Giving it all away to a stranger
Scott Granneman of Security Focus has an extraordinary piece this week about a TV host in Europe (well-known apparently but anonymous for the moment) who sold her Mac to a friend of his.
The second-hand machine contained very private information in both still and moving picture format, if I can put it that way. So she didn't wipe her hard drive before selling. Even more stupidly, she gave her system password to the friend, allowing him to access private data that was protected.
Granneman's advice is to the point: wipe your disks when needed, protect your passwords all the time, and remember that when the genie is out the bottle, it stays out.
W32.Spybot.ACYR takes advantage of unpatched systems
A bot that hit a small number of academic institutions early this week made use of known - and already patched - vulnerabilities in Windows and Symantec's software. DeepSight, Symantec's network analysis tool, spotted spikes of traffic on port 2967 but analysts at the company guess that it could be that attackers are just chancing their arm with old vulnerabilities.
Moral: stay patched.
Real versus perceived risk
Quick: what date were the World Trade Centre attacks? How about the accidental disaster a couple of months later when an aircraft came down in New York?
The second-hand machine contained very private information in both still and moving picture format.
Paul Furber, senior group writer, ITWeb
If you remembered the first and couldn't remember the second, then you're displaying what Bruce Schneier of Counterpane calls the gap between real risk and perceived risk.
We all have it, as Schneier explained in his book Beyond Fear: "People exaggerate spectacular but rare risks and downplay common risks. They worry more about earthquakes than they do about slipping on the bathroom floor, even though the latter kills far more people than the former.
Similarly, terrorism causes far more anxiety than common street crime, even though the latter claims many more lives."
Schneier's opinion is here and he cross-references an LA Times editorial here.
Thanks to SecurityFocus, Symantec, Crypto-Gram and the Los Angeles Times.
Share