About | Gregory D. Evans

Posts Tagged ‘about’

18 Nov 2011

U.S. business leaders complain about China’s Web control

The Chinese government is using censorship as a tool against U.S. companies trying to do business there, critics say

The Chinese government is using Internet censorship as a trade weapon against U.S. tech companies trying to do business there, leaders of two business organizations have told a U.S. government commission focused on human rights in China.

China’s ongoing censorship of the Internet is applied unevenly, with foreign companies often facing stricter rules than their Chinese counterparts, Ed Black, president and CEO of the Computer and Communications Industry Association, told the U.S. Congressional-Executive Commission on China during a Thursday hearing.

[ Learn how to secure your Web browsers in InfoWorld's "Web Browser Security Deep Dive" PDF guide. ]

While the Chinese government blockssuch U.S. services as Facebook, Twitter, and Flickr, similar Chinese services are growing in China with little censorship, Black said. Some Web content blocked from appearing on U.S.-based sites in China appears on Chinese sites, he said. In some cases, China has redirected searches through U.S. services to a Chinese service, and its censorship of foreign services drives consumers to Chinese alternatives, he added.

“This double standard strongly suggests that the motivation here is protectionism rather than morals,” Black told the commission (PDF).

A representative of the Chinese Embassy in Washington, D.C., didn’t respond to a request for comments on the hearing. A Chinese spokeswoman in October said the government there protects freedom of expression online.

Two witnesses at the hearing, as well as Representative Chris Smith, the commission chairman and a New Jersey Republican, also raised concerns about news reports that Cisco Systems is working with Chinese police on an Internet surveillance system, called Golden Shield.

“Cisco is responsible for the deterioration of Internet freedom in China,” said John Zhang, a political dissident who was imprisoned for two years following the 1989 Tiananmen protests.

Cisco disputed the complaints made at the hearing. “Cisco sells the same products in each nation that it operates, in compliance with U.S. trade and export laws,” the company said in a statement. “We do not customize our products in any manner in order to facilitate repression or infringement of rights.”

Cisco does not operate networks in China and sells the same equipment there as it does in other countries, the company said.

Black and Gil Kaplan, president of the Committee to Support U.S. Trade Laws, called on the U.S. government to file trade complaints against China. The Office of U.S. Trade Representative’s October request for information on Chinese Web blocking is a good first step, but the U.S. government is taking a “small percentage” of the actions it could take to help U.S. businesses compete in China.

Black called China’s censorship of the Internet a “deplorable practice that perverts what should be the greatest tool for communication and freedom into a tool for an authoritarian regime’s control of information and of its citizens.”

The CCIA sees a “greater assertiveness, boldness, unashamedness” of the Chinese government toward enforcing censorship, Black said. The government there is trying to export its model of Internet control so it’s not seen as an “outlier” on the world stage, he said.

Black urged commission members to consider the economic impact of censorship as well as human rights.

“While from a human rights perspective, it may seem akin to going after Al Capone for tax evasion, addressing Chinese censorship as a trade barrier is a legitimate, multilateral and potentially effective approach that needs to be pursued by our government at the highest levels,” he said. “As the nation that invented the Internet, and as the global standard bearer in both economic and political freedom, we must continue to lead in holding the Chinese government accountable, and we must lead by example.”

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant’s e-mail address is grant_gross@idg.com.

Article source: http://www.infoworld.com/d/the-industry-standard/us-business-leaders-complain-about-chinas-web-control-179365?source=rss_security

View full post on National Cyber Security

Tags: about, business, China's, complain, Control, leaders, U.S.
Posted in Blog | No Comments »

13 Nov 2011

Esparto parents informed about sexting

Every seventh-grader at a Yolo County middle school raised their hands when asked if they knew what sexting meant.

The question was asked before a presentation from the UC Davis Family Protection and Legal Assistance Clinic regarding the explicit text messages.

The presentation initially was geared toward high school students but Alex Ayoub, a third-year UCD Law School student working at the clinic, realized it was important for middle school students as well.

The clinic holds presentations on sexting, cyberbullying and sextortion at local schools but also at Yolo County libraries so parents and school employees can understand what these terms mean and the potential legal actions minors can face.

About 15 people at Esparto Regional Library Wednesday evening were surprised to hear the number of middle school students who know about sexting.

“Sexting in particular has dire consequences if it goes too far,” said Katy Zils, a third-year UCD law student.

Sexting involves sending, receiving or forwarding sexually suggestive or explicit messages or photos through text message, the Internet or other electronic media.

Students might face child pornography charges and have to register as a sex offender for possessing or distributing explicit photos, even if they didn’t take them. But some states have changed their laws to make it a lesser offense.

“The law has not yet been able to catch up with what’s happening,” Ayoub said.

If the photo spreads

among students, the student whose photo has been leaked could face bullying and sexual harassment.

“It can go on and on in hallways and there’s no way to stop it,” Zils said.

She said some young women have committed suicide after sexually explicit or nude photos were leaked.

Zils said while teenage girls face more pressure to send sexual photos via text, girls and boys equally send them. She said 20 percent of teens have sent nude photos.

Sexting can be considered a form of cyberbullying, Ayoub said. Around 50 percent of people ages 14 to 24 have experienced digitally abusive behavior, which can include harassment and threats through social networking, email, text messages or other electronic media.

Students tend to cyberbully others on social networking websites, such as Facebook. Students might pose as other students by creating fake profiles, stealing a person’s password or hacking into profiles and writing fake status updates.

“Facebook is … used and abused in ways people didn’t anticipate,” Ayoub said.

School officials can suspend or expel someone who has been caught cyberbullying, even if the offense did not take place on campus. Zils said victims might be threatened by a text message so they don’t come to school and it affects overall school attendance.

Sexual text messages can also lead to a newer concept called sextortion, a form of sexual exploitation. A person can take a sexually explicit image or video to threaten or coerce another person, often as a form of blackmail.

For example, Ayoub said people can use a sexually explicit image to stop a girlfriend or boyfriend from breaking up with them.

“I can see it really getting kind of nasty,” she said.

In regards to sexting, cyberbullying and sextortion, Ayoub and Zils told parents should encourage a dialogue among their children to prevent or stop these behaviors from happening.

Students can also contact a trusted adult or call crisis lines at the Sexual Assault and Domestic Violence Center or the UC Davis Family Protection and Legal Assistance Clinic.

Article source: http://www.dailydemocrat.com/rss/ci_19327092?source=rss

View full post on National Cyber Security

Tags: about, Esparto, informed, Parents, sexting
Posted in Blog | No Comments »

04 Nov 2011

ProtectMyID: Be careful about what you post online: sometimes we share more info on these sites than we should

View full post on Twitter / ProtectMyID

View full post on National Cyber Security

Tags: about, careful, info, More, Online, post, ProtectMyID, Share, Should, Sites, sometimes, Than, these
Posted in Blog | No Comments »

04 Nov 2011

‘Tis the season to be jittery about mobile security

Ah, the period between Halloween and Christmas, when security vendors try to scare you by turning technology joy into fear — and threaten your very business

Follow @MobileGalen

They really make my blood boil: The stupid, heavily self-interested, and ultimately dishonest surveys that cry doom and gloom about normal human activities at a time when people are trying to get focused on joy. It’s a horrible mashup of Halloween and Christmas, where the security succubi and risk vampires not only won’t leave but seem intent on making everyone else revel in their misery. Why this pattern recurs each year, I don’t know, but Christmas does seem to bring out the security Grinches in full force.

Here’s an example of what I mean, from a recent news report: “Holiday shopping with personal devices at work could pose security risk,” based on a pair of “studies” by the security and accounting professionals’ association ISACA. Umm, so you should insist that your employees use business devices for holiday shopping instead? Last year, I decried a Symantec “study” that warned companies that employees’ use of iPads and other mobile devices over the holidays from home or vacation spots could infect the network and bring down the business. Umm, so you should not let employees use their devices, broadband access, and PCs to work on their own time and/or from home for you any more?

[ InfoWorld's Roger A. Grimes makes the case for realistic security methods. | See why a highly controlled mobile strategy is the least secure option. | Learn how to manage iPads, iPhones, Androids, BlackBerrys, and other mobile devices in InfoWorld's 20-page Mobile Management Deep Dive PDF special report. ]

If I were a CEO and my CIO or CSO came to me and said, “We need to buy tools and dedicate resources to make sure that our employees aren’t shopping on their Androids and iPhones because they might get malware and bring down our business,” I’d give that person a Christmas gift in the form of severance. Ditto if I were a CIO or CSO and one of my technical staff made the same recommendation.

Seriously. Because this kind of “see danger everywhere and act on every possible danger” mentality is itself dangerous and needs to be rooted out before it seriously impairs your business. Execs, CIOs, and CSOs all need to be on guard against such FUD and weed out those who are susceptible to it. I suggest you rethink your professional dealings with associations and vendors who put out this kind of dangerous nonsense.

This ISACA survey is a perfect example of security fears becoming a corporate liability, not just a threat to IT (which it does by reinforcing the notion that IT is about preventing people from functioning). Imagine if you acted on these ISACA studies: You’d have to block all personal devices from access to your corporate network. Or spend money and time implementing new security software that interferes with basic user activities. That’s a huge cost in employee morale, employee productivity, and of course IT resources. And for what? You won’t be more secure.

Consider all the ways the ISACA pair of “studies” is dangerous:

First, it suggests this is a mobile issue. It’s not. The risk is largely that of phishing and secondarily that of malware. The phishing risk is endemic to any communications device — PCs, smartphones, tablets, telephones, and paper mail. Treating it as a mobile issue diverts resources and attention to a single endpoint and tends to obscure the larger threat. You should deal with phishing mainly through education and reinforcement (that is, doing your own internal phishing to teach people the risks and patterns), and use technology as a supplement (knowing full well that most antiphishing technology is highly inexact and thus not a cure-all).

The malware risk is an issue specifically with Android, due to its unmanaged app enviroment and its unpatched ecosystem — it is not an issue with iOS or BlackBerry OS. And it’s the same risk that exists for PCs.

Unfortunately, the “security-industrial complex” has decided that mobile is its new opportunity to make money, and it’s doing its best to make companies spend big money on small risks at a time when the economy is bad and every penny counts. So, now everything related to mobile is trumpeted as a risk, yet the reality is that mobile risks are tiny; the real risk is on the traditional PC.

If your IT security people don’t already have a strategy to deal with phishing and malware risks across the board, they deserve the gift of a severance.

Article source: http://www.infoworld.com/d/mobile-technology/tis-the-season-be-jittery-about-mobile-security-178011?source=rss_security

View full post on National Cyber Security

Tags: about, jittery, Mobile, season, Security, ‘Tis
Posted in Blog | No Comments »

03 Nov 2011

Five things you need to know about Android phones

Android phones are in high demand by workers, but they lack key security features. Here are the top five things you can do to make sure Android phones in your organisation don’t create a security nightmare.

1. Use a service to secure data. Android’s open market and few security features open the door to hackers, leaving critical corporate data at risk. The best security comes from providers like Good Technology, which secures phones using its own network operations center, software on the phones, and a server behind a firewall. Technology like Good’s encrypts data as it travels to and from the device, and stored data is also encrypted. IT administrators are not required to open a hole in the corporate firewall.

2. Ask phone makers for help. Some manufacturers, including Motorola and Samsung, have developed little-marketed products and services for enterprises. Samsung, for instance, is developing a version of its TouchWiz software that will support advanced encryption standard security and VPN connections. Motorola recently acquired 3LM, a company developing software that resides on the phone and in a corporate server, to encrypt data travelling to and from the device and set up a VPN to corporate data. 3LM’s software is expected to be available on other Android phones, not just those made by Motorola.

3. Restrict users to models with better security. Motorola, for instance, has a line aimed at enterprise users-business-ready phones that include enhanced security features. The Droid Pro, for example, allows for remote wipe of SD cards, and comes with a VPN client and the ability to force users to create new passwords after a set time.

4. Wait for mobile virtual machine technology to mature. VMware is working on a mobile virtual machine that lets users toggle between two phone personas: one for corporate use and one for personal use. The company plans to also offer a management tool so IT departments can set policies for the corporate persona on the phone. So far, LG and Samsung say they hope to make phones capable of using the VMware tool. Other companies, like Open Kernel Labs, are offering tools that let developers build applications that can run inside a virtual machine, isolating them from threats.

5. Use a management tool that enforces basic security. Sybase, BoxTone, Zenprise, Mobile Iron and Fiberlink are among the many companies offering mobile device management-and in some cases, additional mobile security-products and services. Even a basic mobile device management product will at the very least help IT administrators enforce policies like a password requirement and remotely erase important corporate data if a device is lost or stolen.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/19ca29e5/l/0Lfeatures0Btechworld0N0Csecurity0C33149130Cfive0Ethings0Eyou0Eneed0Eto0Eknow0Eabout0Eandroid0Ephones0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Gregory Evans | LinkedIn

Interview With Gregory Evans

Gregory Evans Security Expert

Gregory Evans on Cyber Crime

Tags: about, Android, Five, Know, need, phones, things
Posted in Blog | No Comments »

02 Nov 2011

5 things you need to know about Android phones

Android phones are in high demand by workers, but they lack key security features. Here are the top five things you can do to make sure Android phones in your organisation don’t create a security nightmare.

1. Use a service to secure data. Android’s open market and few security features open the door to hackers, leaving critical corporate data at risk. The best security comes from providers like Good Technology, which secures phones using its own network operations center, software on the phones, and a server behind a firewall. Technology like Good’s encrypts data as it travels to and from the device, and stored data is also encrypted. IT administrators are not required to open a hole in the corporate firewall.

2. Ask phone makers for help. Some manufacturers, including Motorola and Samsung, have developed little-marketed products and services for enterprises. Samsung, for instance, is developing a version of its TouchWiz software that will support advanced encryption standard security and VPN connections. Motorola recently acquired 3LM, a company developing software that resides on the phone and in a corporate server, to encrypt data travelling to and from the device and set up a VPN to corporate data. 3LM’s software is expected to be available on other Android phones, not just those made by Motorola.

3. Restrict users to models with better security. Motorola, for instance, has a line aimed at enterprise users-business-ready phones that include enhanced security features. The Droid Pro, for example, allows for remote wipe of SD cards, and comes with a VPN client and the ability to force users to create new passwords after a set time.

4. Wait for mobile virtual machine technology to mature. VMware is working on a mobile virtual machine that lets users toggle between two phone personas: one for corporate use and one for personal use. The company plans to also offer a management tool so IT departments can set policies for the corporate persona on the phone. So far, LG and Samsung say they hope to make phones capable of using the VMware tool. Other companies, like Open Kernel Labs, are offering tools that let developers build applications that can run inside a virtual machine, isolating them from threats.

5. Use a management tool that enforces basic security. Sybase, BoxTone, Zenprise, Mobile Iron and Fiberlink are among the many companies offering mobile device management-and in some cases, additional mobile security-products and services. Even a basic mobile device management product will at the very least help IT administrators enforce policies like a password requirement and remotely erase important corporate data if a device is lost or stolen.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/19bcabbd/l/0Lfeatures0Btechworld0N0Csecurity0C33149130C50Ethings0Eyou0Eneed0Eto0Eknow0Eabout0Eandroid0Ephones0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Gregory Evans | LinkedIn

Interview With Gregory Evans

Gregory Evans Security Expert

Gregory Evans on Cyber Crime

Tags: about, Android, Know, need, phones, things
Posted in Blog | No Comments »

31 Oct 2011