Feeds:
Posts
Comments

Archive for April 8th, 2014

In “Taken in phishing attack, Microsoft’s unmentionables aired by hacktivists“, Ars Technica explains how easy it is to hack even the biggest IT players. “On trial” are Ebay and Microsoft – but that’s probably just because they’re the latest high-profile cases, not because they’re the only victims.

…the breaches are a sad commentary on the current state of security. If employees of two of the most visible technology companies in the world can’t steer clear of social engineering attacks, what hope is there for less experienced Internet users?

The Daily Dot report also raises another good question about the means by which Microsoft employees communicated with FBI officials. The documents, Thursday’s post reported, appear to have been sent using plain-vanilla e-mail, possibly with no encryption. If true, the practice represents a startling admission that sending encrypted e-mail is too onerous even for people at the world’s biggest software companies.

It’s hard for developers to think about it in those terms, I’m sure, but “security” has to be made more user-friendly, certainly for the end-users that do not have a degree in IT. And even if they do, it wouldn’t hurt either, as noted by Ars.

schneier2.png

Just for the record: “more security” does not mean “more passwords” – it means things like: an easy way to send encrypted emails from mainstream applications like Outlook… And seeing that so-called ‘social engineering’ attacks are getting more effective every day, we need more training for all of us, in order to recognize threats before they cripple our machines and steal our data.

Advertisements

Read Full Post »