Spedi Retail Software - EPOS for the convenience sector

Don't Recycle Private Data - Shred It!

Monday 26th January 2009

Government Departments may well appear to treat the security of our personal data with indifference, but that is no excuse for us to do likewise.

Recent high-profile instances of laptops being left in taxis, unencrypted CD disks being "lost in the post" and even top secret paper documents being left on trains do not represent the full extent of the problem, merely those occasions on which the media have become involved. Similarly, the true level of identity theft is not known, although it is undoubtedly far higher than official figures would suggest.

Fortunately, a few simple precautions can go a long way towards making life very difficult indeed for the criminals.

An identity theft exploit usually proceeds in much the same way as a snowball grows when rolling downhill. Starting with a tiny amount of material, it grows at an exponential rate and rolls ever faster, possibly reaching a size sufficient to cause severe damage or injury. No significant snowball can be created without a "seed" of snow to start it off, as well as a continuing supply of snow so that it may grow. The more readily that the supply of snow is available, the more rapidly the snowball will grow. Similarly, identity theft exploits start small, then grow exponentially.

The first line of defence, then, is to reduce the risk of the exploit starting in the first place.

Document shredders are readily available and inexpensive. Rather than merely throwing out Bank statements, official letters and any other documents which include a name and address, it takes only a few moments to shred them. Alternatively, some people adopt the slightly more labour-intensive strategy of tearing off the corner portion where the name and address is printed and shredding that portion, putting the now-anonymous material in the recycling box. Most modern shredders will also shred CD and DVD disks, if required.

Selling or scrapping a computer? It is absolutely essential to destroy the valuable, personal data it contains. Merely deleting files and emptying the Windows Recycle Bin is totally inadequate, since the data can readily be recovered, even after a disk has been formatted and the operating system reinstalled. Instead, it is necessary to use specialist security software which will destroy the data to the standard specified by the US Military, by overwriting the entire surface of the disk 30 times with a random pattern of digits. Should even this be insufficient, there are commercial companies which will perform the most secure destruction of a hard disk possible - by physically shredding it into 6mm pieces! To see this process in action, visit http://www.sitd.co.uk and watch their demonstration video. Like the videos on http://www.blendtec.com, this really has to be seen to be believed.

Next, restrict the supply of additional information.

The popular "Social Networking" websites such as LinkedIn, Bebo and FaceBook are almost perfectly designed for identity theft exploits. Where else is there so much personal information readily available for all to see (and misuse)?

Many websites ask for personal information such as an email address etc for no good reason. Instead of using a genuine one, use a free, disposable one such as "fred@mailinator.com" - visit http://www.mailinator.com for details. Fake websites abound, with the sole purpose of aiding identity theft. A popular trick is the fake recruitment agency - reasonably, the site asks for interested candidates to send in their CV. What a goldmine of information these contain!

Internet cafes and other public internet access points are rarely secure, especially if they offer wireless access. As such, they should never be used for any information which must be kept private. This includes email, as well as bank accounts. Who knows what record is being kept of usernames, passwords etc.? Worse, to what criminal purposes will this valuable private data be put?

By treating all requests for information with a healthy, but of course not paranoid, degree of suspicion, even if an exploit is able to start, it will not develop very far.

Watch Out - There's An Identity Thief About!

Monday 19th January 2009

The original version of this famous slogan was, of course, "Watch Out - There's a Thief About!".

Long before the arrival of the Internet, the Police ran a campaign to raise public awareness of the prevalence of theft. This slogan was particularly memorable because the posters on which it appeared included a large cartoon-style image of a burglar, who was making off with one of the letters. Although instances of large-scale fraud and embezzlement occurred from time to time in those days, just as they do now, most thefts involved the physical removal of goods and property from their rightful owners.

Times have now changed, dramatically. Physical thefts by muggers, burglars, pickpockets and the like are still regrettably common, accompanied by varying levels of violence. with. Massive frauds do still occur, the most recent being the "Ponzi" fraud so infamously perpetrated by Bernard Madoff in the United States during late 2009. Due largely to the global adoption of the Internet, there has been a dramatic rise in the amount of computer-based thefts. Unfortunately, cyber-crime has a number of attractions for its perpetrators. In many cases, it can be relatively simple and risk-free to carry out, as well as being difficult to trace. Perhaps the greatest attraction of all for criminals is that, due to the international nature of this type of crime and the general lack of understanding of IT-related matters within the Police, prosecutions are rare and successful convictions even more so.

For Joe Public, the sad truth is that he must take adequate care to protect his own identity, because noone else will do so and, in the event of its theft, it is unlikely that anyone will do anything much about it.

Danger - Social Engineers At Work!

Monday 12th January 2009

"Social Engineering - now showing at a workplace near you!" Unfortunately, this headline is not one of the "London Bus Found on Moon" type so famously associated with the "Sunday Sport" tabloid newspaper.

"Social Engineering - now showing at a computer near you!" Unfortunately, this headline is not one of the "London Bus Found on Moon" type so famously associated with the "Sunday Sport" tabloid newspaper.

There are many well-respected branches of engineering. Where would we be in our modern society without the massive civil engineering projects such as motorways, hydro-electric dams, suspensions bridges and the Channel Tunnel? Mechanical engineering gives us the machinery necessary to work opencast mines for various ores, while from electrical engineering helps provide the means for us to enjoy a reliable, safe and affordable supply of electricity. Aerononautical engineers design the aircraft without which modern society could not exist - the list of beneficial engineering specialities just goes on and on.

Unfortunately, there is one branch of "engineering" which does not benefit our modern society. "Social Engineering" is accurately defined by Wikipedia as "....the act of manipulating people into performing actions or divulging confidential information". Over the course of human history, the physical aspects of security have gradually been improved. In the Neolithic age, earthen ramparts and wooden palisades were adequate, but by the mediaeval period massive stone castles were the order of the day. Military technology continued to advance with the development of firearms and new defences had to be designed to cope with the new threat. Since banks and similar establishments are now well-protected with bandit-proof screens etc., it is now relatively difficult for criminals to steal significant amounts of valuables merely by using force. Computer networks, also, are better-protected against brute-force attacks than ever before, thus compelling the criminals to seek alternative means to achieve their ends. The modern human race is not really any different from our ancestors way back in the Neolithic age, which opens the door of opportunity to the criminal fraternity.

Social engineering takes a number of forms. The smartly-dressed, authoritative "Man from Head Office" who arrives unannounced with a briefcase is unlikely to cause suspicion. He just happens to need to check something on the computer system, but unfortunately he does not have the password needed to gain access. Please would a staff member assist him? Sometimes, he does not even need to ask, as the administrator passwords are conveniently attached to Post-It notes attached to the monitors.....! Even gaining physical access to a locked building without causing suspicion is also easy, using the technique known as "slipstreaming". Here, the criminal waits for a genuine employee to open the door, then pretends to have "left their pass at home/on their desk". The kindly employee feels sorry for this unfortunate lapse - after all, it could happen to anyone - and lets the criminal in to the building.

Other techniques may take longer, but can be worthwhile if the potential reward is sufficiently great. These include befriending employees or even, in extreme cases, becoming an employee oneself.

Such attacks are, unfortunately, easy to carry out and equally as difficult to prevent, without using a paranoia-like degree of security. However, a healthy amount of common-sense and suspicion will go a long way to eliminating them. Why has the "Man from Head Office" arrived without warning? What proof is there that he really is who he says he is? His pass and ID may be false, so when Head Office are contacted, are they even aware of his visit? The "employee who does not have his pass with him" should be referred to Security, not allowed access.

For those who like certainties, the traditional two of "death and taxation" have now been joined by a third - "Social Engineering".

Will It Blend? Yes, It Will!

Monday 5th January 2009

But surely you cannot be serious.....?

Oh yes we are - it WILL blend and here is the proof. Almost everyone has a liquidiser in their kitchen at home, particularly our friends "Over the Pond" who usually refer to them as "Blenders". Although originally popular as an attachment for the Kenwood Chef or similar food mixers, they rapidly became available as standalone kitcvhen gadgets in their own right. Being able to pulverise or puree most food, they are invaluable for making baby food, delicious soups, ice cream, milk shakes etc. They can also be used to make caster sugar from ordinary granulated sugar - very handy when the packet of caster sugar runs out and the shops have just closed....!

Liquidising food clearly falls within the category of "Do try this at home", of course. But what about the "Do NOT try this at home" category? This is where the fun starts.

One American manufacturer believes that their "Blendtec" blenders are among the best and most powerful in the business. Rather than merely expecting people to take this on trust, they actually aim to prove it on their website with demonstrations of just what it can do. Naturally, the most interesting demonstrations are to be found in the "Do NOT try this at home" category. Would you like to see what a golfer really means when he talks about a "slice"? Perhaps your old iPhone does not really cut it any more, now that a new one is available? Want to punish your satnav for trying to take you along a riverbed, complete with river, by mistake? Visit http://www.blendtec.com, sit back and enjoy the show.

Any visit to an event which utilises a compere or other Master of Ceremonies is always more memorable and enjoyable when the compere is genuinely enthusiastic about the performances he is introducing. Such enthusiasm is infectious, just as it is with the demonstrations on www.willitblend.com. In this case, the Master of Ceremonies is one Tom Dickson. His performance really has to be seen to be believed, just like his blenders!

Not surprisingly, his demonstrations are hugely popular on YouTube.

As Bob the Builder does not say - "Can we blend it? YES WE CAN!"

< Previous 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Next >