Richard Hickman Can Restore Deleted Snapchat Pictures For a Price
May 30, 2013
The article Some Jerk Has Figured Out a Way to Recover Your “Deleted” Snapchat Photos, on BetaBeat reports that a once safe space has now been made dangerous by a Utah security firm. By altering the extension on the deleted pictures (which are in reality just being stored, but cloaked with the affixed “.NOMEDIA” extension) Richard Hickman found the deleted pictures on an Android phone. Hickman said,
“Then it’s most likely put into unallocated space, where here it’s actually allocated,” Hickman said. “It’s not that it’s deleted — it just isn’t mapped anymore. It says okay, that spot where that picture was stored is now available to be overwritten. That’s what would happen with a regular camera.” He wants to further ruin your life–he’s working on a way to trace the sender’s information and developing the same recovery capability for iPhones.”
Adding to the bad news for Snapchat users, Hickman has begun to offer his ability to people for a small fee ($300-$500). As if your digital footprint isn’t hard enough to erase, now “erased” data might not be really gone. While this may be of immediate concern to some people (Snapchat “sexters”), it should make us all think of the possibilities. Maybe online data never truly goes away.
Chelsea Kerwin, May 30, 2013
Sponsored by ArnoldIT.com, developer of Augmentext
Open Source Security Remains Corporate Concern
May 24, 2013
When it comes to enterprise information technology concerns, security is usually at the top of the list. Some say that using open source software leaves an organization more susceptible to security risks, while others argue just the opposite. This very debate continues in the Java World article, “Survey: Control and Security of Corporate Open Source Projects Proves Difficult.”
The article hones in a particular component of the security issue, whether or not an organization utilizes an open source policy. Results were compiled through a survey:
“When the 3,500 survey respondents were asked what are the biggest challenges in their company’s open-source policy, the main reasons listed were ‘no enforcement,’ ‘it slows down development’ and ‘we find out about problems too late in the process.’ When asked who in the organization has primary responsibility for open-source policy and governance, 36 percent ascribed that role to ‘application-development management,’ 14 percent to ‘IT operations,’ 16 percent to legal, 13 percent to an open-source committee or department, 7 percent to security, 7 percent to risk and compliance and 7 percent to ‘other.’”
So of the organizations that do utilize an open source policy, many acknowledge little enforcement paltry oversight. These concerns are real. However, an organization may benefit from a compromise, a value-added open source software option. A solution like LucidWorks is fully packaged and supported; not just free-roaming bits of code to be grabbed from the free web. Users and managers can feel more confident in LucidWorks because it is packaged in a way that is easier for them to understand. Most importantly, LucidWorks has long-term industry support and positive track record.
Emily Rae Aldridge, May 24, 2013
Sponsored by ArnoldIT.com, developer of Beyond Search
Google Yourself to Learn About Your Digital Footprint and Avoid Security Breaches
May 22, 2013
The aptly titled article, Do a Google Search on Yourself Every Few Months to Find Out What Others Can Learn About You on SecurityFAQs, reminds us yet again of the time before the Google revolution, when encyclopedia’s were still a great gift and students knew and used the Dewey Decimal System. Today, if you aren’t careful, you can leave invaluable information about yourself for all to see and in some cases to use against you. The article explains,
“Some of the information that Google offers may be able to harm you. Google indexes other websites around the web including some of the websites that you might have visited at some point. If you left information about yourself on one of these websites then there is a good chance that Google might have indexed that information and it is available to the public. If someone was able to type in the right search they would be able to access that information.”
Googling yourself may seem like a vanity exercise but in fact it can help you understand your digital footprint and what information is out there for all the world to see. The article mentions black hat hackers several times, those who breach your computer security for no other reason than malice. ArnoldIT offers more information on digital footprints and the risks you might be exposing yourself to without being aware.
Chelsea Kerwin, May 22, 2013
If you are interested in gourmet food and spirits, read Gourmet De Ville.
Bloomberg and Alleged Two Way Systems
May 11, 2013
Just a small thing, the Bloomberg privacy breach allegations. There are far weightier matters in search; for example, are evaluations and ratings of search vendors objective? Someone on the LinkedIn Enterprise Search Engine Professional Group even raised the possibility that vendors “pay” for coverage in some consultants’ evaluations of technology.
Well, on to the smaller thing which is labeled this way in the New York Times: “Privacy Breach on Bloomberg’s Data Terminals.” You can located the story in the May 11, 2013, edition of the newspaper. If you look online at http://goo.gl/oeMqA you may be able to view the news story. (Google, no promises because I know how you want every blog post to have continuously updated links, but that’s another issue.)
The main idea seems to have originated with a real journalism operation called The New York Post. This point appears in paragraph six, so it is definitely a subordinate point.
As I understand the allegation, Bloomberg tradition terminals had a function which allowed “journalists to monitor subscribers were promptly disabled.” I think that Bloomberg terminals generate some sort of report which allegedly allowed a journalist to determine if someone had used the terminal. The idea is that no use of a terminal suggests that the person has either moved on, lost his or her hands, or experienced an opportunity to find his / her future elsewhere.
How secure are secure systems. Image source: Sandia.gov at http://goo.gl/NaEBE. Modern methods for accessing digital information are difficult to depict. Paper is tangible. Digital data are just “out there.” Humans assume that if it cannot be seen, the problems associated with what’s “out there” are no big deal. Is this an informed viewpoint?
The Atlantic Wire covered the alleged breach in a story called “Why Billions Are at Stake in the Bloomberg Terminal Privacy Problem.” What I found interesting was that the Atlantic Wire pointed out that the breach allegedly allowed a journalist to determine the “news habits” of Bloomberg terminal users. Is this similar to the type of information which online services extract from users’ Web search histories?
They Are Appearing on IP Radar
May 11, 2013
Being out at sea is isolating and requires a person with a certain personality capable of handling that mindset, but ARS Technica points to something interesting that may shave off some of that feeling, “Good Morning, Captain: Open Ports Let Anyone Track Ships On Internet.” It is not surprising that everything is connected to the Internet and Rapid7 Lab researchers discovered during a census of the entire Internet that there was a lot of data from ships’ Automated Identification System receivers. The receivers allow people to track ships’ movements and are placed on ships, buoys, and other navigation markers. They are used to prevent collisions, the H2O equivalent of air traffic controllers. When the researchers discovered the data, within two hours they collected more than two gigabytes on ships, including military and law enforcement.
Before you ask the question, yes it does post a security risk, because everything from safety messages to casual greetings were picked up. The alarming factor is what type of ships they came from.
“As the Rapid7 report points out (and as numerous readers have pointed out as well) the data from AIS is openly published via AIS itself and a number of websites in any case. The data is public by nature—otherwise it wouldn’t be effective in preventing collisions at sea. But the information collected from the AIS system itself is a vulnerable asset—the US Coast Guard counts on AIS in combination with other, secure data sources as part of its Nationwide AIS, a maritime security system.”
Attackers could spoof the data and feed misinformation to cause terror and panic. The weakness has been noted and someone is on the case, per usual. The main question is when?
Whitney Grace, May 11, 2013
Sponsored by ArnoldIT.com, developer of Beyond Search
Open Source Security Issues Emerge Again
March 20, 2013
When discussing software that essentially powers an entire organization, security should always be a concern. Many tout open source for being a powerful answer to many of the security issues (mainly viruses) that target proprietary solutions. However, with a recent scare, some give reasons to be caution about open source software security also. Read more in the TechWorld article, “Security of Open-source Software Again Being Scrutinised.”
The article begins:
“A recent round of flaws discovered in open-source software has reignited concerns that security is getting bypassed in the rush to continue expanding the large and extremely popular code base used by millions. For instance, although the Java-based Spring Framework was criticised by security researchers in January as having a major flaw that allowed remote-code execution by attackers against applications built with it, the updates to Spring this week don’t address this security problem.”
For many organizations, the answer to security concerns is to choose a value-added solution that is built on open source technology. In this way, users get the flexibility and affordability of cutting-edge open source technology. However, they also get the customer support, security updates, and training that goes along with a trusted name in the industry. Take LucidWorks for example, their support and training is unparallel.
Emily Rae Aldridge, March 20, 2013
Sponsored by ArnoldIT.com, developer of Beyond Search
Hadoop Attempts to Secure Big Data
March 8, 2013
Hadoop creates lots of headlines with its open source framework that can handle data-intensive distributed applications. Many recent headlines have focused on the fact that by adding Hadoop to their framework, many solutions can improve their security. TechCrunch addresses the issue in its article, “Intel Launches Hadoop Distribution And Project Rhino, An Effort To Bring Better Security To Big Data.”
The article begins:
“Intel has launched its own Hadoop distribution, entering an already crowded market of major players all looking to get a piece of the big data pie. The company also announced an open-source effort to enhance security in Hadoop. Earlier this week, EMC and HP each announced its own Hadoop distribution. But for Intel, the challenge is to fortify its market-leading position in the data center, where it will face increasing challenge from an emerging ARM ecosystem.”
While Big Data is in many ways a new issue and is therefore demanding new technology, security does not have to be an issue at every turn. For instance, there are solutions built by industry-leading companies that have a strong record of security as well as support and training. LucidWorks is one of them and is definitely worth a second look.
Emily Rae Aldridge, March 8, 2013
Sponsored by ArnoldIT.com, developer of Beyond Search
Murdock Says Wall Street Journal Still Under Hacker Attack
February 15, 2013
Now, isn’t this ironic? TNW reports, “Rupert Murdoch Claims Chinese Hackers Are Still Attacking the Wall Street Journal.” Didn’t Murdoch’s own News Corp. use improper methods to obtain information? I didn’t think Karma usually worked that quickly.
Following revelations that the New York Times had been hacked, the world learned that the WSJ had also been targeted. Now, the paper’s (in)famous owner claims the attacks have not been stopped. Writer John Russell tells us:
“The Australia-born media mogul took to Twitter to reveal that the newspaper was still being targeted by Chinese hackers over the weekend. That’s just days after the WSJ bolstered its network security last week after its computer systems ‘had been infiltrated by Chinese hackers for the apparent purpose of monitoring the newspaper’s China coverage’.
“Murdoch has not provided any further substantiation of his claims.”
These two news outlets, as well as Bloomberg, seem to have been targeted as a result of their coverage of Chinese politics. Though there is yet no evidence to support the theory, security experts suspect that the Chinese government is behind the intrusions. Such charges are nothing new to China, who is also known for its embrace of Internet censorship.
Cynthia Murrell, February 15, 2013
Sponsored by ArnoldIT.com, developer of Augmentext
Security Solutions Find Greater Dependence on Open Source
January 16, 2013
Information technology security is always on the top of the list in terms of priorities. Increasingly, open source is playing a larger role in developing security solutions. Open source brings lots of good things to the table including agility, creativity, and cost effectiveness. The article, “Risk I/O Lowers Risk by Raising IT Security Intelligence,” discusses how Risk I/O is building security on top of an open source foundation.
The article gets to the point with Risk I/O’s utilization of Apache Solr:
“According to Bellis, the Risk I/O platform uses the open source Ruby on Rails framework on the front end, as well as the open source Apache Solr search technology. Risk I/O’s prioritization and predictive analytics capabilities are proprietary technologies. From a security perspective, all of the data used on the platform is encrypted both while at rest and while in motion.”
Open source not only contributes to security solutions themselves, but also increases the security advantage of any software solution built on open source. Another open source software offering is LucidWorks, also built on Apache Solr. LucidWorks specializes in enterprise search technology, with a new LucidWorks Big Data suite devoted to the emerging Big Data phenomenon. LucidWorks is worth a look for a secure and cost effective enterprise search solution.
Emily Rae Aldridge, January 16, 2013
Sponsored by ArnoldIT.com, developer of Augmentext
Big Data on National Security
January 15, 2013
Big Data is all the buzz these days and its impact on national security, or security in general, is really growing. Security implications are obvious when technologists start talking about extracting data from minute data. On that note, Cloudera is hosting a forum on the national security of implications of Big Data on January 30th. The conversation is focused on Apache Hadoop. Read all the details in Bob Gourley’s blog entry, “Are You Architecting Sensemaking Solutions in the National Security Space? Register for 30 Jan Federal Big Data Forum Sponsored by Cloudera.”
Gourley begins:
“Friends at Cloudera are lead sponsors and coordinators of a new Big Data Forum focused on Apache Hadoop. The first, which will be held 30 January 2013 in Columbia Maryland, will be focused on lessons learned of use to the national security community. This is primarily for practitioners and leaders fielding real working Big Data solutions on Apache Hadoop and related technologies.”
The forum would be worth a look for those in this line of work. Many open source vendors, particularly those who deal with Big Data, are trying to address the issue of national security. LucidWorks is another company making an impact on security with its Big Data work. Their partnership with ISS brings their Big Data solutions to the federal government to tackle Special Operations, Counter-Drug, and Counter-Terrorism among others.
Emily Rae Aldridge, January 15, 2013
Sponsored by ArnoldIT.com, developer of Augmentext
-
- Subscribe to Beyond Search
Feature archive
News archive
-
