Welcome to the SecAware blog

I spy with my beady eye ...

30 Oct 2009

Blogging policy

The CBC Blogging Manifesto is not unlike a skeleton corporate policy about blogging by employees. Even in this succinct original form, it would be an interesting advisory or discussion piece for your intranet Security Zone.

28 Oct 2009

New NB module on social networking

Social networking has become extremely popular of late and is getting lots of coverage on new and traditional news media. Given the fact that a great deal of network/Internet use and applications have traditionally been social in nature, this is hardly surprising: what is more surprising is that the media and technology pundits seem to feel that we need to have a special term for it. Like most Internet and IT developments, it’s more evolution than revolution, and in fact more hype than substance in many cases.

Businesses are making use of interactive social media for corporate (primarily marketing) purposes. While these applications are, at the moment, more projected than proven, it is undeniable that many enterprises are either openly examining social networking and so-called Web 2.0 technologies, or are facing covert use of these systems and technologies by rogue employees. Either way, employees need to find out about the concerns and security dangers related to such use before landing themselves, their family, friends and colleagues, and maybe even their employers, in trouble.

Humans are social animals. Social networking websites such as MySpace, Facebook and Twitter, plus associated network applications, provide a conduit for social interaction by individuals, for example keeping in touch with family and friends, making new acquaintances and friends, and often publishing details of their normally private and personal activities on the Interwebnet.

The primary information security risks relating to social networking and social media can be classed as social engineering - the deliberate manipulation of vulnerable people in order to gain control over the information assets they own or have access to, and the use of information so obtained to deceive or manipulate others. With systems and networks getting ever more complex, ordinary users are getting more and more remote from the underlying technologies, which opens them to new threats from hackers who know how to turn the technologies and processes to their advantage.

You can find out more about the information security risks associated with social networking in this month’s NoticeBored security awareness newsletter, and take a look at what's in store in the new awareness module here.

15 Oct 2009

Yet another inept 419er

Some Nigerian thinks I was born yesterday:

Content-Type: text/plain Content-Transfer-Encoding: 8bit Message-Id: <20091014171244.7474f21fec20@kunde.business-light.com>
Date: Wed, 14 Oct 2009 19:12:44 +0200 (CEST)

From :The Honourable Officeof the Finance Minister.(FMF)In collabration with (CBN)Office.ATT : Honourable Contr(FMF/CBN) Payment Notification Update. In order to eradicate the fraudulent rampant extortion of money from contractors as transfer charges and taxes by non-exiting individuals and corrupt Government officials.I am obliged to reach you concerning the immediate payment of your fund by ATM Visa Card. Be- informed that this communication superside any other you must have had with any office in connection with your payment. Investgations reveal that you have paid some good money in the past as transfer charges and taxes which did not reflect in the bank treasury, that means officials concern have help themselves to the money at your own detriment. Now that your file has scaled their huddle and your file is on my table.I want to ensure the immediate payment of your fund by ATM Visa Card. You are thereby advise to re-confirm to me the following:Your full Name 2) Your Telephone and Fax number (3)Your receiving Address &Banking particulars. (4)Copy of your international passport. This is imperative to enable me confirm your informations and make my recommendations to Foreign Operation ATM Department of FMF for immediate payment of your fund by ATM Visa Card.Note:If your file returns to the cabinet without my recommendation you will end up not benefiting from the present batch of beneficiaries.PETER EZE,Minister Ministry of Finance FMFFederal Republic of Nigeria.Contact me via my private e-mail address;( petereze.eze@gmail.com)
The "non-exiting individuals" interest me but I'm not pleased my email address has "scaled their huddle", even if it does "superside" others.

Give it a break you idiots. We're tired of all this spam.