Human Risk and the Impact of Security Awareness Training

Posted by Scottie Thompson on May 2, 2016 10:41:01 AM

BYOD_Blog_Post.jpg

Many of us travel for work, and as such, we must connect to a number of untrusted networks in order to stay on top of things. These public networks, while seemingly non-threatening, can be a hostile environment with malicious users seeking to extract any sensitive data they can, such as credit card information, personal information, and passwords. Some may say that this is unlikely, and that if there was a malicious user on a public network, they would be protected with the use of encrypted services. However, I would argue that this is not the case at all. Often adverse agents will use “passive” monitoring techniques to intercept data being sent over the network. This can be accomplished with any packet sniffing tool but will only allow an attacker to see traffic that is “in the clear” or unencrypted. If an attacker intends to intercept data transported via TLS, SSL, HTTPS, or from encrypted services like Gmail, Slack, or Dropbox, they need a way to subvert the in-transport data protection mechanisms.

Read More

Topics: Security, Wireless Security, Human Risk

Internet Connected Cars Raise Concerns about Vulnerabilities

Posted by Ross Moir on Apr 29, 2016 3:56:32 PM

Ross_Blog_Car.jpg

Cyber security researchers are increasingly concerned with Internet-connected vehicles.  Vehicles nowadays are connected to owners’ homes, traffic signals, insurance companies, and more and are just as vulnerable as corporate networks.  Security analysts and researchers have demonstrated ways to remotely manipulate a car’s system that controls breaking, accelerating, steering, and other critical functions.  Furthermore, these vulnerable systems were not limited to one brand or model of car.  As such, the FBI and National Highway Traffic Safety Administration (NHTSA) issued a public service announcement in March warning of the potential cyber threats.

Read More

Topics: Security, Wireless Security

Inflight Wi-Fi Not as Secure as You Think

Posted by Ross Moir on Mar 18, 2016 1:36:46 PM

Inflight_Wifi_Risks_Blog_Post.jpg
 
Image courtesy of satit_srihin at FreeDigitalPhotos.net

ARS Technica recently published an article on the security of inflight Wi-Fi.  Providers like GoGo Wireless and Global Eagle Entertainment offer passengers to pay for use of Wi-Fi services.  While customers may think their communications and activities are secure, think again, says USA Today columnist Steve Petrow.  Mr. Petrow was “hacked” while on an American Airlines flight – a man claimed to have been able to read his email communication with a source for a story.  Given the overall Wi-Fi security lapses, as addressed in this post from ComputerWorld, it is easy to begin to understand how this can happen.  But what can be done about it?

 

First, Wi-Fi on an airplane operates similar to public Wi-Fi networks.  Access is granted through a “captive portal” where you have to provide login details and/or payment info and accept the terms of service.  Once that is done – the user is granted access to the web.  There is no password protection on the connection, which means the traffic that is carried on the Wi-Fi network’s packets is being transmitted in the clear.  This means anyone listening can grab the data that passes through the access point.

 

Read More

Topics: Security, Wireless Security, cybersecurity, policy

The Bad, The Worse, and The Ugly of Wireless Security

Posted by Kris Kimmerle on Dec 31, 2014 8:29:00 PM


There is a steady growth of businesses adopting wireless technology to increase their workforce productivity but this productivity gain is not without a heavy surge in security risks. External and internal security threats have successfully targeted and compromised corporate wireless networks for years, which in turn, has driven the demand for heighten vigilance when both deploying Wi-Fi networks and specialized training for employees on how to use these networks. Corporate WLAN aren't going away anytime soon so it's important that we understand the top security risks that plague this technology and how professionals may bridge the gap in security maturity.

Read More

Topics: Wireless Security