There’s a price on yer head

Some of you may have read that latest news that Microsoft has put out a $250,000 reward to find who is behind the Conficker worm that is said to have infected as many as 12 million computers.  They are doing this because it has taken the firm view that the creation of the Conficker worm as a criminal act.

This may seem like a bold move but it is not the first time they have done this. In 2005 they paid $250,000 to two individuals who helped identify the creator of the Sasser worm.  Rewards were also offered of $250,000 for the creators of the other three major computer worms Blaster, MyDoom and Sobig however the authors of these were never caught.

In reality this amount of money is a small drop in the ocean for a company like Microsoft but in doing so they are trying to send out a strong message to the authors of such worms.  They are simply saying that they will not sit idly by while the creators wreak havoc on their clients systems.  In reality the fact of the matter is that regardless of what Microsoft or Microsoft Trustworth Computing Group offer it seems that it will offer very little in the way of a deterrent for such authors as it is a challenge that they enjoy rising to.  What it does do is help their clients to feel that they are doing all they can to try an prevent such hassles returning in the future.

The worm itself infects a computer that is not fully up to date with the latest updates from the Microsoft Update website. If you are in any doubt then the best action is to visit the Microsoft Update website and apply all the latest critical updates.  Once this is complete continue to revisit the site until you are told there are no further critical updates. You should also ensure that your Anti-Virus software is fully up-to-date, if you don’t already have one then visit either AVG or aVast who both provide free versions for home use.

Security via Interguard

I have just had the heads-up from a good friend of mine to let me know that he will be sending over my copy of Interguard software for home, laptop and corporate security.  All being well I should have the stuff over this evening and all things being equal will get something posted up over the next couple of days.  As products go this is shaping up to be a great product with a very comprehensive range for features for such things as monitoring web access.  DataLock which helps prevent data leakage from a business as well as laptop security so should your beloved laptop be stolen or lost then it can located, data retrieved and the notebook disabled from ever working again.

Awesome stuff so you’ll have the review as soon as I have it.

Better safe than sorry (part 2)

Yesterday I wrote about encrypting data on your notebook computer when you are carrying data around. Within that posting I mentioned TrueCrypt as a program which can be used for this task so for those of you that are interested in it, I mean who wouldn’t as it’s open source, here’s a brief tutorial. Read the rest of this entry »

Better safe than sorry

Over here in the UK there has been a lot in the paper recently about the data losses by some of the key government agencies such as HMRC as well as businesses such as Skipton Building Society much of which was not encrypted data. As you will know there has been much public outcry and quite rightly so but do we have any room to talk?

The fact is that almost every business today owns at least 1 notebook computer and typically that will be taken out to meet clients, to work from home etc. On that notebook there will typically be a great deal of data regarding either your own business or possible about your clients data so do you encrypt your data? The answer is almost certainly no, so how on earth can we complain when other organisations do they same. While I understand that these organisations should know better as they have much larger funding budgets to get people onboard that should be telling them this but the fact of the matter is that very few businesses do this themselves. Recent figures show that the public is 80% more cautious with their personal data than before the HMRC data loss which is a positive move for security. You may think that the data on your notebook is of no value to anyone else but lets just assume for one minute that you loose your notebook and you have the following on it:

• On it is the payroll figures as you needed to work on them tonight
• You also have the sales figures for your clients
• Details of a new proposal for a potential client
• Documentation regarding a client(s) site, not including passwords

So what is the value of this to anyone else:

• The payroll data would be invaluable to a headhunter for example. If you had a member of staff who had some very coveted knowledge then they would be able to know where to start with pay offers
  • If the payroll figures included home addresses of employees then this would also be of interest to criminals for identity theft.
• Sales figures would be of great interest to your competition as they would be able to ascertain the financial value not only of your own company month in month out but also the value of each of you clients each month.
• Details of a new proposal would again be of interest to your competition as they would then know what you are proposing but more importantly what you are planning to change for this fantastic service. If this proposal is for an IT system this may also be of use to a potential hacker as it may provide information regarding internal systems or security information.
• Documentation regarding a clients site would almost certainly hold value to a potential intruder if it was technology documentation as it would provide valuable insight into what internal systems they had. If it related to equipment such as phones, plant machinery then again it would have value to competitors or companies in that field.

Read the rest of this entry »