To provide better spam and phishing protection, a number of ways to improve on email message authentication have been available for years, and are being steadily implemented. However, it is a difficult path to make these methods work. Part of the problem is because there are multiple standards and sadly, you need to understand how these different standards interact and complement each other. Ultimately, you are going to need to deploy all of them.
An old scam to separate people from their money has been gaining more popularity. It uses a cellphone protocol called WAP billing to steal your money. You have a hint from its name that it has something to do with wireless network protocols, but the idea is to save folks some time when they want to pay for something online by having the charges go directly on the user’s phone bill. I explain the exploit and how it is being used in my latest blog post for iBoss here. One infection point is a “battery optimizer” app that conceals the WAP billing trojan.
Inspiration on how to improve user experience can come from many places. Here’s how some top museum high-tech exhibits explain data, using interesting visualizations or a combination of senses. I look at examples from the St. Louis City Museum, the Springfield Ill Lincoln Museum and the Chopin Museum in Warsaw (shown here) for examples.
You can read my article in HPE’s Enterprise.Nxt blog here.
Balancing anonymity and privacy isn’t an either/or situation. There are many shades of gray, and it is more of an art than science. Making sure your users understand the distinction between the two terms and setting their appropriate expectations of both should be a critical part of any job managing IT security.
Most users when they say they want anonymity really are saying that they don’t want anyone, whether it is the government or an IT department — to keep track of their web searches and conversations.
However,controlling our privacy is complex: Take a look at the typical controls offered by Twitter. (See the screencap at right.) How can any normal person figure these out? This post for the iBoss blog discusses these and other issues.
You can read my analysis here on HPE’s Enterprise.Nxt site. I review some of its history, highlight a few of the recent innovations with ransomware-as-a-service (such as this web dashboard from Satan shown here), and make a few suggestions on how to prevent it from spreading around your company.
The number of choices for automating login authentication is a messy alphabet soup of standards and frameworks, including SAML, WS-Federation, OpenID Connect, OAuth, and many others. OAuth began its life about seven years ago as an open standard that was created to handle authorization by Twitter and Google.Today I will take a closer look at this standard, and you can read the rest of my post on iBoss’ blog here.
The world of SSL certificates is changing, as the certs become easier to obtain and more frequently used. In general, having a secure HTTP-based website is a good thing: the secure part of the protocol means it is more difficult to eavesdrop on any conversation between your browser and the web server. Despite their popularity, there is a dark side to them as well. Let’s take a closer look at my iBoss blog post this week.