5 Things Privacy Experts Want You to Know About Wearables

There’s been a lot of news lately in the health and fitness wearables space. Apple just announced they’re releasing an app, called “Health,” as well as a cloud-based platform “Health Kit”. Somewhat related, Nike recently pulled the plug on its activity tracking Fuelband. The conventional wisdom is that fitness trackers are on the decline, while…

NTLM warning

A Closer Look at Pass the Hash, Part III: How NTLM will get you hacked (and what you should do about it)

I was about ready to wrap up this series of posts (part 1, part 2 ) on PtH and make my larger point, which is that you should assume hackers will break into your system. And then I learned new information about credential stealing that amplifies this warning by a factor of 10. The most…


The Security Chaos Monkey

Jon Oltsik wrote a great article in Network World recently championing the importance of end user involvement in a company’s IT security strategy.  He acknowledges that employees are often a company’s own worst enemy, frequently scorned by their IT overlords. But Olstik argues that CISOs should instead directly enlist them to help build a security-minded…


A Closer Look at Pass the Hash, Part II: Prevention

Last week, I attended a webinar that was intended to give IT attendees a snapshot of recent threats—a kind of hacker heads-up. For their representative case, the two sec gurus described a clever and very targeted phishing attack. It led to an APT being secretly deposited in a DLL. Once the hackers were in, I…


A Closer Look at Pass the Hash, Part I

We’ve done a lot of blogging at the Metadata Era warning you about basic attacks against passwords. These can be mitigated by enforcing strong passwords, eliminating vendor defaults, and enabling reasonable lockout settings in Active Directory. But don’t rest yet! Hackers have another password trick that’s much more difficult to defend against. Advanced password, or…


Big Data Raises Privacy Concerns for Regulators

At the Metadata Era, we’re somewhat obsessed with the FTC, but for good reason: this agency helps shape policy on data security and privacy.  And after the giant breaches last year, Congress is beginning to listen. Last week, FTC Commissioner Julie Brill diplomatically spoke on the challenges of protecting privacy in a Big Data world….

digital universe

The Expanding Data Universe

It’s June and half of the year is almost over. So it’s a good time for a data growth reality check.  Nearly every week, we continue to see validation in our news feed about how data is on an  exponential growth curve. Here’s more evidence: while “only” 4.4 Zettabytes of data was generated in 2013,…

3 Challenges for the National Patient-Centered Clinical Research Network (PCORnet)

3 Challenges for the National Patient-Centered Clinical Research Network (PCORnet)

Have you noticed that a lot of health information created daily during patient visits is still not digitized? And if it is, the opportunities to use this data for research and for prevention are often missed because the networks that store this data cannot easily collaborate or communicate with each other. Finally, at the end…

Heidelberg, Hörsaal in der Universität

The Lowdown on PCI DSS and Two-Factor Authentication

With the big security breaches from last year on our minds and with little new information available, there’s still plenty to puzzle over. One aspect of the Target breach that left security observers scratching their heads was the ease with which the hackers were able to gain access to the internal network by just swiping…

Peace is our profession

The NSA’s Other Security Factor: Two-Factor Authorization

We’ve already written about how Snowden took advantage of holes in the NSA’s porous security controls.  Sure, he gamed the system by either faking someone else’s credentials or by using his admin account to adjust existing user profiles. This allowed him access to documents requiring a higher security-level clearance than he’d been given. But one…