About

This is an information Security blog focused on data protection and commenting on companies that fail to protect confidential data. This blog is not about glorifying hacking or hackers and I refer to them as the villains or The Darkside depending on my mood. This blog is about providing commentary on the government’s and major corporation’s failures to protect data and informing normal everyday people on how best to protect their data. It is also a way for me to vent my frustrations with the information security industry.

Tuesday, March 5, 2013

[Vulnerabilities] Java



I can’t believe people are still surprised every time there is another Java vulnerability or exploit found. This crappy product has been buggy and full of holes since its inception and why it is so widely used is beyond me. Not using Java was one of the only things the late Steve Jobs and I agreed on. The main reason Apple product’s remained relatively unexploited early on was this combined with their low market share. How does one fix this issue and fight the Darkside? Disable Java (billions of devices use Java including Death Stars)…
 
Link: http://www.networkworld.com/news/2013/030113-researchers-warn-of-new-java-267264.html?source=NWWNLE_nlt_security_2013-03-04

[DLP] Evernote



On Monday Evernote reset their user’s passwords because they were owned. Evernote said that approximately 50 million user names, e-mail addresses and encrypted passwords were compromised (remember the passwords were still encrypted and not clear text). This is such a common occurrence, in fact it is so common anymore that I can’t keep up (but I will try). All I can say is hopefully people are not storing confidential data. Oh who am I kidding I know people are storing it they can’t help it (it is human nature to want everything at your fingertips). This is not going to stop anytime soon. My advice is to encrypt the data before you put it in the cloud if you want it to remain private. Your private data is already out there and vulnerable thanks to the government, banks, and other institutions so you might as well make it easier by just putting out there yourself right?

[InfoSec Buzzwords] Big Data Security



The RSA conference is now over and “Big Data Security” was the buzzword floating around like a turd in a truck stop toilet. Companies are collecting more and more data on their customers than ever before increasing their need to secure it (or at least pretend that it is secure). Needless to say I am not a supporter of “Big Data” and I am definitely against storing it in the “Cloud”. The more confidential data companies possess the more attractive they become to the villains and the higher the risk that a data breach could severely cripple them or bankrupt their company. Oh who am I kidding I don’t give a rat’s ass about the greedy corporations (except for the one I work for… please don’t fire me…) but I do care about all of the personal data of the people that will be in the hands of the villains. I have also noticed that lately there have been a lot of people asking the government to protect their data. Really let’s ask the most unorganized and corrupt people in the cesspool to watch our laptop and wallet while we take a piss (I don’t see how this could possibly be a bad idea). Big Data Security is just another rabbit hole for the information security professionals to jump down (there is an RSA product for that… yeah whatever…).