Tag - security

Apple and security: make up your mind

As Apple grows, there are going to be more security problems. The recent Flashback trojan is evidence of that.

But how bad will it be?

I had to laugh when seeing Eugene Kaspersky, CEO of the computer security products company named after him, say this today:

I think they are ten years behind Microsoft in terms of security

And then, not two lines later …

For many years I’ve been saying that from a security point of view there is no big difference between Mac and Windows

Umm … which is it? It can hardly be both.

After all the patronizing, self-serving BS from Symantec …

“Confidence in a connected world.” That’s Symantec’s current corporate tagline.

We have been endlessly barraged by security and antivirus companies about computer viruses, attacks, and threats. Most of it is self-serving: the more scared people are, the better marketing you’re doing, the more you sell.

Now we find out that Symantec had a breach of their own: 6 years ago.

They knew they had an intrusion, but they now say they didn’t know what the crackers had access to and/or stolen. Turns out it was source code for PC Anywhere – software that lets you access and use your computer remotely. With the source code, hackers could much more easily find security holes and learn to gain access to users’ PCs.

The reality is, nothing is completely safe. This is just another example in a long list of hacks and cracks.

But the problem is that a security company should have the absolute best interests of its clients at heart. And an intrusion with even the possibility of source code theft should have been followed up with warnings to clients, and refactoring of the code to ensure that any holes found in the older versions would not be presented in the subsequent software.

Massive fail, Symantec. You’ve ensured that people who want to use their PC anywhere might now find that unauthorized people could be accessing their data everywhere.

So much for confidence.


Most who regularly visit this site know what SOPA & PIPA are. If you don’t, watch this:

It’s not just a US issue … if your blog, for instance, or mine, was accused of housing or linking to infringing content, you (or I) could lose all our US readership. Even though you may not blog, some of your favorite news sources might become suddenly unavailable, either because you can’t access them (if you’re in the US), or because without a US audience, they can’t support themselves anymore.


The potential for abuse is horrendous. Worse, the simple use of PIPA and SOPA as designed would be horrendous.

I don’t believe in piracy. I don’t believe in stealing. I don’t believe in taking what is not mine.

But I’m much more prepared to have a society in which a bit of that occurs, than to live in a police state. Or, since I’m a Canadian, next to a police state.

Of course, in some ways, perhaps I already do.

Important notice from A Random Corporation™ with my personal data

Outsourcing is wonderful, because you don’t have to do the dirty work yourself.

Outsourcing sucks, because you’re at the mercy of the quality (or lack thereof) of your new bestest friend partner … who’s never quite as pretty as during the days you were dating.

I don’t know if you’ve gotten any of these Dear John letters from major hotel chains lately, but I’ve gotten three. Here’s the one from Marriott:

April 4, 2011

Dear Marriott Customer,

We were recently notified by Epsilon, a marketing vendor used by Marriott International, Inc. to manage customer emails, that an unauthorized third party gained access to a number of Epsilon’s accounts including Marriott’s email list.

In all likelihood, this will not impact you. However, we recommend that you continue to be on the alert for spam emails requesting personal or sensitive information. Please understand and be assured that Marriott does not send emails requesting customers to verify personal information.

We take your privacy very seriously. Marriott has a long-standing commitment to protecting the privacy of the personal information that our guests entrust to us. We regret this has taken place and apologize for any inconvenience.

Please visit our FAQ to learn more.


Marriott International, Inc.

The Epsilon mentioned is marketing-as-usual-not-a-chance … an email marketing firm that manages 2500 clients’ email campaigns and sends out 40 billion emails a year, according to this Fast Company story about the security breach.

Apparently the break affected only 2% of its clients, which is still more than 50 large companies … companies that most people would recognize (see the full list at SecurityWeek).

I’m guessing my name and email address is one of the breached ones, seeing as how I’ve received 3 emails from 3 different companies telling me that I may be affected … and that Marriott is among the listed companies at SecurityWeek.

Ahh well … I’m public enough with all my data to be a major spam target anyways.

The major downside of outsourcing critical customer intelligence like this? Creating super-delectable targets for spammers and hackers.

With data from many massive companies all housed in one place … it’s a big temptation. A big target.

And a single breach exposes a LOT of data.

Monster security fiasco – literally

Job warehouse Monster has had an ongoing security nightmare, with hackers infiltrating the database and pilfering usernames, passwords, and email addresses with which to launch phishing attacks.The worst part? Monster doesn’t know how bad the problem is! From an email sent to me this morning (note the bolded portion):

As you may be aware, the Monster resume database was recently the target of malicious activity that involved the illegal downloading of information such as names, addresses, phone numbers, and email addresses for some of our job seekers with resumes posted on Monster sites. Monster responded by conducting a comprehensive review of internal processes and procedures, and notified those job seekers that their contact records had been downloaded illegally.The Company has determined that this was not an isolated incident. Despite ongoing analysis, the scope of this activity is impossible to pinpoint. Monster believes illegally downloaded contact information may be used to lure job seekers into opening a “phishing” email that attempts to acquire sensitive financial information. This has been the case in similar attacks on other websites.

Ouch. Ouch. Ouch.

Verisign is hounding me …

Verisign is driving me nuts emailing me and phoning me. Just to make it perfectly clear:

  • I don’t want your PDF white papers on internet security.
  • I don’t want your SSL certificates.
  • I don’t want your emails.
  • I especially don’t want your phone calls from “sales executives.”

Hrm … now that’s off my chest I feel marginally better. Until the next call starting off with “Hello, this is $salesguy calling from Verisign. How are you?”Worse than I was before you called.