CyberSecurity Question Time on the FM website!
Ask any question about cyberwar or computer security, broadly defined. This is a topic area in which, in my experience, there is a great deal of “established wisdom” that is neither wise nor established. We — and others reading the FM website — will attempt to answer it in the comments. All answers welcomed!
- Questions received so far
- Quote of the week
- To start the discussion: articles of interest about cyber-issues
(1) Questions received so far
Click on the title to bring up this post. Then click on the link below to go directly to that queston.
- What’s going on with Stratfor? Are they secure now or what?
- How important are SOPA/PIPA?
- Should I frequently change my password? If so, why?
- Why hasn’t the credit card system been made more secure? How secure are ATM cards?
- How can chip+PIN for debit/ATM cards be safer than credit cards? My liability for credit card fraud is only $50 but unlimited for debit cards.
- Will the current cyber-bashing between the Saudi and Israeli hackers escalate? Will this be repeated elsewhere?
(2) Quote of the week
“Come on, people. I know that China hacking stories are plausible, but the bar for actual evidence should be higher than this. “
— Bruce Schneier in his “CryptoGram” blog
(3) Some articles of interest to start the discussion!
(a) You leave your right to privacy at the border
“Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices“, Electronic Frontier Foundation (“Defending your rights in the digital world”), 20 December 2012
Our lives are on our laptops – family photos, medical documents, banking information, details about what websites we visit, and so much more. Thanks to protections enshrined in the U.S. Constitution, the government generally can’t snoop through your laptop for no reason. But those privacy protections don’t safeguard travelers at the U.S. border, where the U.S. government can take an electronic device, search through all the files, and keep it for a while for further scrutiny – without any suspicion of wrongdoing whatsoever.
Am I the only one who finds it interesting that EFF has accurately identified that the enemy in this situation is our own employees?
(b) Your laser printer is a computer; don’t leave it accessible to the Internet
“HP Issues Firmware to Address Printer Vulnerability“, HP, 28 December 2012 — Openign:
Last month researchers at Columbia University discovered a new class of security flaws that could allow hackers to remotely control printers over the internet. The discovery even indicated that hackers could cause actual physical damage to the device by heating up its fuser to dangerous levels, possibly causing a fire.
This is not a new problem; in 1986 when I was a system administrator at a hospital one of my workstations was being probed by an MRI machine.
(c) More accusations of Chinese Hacking
“iBahn, supplier of hotel internet services, denies breach“, IDG News Service, 15 December 2012 — “iBahn said it relentlessly monitors attempted hacks on its network.” Opening:
iBahn, a provider of internet services to some 3,000 hotels worldwide, denied on Thursday a news report that its network was breached by hackers. Bloomberg wrote that a highly skilled group of hackers based in China, which U.S. investigators have called “Byzantine Foothold,” attacked iBahn, citing unnamed sources, including one U.S intelligence official.
“Unnamed sources” should be dismissed without further ado; computer security is a complex issue and people who know what they’re talking about can and should go on record.