Loi Van Tran

A recent research provided from Imperva explained that one in every fifty employees is a malicious insider.  This reaffirms Gartner’s research that the insider is not just disgruntled employees leaving the organization.  Departing disgruntled leaving an organization is often anticipated, but the article warns that attention should also be rendered to current employees who sells information as a secondary source of income.

Impreva’s research, reviewed 140 security incidents and quizzed 250 UK based IT professionals which showed that these insider threats can have severe impacts on the organization.  These events include theft or dissemination of confidential data, indemnity theft, loss of productivity and damage to equipment and facilities.  The study showed that the biggest threat to enterprise security is the people that’s already on their payroll.

It also provides some mitigation and detecting techniques such as proper data classification, storage, and processes involving sensitive data.

Source: http://www.infosecurity-magazine.com/news/1-in-50-employees-a-malicious/

A Russian researcher, Dark Purple, along with a Hong Kong-based technology manufacturer is selling a USB thumb drive called USB Kill 2.0 for $49.95.  The thumb drive is design to send a power surge to a computer that it’s plugged into, frying major computer components and making data retrieval impractical.

The company claims that the thumb drive wasn’t design to erase data, but depending on the hardware configuration (SSD vs. HDD) the USB Kill 2.0 may damage the controllers enough to make access to data on the computers difficult.  It also claims that the device was designed for companies to test their security against USB Power Surge attacks and to prevent data theft via “Juice Jacking.” The device can be set to use with only authorized computers and if it’s plugged into an unauthorized computer, the device will discharge 200 volts DC power over the data lines of the host machine.

Although the company did not design the device for malicious intent, people will now have another way to attack organizations.  The device could be used maliciously by disgruntled employees by using the devices to take out critical servers and computers by simply plugging in the device.  Cyber criminals could also use the device to fry their own computers to keep data away from law enforcement.

http://thehackernews.com/2016/09/usb-kill-computer.html

There’s also a demonstration of the device provided with the article.

Is it me or does it seem like we are accumulating more and more passwords everyday.  From work to school to our personal life, we are constantly creating new accounts and passwords that we have to remember.  The world is online and with it a requirement to create an account with every site you visit.  We have accounts for basically everything we need; online banking, shopping, gaming, social networks, educations, mobile apps, loans, mortgages, and privileged account for systems at work.  How do we remember it all? As a student in the ITACS program, we know better than to write it down or even worst, put it on a sticky note under our laptop.   Fortunately for us, some systems may have Single-Sign on, like mobile apps where you can sign on using your Facebook account, or Two-Factor Authentication where we have to carry a physical device. At the end of the day we still have to remember some passwords and of course we do not want to use the same passwords for every account.  To add on to this problem, passwords requirements are becoming more complex.  Rules such as 1 upper case, 1 lower case, special characters, and no dictionary words makes it even more difficult to remember passwords.

There are programs out there like Secure Password Manager, or Keeper that allows you to store your passwords with another password which doesn’t seem to solve our issue.  What happen if these service providers get hacked, now all of our accounts are at risk.  I’ve recently read an article that made REMEMBERING password a little easier.  It basically said to think of a sentence and use that sentence to help create a password that you can remember while meeting password criteria.  For example: I bought my daughter first dog for 200 dollar .  My password would be “Ibmd1stdf200$”  By using the first letter of each word and replacing first with “1st,”  I am able to create a password that meets all the password criteria.  It’s a simple tip, but I never thought about it until I read this article.

Please see the article for more details: http://www.businessinsider.com/hacker-strong-pass-2016-5?pundits_only=0&get_all_comments=1&no_reply_filter=1