access point.

Do not worry if you do not understand what is going on - just take notice of how quickly it is done, and how confident the hacker is. That is all you need to know and care about.

And of course - I no longer need to beat this old dog, now, do I? You do realize it is time to review and audit your wireless security, right?

Thought so.

 

--> EDIT: Gees, guys, how can you be so STUPID???? There is a link in the text, so there is NO need to ask me for the information. Besides, if you really are THAT stupid, you will never get it anyway. So go read some comics. <---

Syndicate content

Recent comments