President Obama is annoucing $3.4b in stimulus monies for the “Smart” Power Grid today (see story here).
But, here is part of the story that is not getting much, if any, coverage: What are the security and privacy issues in deploying the Smart Grid and Smart Meters?
While I am not an expert on energy, I am knowledgable on the data security and privacy issues on this topic. This is an issue that could literally impact every citizen and business in the US, and impact the very foundation of the economy.
There are advanced technologies that could truly help secure the delivery of power. There are rules that can be put into place to help protect privacy. But, these items do not appear to be on the agenda today, and get little attention in day-to-day coverage.
Early deployments of the Smart Grid and Smart Meters have not made security and privacy a priority, much beyond lip service.
There will be some very negative outcomes for this program if security and privacy are not truly “baked in” at the beginning of this next wave of deployments.
Written By: Ira Victor, GIAC G17799 GCFA GPCI GSEC ISACA CGEIT
30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* Everyone loves retail gift cards…they are quick and easy for consumers, and for web application “hackers.”
* Some Time Warner cable internet users are vulnerable to serious attacks — when will Time Warner release a fix?
* Our take on this week’s news.
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 75 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 75 of the Data Security Podcast
Time Warner-supplied SMC cable modems: Open for Exploit?
* Conversation: Ira talks with David Chen of Pip.io with an update on the critical vulnerabilities he discovered in a batch of Time Warner cable modems (made by SMC). TW now acknowledges the flaw, and they have made statements elsewhere that a fix is being deployed. David Chen tells us that as of this past weekend the vulnerabilities remain. Both David Chen and The Data Security Podcast have attempted to get an update on a fix. Time Warner cable has not replied to written requests from David Chen, or from this program. David Chen is blogging with recommendation on how he thinks Time Warner Cable could mitigate these flaws… see his latest blog here.
* Tales From The Dark Web: Retail gift cards are potentially vulnerable to attacks. One that jumps out: web application attacks. Read the entire report by Corsaire.
30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* Now the bad guys are holding computer files for ransom if you don’t buy their phony anti-virus software. We have a workaround.
* Midyear elections are coming up, and the last thing the campaigns seem to think about is data security.
* Our take on this week’s news.
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 74 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 74 of the Data Security Podcast
* Conversation: Ira talks with Gretchen Hellman, VP of Marketing for Vormetric about information security, the security issues with the new GOP web site, and election campaign security.
* Tales From The Dark Web: Watch the video by PandaSecurity that demonstrates a damaging new fake anti-virus that denies access to files and applications on victim systems unless a ransom is paid. The link below takes you to a video of the attack, and we have posted the keys to defeat the current variant of lock out. If you work in IT/InfoSec please write an email to users with a warning, include the keys to unlock the software, and have the end user re-image their hard drive.
Rogueware with new Ransomware Technology
Click here to view the Rogueware with new Ransomware Technology™ video. The video comes to us from Panda Security. Take note that the malware icon disappears from the computer, and when it does, the attack is in place. If you have a system that is infected with this attack, Panda has cracked the malware and has provided a list of working keys, which give access to the current variants of the TotalSecurity2009 attack:
* From Our Take on The News: Danger Will Robinson! Danger! Additional insiders have stepped forward to shed more light into Microsoft’s troubled acquisition of Danger, its beleaguered Pink Project, and what has become one of the most high profile Information Technology disasters in recent memory.
30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* Major patching in store this week, due in part to flaws revealed this summer in Las Vegas?
* A fresh look at a Zeus banking attack counter-measure
* Our take on this week’s news.
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 73 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 73 of the Data Security Podcast
* Conversation: Ira takes a new look at a counter-measure for the latest wave of Zeus banking attacks in his conversation with Steven Dispensa, CTO of PhoneFactor.
* Tales From The Dark Web: It’s like clockwork…two months after security events BlackHat and Defcon every summer in Las Vegas, we see a surge in patches for attacks that were highlighted at these events. Microsoft Security Bulletin Advance Notification for October 13th 2009. Security Advisory for Adobe Reader and Acrobat for October 13th 2009, including the CVE number.
* From Our Take on The News: Danger Will Robinson! Danger! Update on Danger’s Sidekick Massive Data Loss. Read the FAQ for tips on trying to salvage your data.
30 minutes every week on data security, privacy, and the law…..(plus or minus ten)
On this week’s program:
* Polymorphic malware – every time it attacks it has a new signature.
* The balance on your bank account looks find, too bad all your money’s gone.
* Our take on this week’s news.
–> Stream This Week’s Show with our Built-In Flash Player:
–> Scroll down to see links and show notes for this week’s show
–> Stream, subscribe or download Episode 72 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.
–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.
Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:
Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .
GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.
SonicWall; Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine. Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.
DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.
Show Notes for Episode 72 of the Data Security Podcast
* Conversation: Ira talks about a dangerous new twist to the banking attacks Yuval Ben-Izhak the CTO of security company Finjan. Here is the link to the Finjan Report on the new Zeus bank Trojan mentioned in the segment.
* Tales From The Dark Web: Polymorphic malware – every time it attacks it has a different signature. That means you anti-virus won’t recognize it. Ira talked about the presentation at ISACA Security and Risk Conference by Stuart Staniford, the Chief Scientist at FireEye. Read the related Anti-Phishing Working Group paper on the topic.
* From Our Take on The News: Secure Flight Program by the TSA. EPIC (The Electronic Privacy Information Center) follows the surveillance and profiling of airline passengers. Their most recent post on the TSA “Secure Flight” program was in 2007, when the organization recommended that “secure flight should be grounded” due to privacy concerns. The program is now being expanded to require airline passengers to provide their date of birth when they purchase an airline ticket. See: http://epic.org/privacy/airtravel/secureflight.html
