Security Response: Showing posts by M.K. Low

Mobile security was a hot issue at the CanSecWest conference, especially with the prolific use of smart phones for both enterprise and personal use. During my commute to work, it seems that everyone on the train is using their smart phone, pushing those little buttons on their little keyboard to send emails, surf the Web, or check the score of last night’s hockey game. A smart phone is more than just a phone; users can use them to download applications to do anything from update their profile on social networking sites to search for a great Thai restaurant to bowling downhill. My husband even has an application on his smart phone whose sole purpose is to make the most annoying noise on the planet (needless to say, I was not excited when he showed it to me).

So why would an attacker target smart phones? Smart phones have properties that traditional computers may not have: they are always on, 24 hours a day, 7 days a...

A while back I came across an article about a website that tries to reunite lost photos with their owners. People who come across cameras, memory sticks, or photos are asked to upload a few of them onto the site with information such as location, date, or other specific details that may be recognizable by the owner. These photos are public to everyone on the Internet and the goal of the website is for people to browse through the pictures and to connect the photographer back to the photos.

While I can appreciate the spirit of the site, as a security person, I'm very skeptical about introducing a found memory stick or photo memory card into my computer. As noted in the ISTR XIII, memory sticks (or USB thumb flash drives) represent a serious security concern...

Recently, during her vacation to visit me, my sister forgot her cell phone and had to use her credit card in a pay phone to call me. Later that day, she tried to use the same credit card to check into her hotel and it was declined. After calling the credit card company, the man on the phone informed her that criminals often test stolen credit cards in pay phones to verify if it is still valid. Credit card companies know this and instantly put a hold on the card when this occurs.

Of course, this doesn't bode well for the criminal. They have checked if the card works and by doing so, it has been flagged and possibly deactivated. What is a criminal to do? What other methods can they use to verify the validity of the card but yet, still be able to buy that limited edition R2D2 DVD projector after the process? In a previous blog...

It is very easy to post your public information onto socialnetworking sites. It took me less than five minutes to create andactivate my account and half an hour to populate the data with mybirthday, my home town, my status, my education, and my likes (puppies)and dislikes (chicken balls with red sauce). In another half hour, Iwas able to upload pictures of my Asia trip, my friends and family, andeven my Hello Kitty small kitchen appliance collection.

But, it's not so easy to remove personal information off these sites. In a recent BBC articleit was shown that users on a popular social networking site who, afterterminating their accounts, found it difficult to delete personalinformation. A popular social networking site states that "Deactivationwill completely remove your profile and all...