Today, many organisations are finding it increasingly difficult to track and control which cloud services are being used within their business. In sectors such as finance and banking, especially, where highly sensitive data is handled on a daily basis, the potential risks can be extremely detrimental.
Unfortunately, you need to subscribe to The Wall Street Journal, but basically;
Bill Burr had advised users to change their password every 90 days and to muddle up words by adding capital letters, numbers and symbols – so, for example, “protected” might become “pr0t3cT3d4!”.
The problem, he believes, is that the theory came unstuck in practice.
Mr Burr now acknowledges that his 2003 manual was “barking up the wrong tree”.
Source: The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d! – WSJ
Roughly two years after that decision to make connected technology standard, I can say with confidence that just because you can make something with IoT technology doesn’t mean people will want it. Judging from our customers’ response, the public simply isn’t yet clamoring for connectivity. Many of our customers just don’t use the technology available to them.
Source: Do Your Customers Actually Want a “Smart” Version of Your Product?
This story shows how not to run a website and why you should be upfront when you make a security mistake.
Read more: Talk about a hit and run: AA finally comes clean on security breakdown • The Register
WannaCry ransomware has hit computers all over the world. This is my opinion about it.
I must admit that patching your computers especially if you have a lot of them and older internally developed tools can be time consuming and complicated.
There are tools to help you manage updates across the network but sometimes you miss how a change can impact something that your users depend on and you have a bad day.
However not patching and keeping your systems on the latest version will catch you out. I really wouldn’t like to be the person who has to explain to the CEO why much of his business critical data is now encrypted because I didn’t go through all the effort and pain of doing my job. Yes running computer systems and dealing with users who just want to keep everything the same is hard, but convincing people about the right way of doing things is part of our job. Whether you agree with upgrading and patching or not, the reality is that this is one of the best ways to protect against many attack vectors.
Click the link for more information about WannaCry ransomware used in widespread attacks all over the world – Securelist
An update on the story about the new IT system the Post Office brought in a few years ago.
Source: Forensic accountants appointed to pore over Post Office IT scandal • The Register