December's awareness module on network security has just been released. Here's one of six new security awareness poster designs in the module. Computer networks, particularly the Internet, enable employees, business partners, suppliers and customers to share information and collaborate more or less instantaneously.  The advantages of networking are enormous and have revolutionized modern business life – we are in the midst of an “information revolution”.  However, the World Wide Web is not unlike the Wild Wild West.  Hackers and organized criminals (the Internet’s outlaws) are plundering vulnerable online businesses to steal the gold (information assets).  There are precious few sheriffs in cyberspace and the outlaws pack powerful weapons. Consequently there are significant risks associated with networking and strong security controls are necessary to protect the organization...

Interesting new slant on an old 419 scam now circulating: Hello Dear, I am writing you from Heir Hunters Company in the United kingdom . Heir Hunters probate detectives looking for distant relatives of people who have died without making a will,  the United Kingdom   government last year made over £18m from uncliamed assets. When people die intestate ( without a will ) and with no known relatives, their names are released by the Treasury. Every Thursday, a list of these unclaimed estates, the Bona Vacantia (Latin for "ownerless goods") is published on the Treasury Solicitor's website. The race is then on for heir locators to track down the often distant relatives in line for a windfall. Often heir hunters pick more unusual names first, as they are easier to trace. We came across your profile and email while searching   through genealogy database,we will be glad if you can get back to us with your full name, date of birth,  address and your direct number if it corresp...

Brian Krebs is an excellent journalist and blogger on information security matters.  He often seems to pick up infosec stories that nobody else covers and his advice is generally sound. In respect of password choices , however, I think Brian's missing a trick. He offers the stock advice on avoiding common words, using miXed case and punctuation ... etc . all fair enough but neglects to mention the coolest tip of all, which is to use long pass phrases. Long passwords used to be counterproductive on old Windows systems that broke them all into weak 7-character chunks. Windows hasn't done this for years.  The only other issue I'm aware of is that some dinosaurs of the mainframe era still restrict password length to about 8 characters. But hey, it's only the mainframe, so nothing much to protect there, eh? My favorite passphrases are the complete lines of songs, complete with punctuation, spaces, capiTaliZation and tricks such as duplicating, omitting or substituting certa...

Presumably as a result of international pressure on the Colombian authorities, a colleague sending me a letter had to attach a photocopy of his REPUBLICA DE COLOMBIA - IDENTIFICACION PERSONAL - CEDULA DE CIUDADANIA (what appears to be his Colombian government-issued ID card), front-and-back including his mugshot and fingerprint, to the "CARTA DE RESPONSABILIDAD" form PR-OP-AD-001-FR-001 endorsed by somebody working for the POLICIA ANTINARCOTICOS at Aeropuerto El Dorado - Bogota. The bottom of the form reads "Nota: Recuerde que es obligatorio anexar fotocopia del documento de identidad". With my rather primitive understanding of Spanish, I take that to mean that it was compulsory for the sender to attach the photocopy of his ID card, presumably to be able to send me the letter. I was absolutely amazed to receive all that personal information 'in plaintext', attached by sticky tape to the rear of the airmail letter that arrived in my NZ postbox today. I guess ...

'Credentials' is the rather formal title of November's security awareness module on identification and authentication. Authentication associates a person unambiguously to an identity, excluding others. It reduces the possibility of fraud and hacking, helps maintain the integrity of the systems and data, and is a prerequisite for personal accountability for IT activities. Authenticated individuals can safely be given access to sensitive and valuable information resources which they are authorized to access. Without authentication, unauthorized access would be a much bigger problem and the information security risks would be even greater. From the ordinary worker's perspective, the key issues are choosing good passwords and keeping staff ID cards safe.