Can I … may I

Monday, February 27th, 2012 | Mark Bedford | Comments Off on Can I … may I

I am sure that after the recent news regarding the Hon Murray McCully’s email account at xtra being hacked will have many people concerned with internet service providers’  security. The essence of this particular event is; McCully was able to redirect (at least some of) his parliamentary email to his electoral account. This redirection was probably done to facilitate some event or action.  However, the possible long term consequences this action don’t seem to have been considered. The xtra account was apparently more exposed than the parliamentary one and hence had less protection (McCully’s official contact page lists several contact accounts) so guessing the password will have been a matter of time. Note that this type of activity is an offence under the Crimes Act.

If you are redirecting corporate email to an external service be very very sure that you are staying within policy and contractual obligations. Generally the highest data classification (e.g. confidential, sensitive or personally identifiable information) will apply to an email account if it contains or is likely to contain such content. This way the risk of unauthorised disclosure is minimised and should keep away situations like the one McCully now finds himself in. He will now spend many hours in damage control probably far more time than the time that he would have saved by not redirecting his email.

Some Information on Common Scams

Monday, February 27th, 2012 | Gene Teo | Comments Off on Some Information on Common Scams

Just published a page listing some common internet scams that the Information Security Office often gets asked about. It’s just a wall of text at the moment, but I’ll add some annotated screenshots over the next few weeks to better illustrate each type of scam.

Hardening OS X Lion (10.7)

Tuesday, February 21st, 2012 | Mark Bedford | Comments Off on Hardening OS X Lion (10.7)

I was delighted by a recent post on the SANS web site from Johannes B. Ullrich. In his article he lists 5 documents that deal with hardening OSX. For those that don’t know, hardening is the process is securing a computer by reducing the vulnerable attack surface. I was only aware of the Apple documentation and not the others. Ullrich notes that the Apple documents do not cover OS X Lion (10.7). This is disappointing as I would have thought that Apple would have been more proactive given their increasing market share.

Anyway the list included below and anyone exposing an Apple to the internet is advised to check the documents to make sure that they have enabled sufficient sheilding to withstand probes and attacks.

Apple, NSA Guide, Mac Shadows, University of Texas, Center for Internet Security