Redmond magazine: Skype for Business, some assembly required

The on-premises and cloud editions of Skype for Business Server and the Cloud PBX are promising and less-expensive alternatives to traditional phone systems, but come in a complex array of options and require integration. The software has gained some promising features along with growing support for third-party software, hardware and services. In my review for Redmond Magazine, I look at what is involved in getting it setup and how it works with a sample video conference phone from Logitech here (shown above).

Security Intelligence blog: The Increasing Dangers of Code Hooking

Security researchers discovered a series of implementations of an old type of exploit known as code hooking. These implementations are increasing and becoming more dangerous. Operating under the name of Captain Hook, these exploits make use of code injection techniques that could cause numerous vulnerabilities and potentially affect thousands of products.

I look at the process of code hooking and its relevance to your enterprise security in my latest post for the IBM blog Security Intelligence here.

iBoss blog: Wireless Keyboards are Vulnerable to Sniffing Attacks

One of the most vulnerable places across your enterprise (apart from the inner workings of your user’s brains, that is) can be keyboards. And recently, an innovative keylogger attack has been found by Bastille Networks that intercepts wireless keyboard transmissions. The attacker can be located up to 250 feet away from the computer and is a new twist on some old exploits. Out of 12 wireless keyboard manufacturer, the researchers found that eight (such as the one from Kensington, above) were susceptible to the attack. You can read more in my post for the iBoss blog here.

EventTracker blog: What is privilege escalation

A common hacking method is to steal information by first gaining lower-level access to your network. Once inside, the hacker will escalate their access rights until they find minimally protected administrative accounts, where the attacker can steal data. This is called privilege escalation, and it happens often.

You can read my post here on the EvenTracker blog on what you can do to protect yourself.

WindowsITpro: Choosing among various Slack-like communication tools

We all spend too much time on email, and if your inbox is overflowing with messages from your coworkers, it might be time to investigate another way to communicate. I review for WindowsITpro some of the issues involved in choosing a tool for team communications with intranet-like features, text messaging, workflows and collaboration features. While Slack is a leader in this field, there are lots of other choices (such as Glip, shown below) that could cost less or do more.

FIR B2B podcast #51: The end of Gawker and where CMOs should spend their budgets

This week Paul Gillin and I look at six recent stories and how they affect marketing decisions, including the end of Gawker, how Google is changing its algorithms to penalize pop-up mobile ads, a survey out of the Duke business school about expectations on social media marketing, and why many marketers aren’t doing enough to take advantage of LinkedIn’s deeper engagement features. You can listen to the podcast here:
http://firpodcastnetwork.com/?powerpress_embed=4946-podcast&powerpress_player=mediaelement-audio

‘I have nothing to hide’ doesn’t mean you are anonymous

nothing to hideIn my post from last week, I addressed some of the concerns in the growing conflict between security and privacy. One of the issues that I didn’t talk about, as several readers reminded me, is the difference between privacy and anonymity. This is often summarized by saying, “I don’t care if someone tracks me, I have nothing to hide.” Well, consider the following scenarios.

Scene 1. You are hiking on a remote trail. As you are enjoying the view, someone is taking pictures with their smartphone and pointing their camera in your direction. flash hiding scarfSo essentially your image is being taken without your consent. At first, you think this is fine: after all, you are anonymous, just some random hiker. But when the photographer posts your image on their social feed, your face is recognized thanks to the site’s software. And now, not only are you identified, but your location is also specified. So you have been tagged without your consent. One way around this is to wear specialized clothing that defeats flash photographs, as shown here.

Scene 2. You maintain a very active Pinterest account and post numerous pictures when you are at various events, or when you travel to distant cities. One consequence of this is that anyone who spent time looking at your account could see where you have been and what you have done.

Scene 3. Beginning in 2007, employees of the UK-based News Corp. regularly hack into celebrities’ voicemail accounts. They are sued and eventually pay various fines. Eventually, things come to boil in 2011 and others are charged, and one staffer is actually jailed. Testimony reveals that thousands of phones were involved and dozens of staffers had access to the collected information.

Scene 4. In the neighborhood where I live in St. Louis, the community monitors nearly 100 cameras that continuously capture video imagery to aid in solving crimes. Several dozen people have been arrested as a result of investigations using these images, which are available to law enforcement personnel. While they don’t have facial recognition software yet, it is only a matter of time. But what if anyone could access the video feeds online and monitor what is going on?

Scene 5. Your online activities are being tracked. One of the stories that I wrote about tracking online fraud recently was how security researchers were able to use machine learning to predict when an endpoint device could be considered compromised. They found a series of common characteristics that were easy to discover, without any sophisticated software. These included freshly made cookies (fraudsters clear their cookies often while regular users almost never do), erased browser histories, 32-bit Windows running on 64-bit CPUs and using few browser plug-ins. While any of these factors taken alone might be from a legit user, combined together they almost always indicated a machine used by an attacker.

Still think you have nothing to hide? Maybe so, but it is a bit creepy to know that your digital footprints are so obvious, and show up in so many places.

Some vendors, such as email encryption software Mailpile, have gone to great lengths to document how they address their users’ privacy. Given their market focus, it isn’t surprising. But still the level of detail in that document is impressive. “People should be able to communicate privately,” as they state in their document. That means no eavesdropping on email content, supporting authentic messages and privacy when it comes to the message metadata and storage too. What I liked about the Mailpile manifesto was their non-goals: “Mailpile is not attempting to enable anonymous communication. Most people consider e-mail from anonymous strangers to be spam, and we have no particular interest in making it easier to send spam.”

So as you can see, there is a difference between being anonymous online and maintaining your privacy. Like anything else, it is a balance and everyone has their own trade-offs as to what is acceptable, what isn’t, and what is just creepy. And expect new technologies to upset this balance and make these choices more difficult in the future.