Even More Linked In

LinkedIn has a new app which will route all of your e-mails through their servers http://www.infosecisland.com/blogview/23444-LinkedIns-Email-Proxy-Scheme-Described-as-Man-in-the-Middle-Attack.html.  In effect, this works as a man in the middle attack.  While technically users are okaying this, it is likely most don't really realize what is happening.  I would expect this will cause many companies to block LinkedIn from company phones - which would probably cause many users to leave the service.

Seven Habits of Cyber Security

How much of security is just habit?  Many things that seem like a big hassle are actually very minor if you simply make them a habit.  Reading http://www.securityweek.com/seven-habits-security-conscious got me thinking about just how easy it is for the typical person to keep reasonably safe.  None of these steps take much time - really, if they are all added up, it might only be a few hours per year.  In comparison with the actual costs in time and money of not following these steps... Virtually nothing!  It reminded me of how much of a hassle it seemed to be to put on a seat belt once laws starting to be passed enforcing wearing them.  It seemed like a pain.... Now I can't actually even remember the last time I put one on!  Not because I don't wear one, but because it has become such a habit it is subconscious.  This should be our goal with many security habits - make them subconscious!

Security Shutdown?

Is it possible that the government shutdown has left us more open to cyber terror?  According to Security Week, http://www.securityweek.com/us-government-shutdown-creates-serious-cyber-risks-experts this is the case.  While essential employees were to stay on duty, many governmental sites have shut down or been reduced in scope - and security personnel have been furloughed.  With the reduction in user traffic, is the reduction in security justified?  Are the claims that security personnel shouldn't have been furloughed simply self interest?

Opt-In??

Often when you go to order something online, just before you click on "Order" there are some boxes along the lines of "Please add me to your mailing list" and "Please send me information on more products I might like."  These boxes can be opt-in (not pre-checked) or opt-out (pre-checked).  One of my pet peeves is when I notice the Opt-Out box just after I click 'Send'.  What does this have to do with anything?  Read here - http://www.infosecisland.com/blogview/23414-Why-iOS7s-AirDrop-Is-Risky-for-Business.html to learn about some of the risks of using AirDrop.  In a nutshell, what if comes down to is one has to 'Opt Out' to keep files safe on mobile devices.  When we get a new phone, tablet, etc, how many of us actually spend a lot of time to consider how secure our information is?  Would it be smarter to have all of the neat 'convenience' options be opt in, so that people aren't less secure than they think?