Wildunknown

I found out about VirusTotal today. It's run by a Spanish company, and offers free, online virus checking. http://www.virustotal.com/index.html The best part in my mind?  It's crowd-sourcing your anti-virus. You submit a suspect file, it's scanned by 42 different anti-virus applications, and the results get displayed to you.  If the file is picked up by at least one of the 42 anti-virus programs, then they each get a copy of the file to test to improve their products. By you testing a file, you're potentially helping keep everyone safe.

A few good articles I read today: Tool lets low-end PC crash much more powerful webserver Hackers have released software that they say allows a single computer to knock servers offline by targeting a well-documented flaw in secure sockets layer implementations. http://www.theregister.co.uk/2011/10/24/ssl_dos_tool_released/   Down the Rabbithole Podcast Episode 4 - Effective Small Business Security http://podcast.wh1t3rabbit.net/down-the-rabbithole-episode-4-effective-small-business-security   Pocket Guide To Securing Mobile Devices With workers bringing their own smartphones and tablets into the company, IT security needs to focus on creating a more secure environment, not on securing each device http://www.darkreading.com/security/vulnerabilities/231901557/pocket-guide-to-securing-mobile-devices.html   Stay Cool, Nobody is Calling Your Baby Ugly Conversations for developers and information security specialists. http://www.veracode.com/blog/2011/10/stay-cool-nobody-is-cal...

Both Facebook and Google have also come out against the ECPA to protect information entrusted to them by their users. CNet: Google, Facebook go retro in push to update 1986 privacy law Ars Technica: The Shocking Strangeness of our 25-year-old Digital Privacy Law Electronic Communications Privacy Act and the Cloud

Great article from Threat Level.   Worth the read, and giving some thought to how you or your company may be affected, especially if you are a foreign company with cloud services in the United States. ECPA allows the government to obtain, without a warrant, any content stored in the cloud — such as files in a Dropbox account, if it’s older than six months. It goes without saying that there was no such thing as cloud-storage services available for the average Joe Sixpack when Reagan was president. Now those services have become mainstream, yet the Reagan-era law applies. http://www.wired.com/threatlevel/2011/10/ecpa-turns-twenty-five/

I've been thinking more and more about small businesses and security recently.   Most small businesses don't have the budget to run their own security program.   These organizations, that employ many, many people, are often left vulnerable.   Larger organizations have the budget to fund a security program, while most small businesses don't. I've pointed out before  that most small businesses don't have an information security program. I spotted a great article earlier today that dealt with the concept of security below the poverty line , and it contained both a podcast, and a link to a research paper published by the 451 Group.   I'm not going to link directly to the research, as the 451 group decided to make it available for free through The Ashimmy Blog , and not through my site.  Credit where credit is due. As a small business owner, what 4 steps can you take to drastically improve your security? Introduce an acceptable use policy.   Let your employees know...

The latest edition of SANS Ouch! is out. Every month they publish a newsletter directed at the typical web user.  Not those of us with a heightened awareness of security, but people like your office manger, mail room clerk or your parents. This month's newletter deals with a critical step in protecting your data.  Backups. I encourage you to take a look, and disseminate it to your staff.   In fact, they even encourage you to do that. http://www.securingthehuman.org/resources/newsletters/ouch It is available in English, French, Arabic, Italian, Korean, Malaysian, Polish, Portuguese, Spanish, and both Simple and Traditional Chinese. You can now follow Securing the Human on Facebook and Twitter too. http://www.facebook.com/securethehuman http://www.twitter.com/securethehuman

I found a very interesting article talking about the security surrounding conference call systems, and the ease there is with some systems to allow you to eavesdrop in on calls. Your competitors are simply dialing into insecure conference call lines and silently listening in. This happens at all levels … from the executive team making bajillion dollar decisions all the way down to those of us in the trenches talking shop on the technologies we use to build solutions. And the problem is only going to get worse as the workforce continues to migrate to more distributed environments. It's a great article, and a really good read.   I even mentioned it to an acquaintance, and told me of a time it happened to him. The Vulnerability We All Love to Ignore - NovaInfosecPortal Scary.  (And not in a good Halloween-type scary...)