In the last part of our privacy series, we discussed threats to privacy from a confidentiality perspective. For this part of the series, let’s look at the oft-overlooked privacy threats related to integrity.
As we discussed previously, privacy is a relative affair. However, despite the possible differences between what you and I consider private, we can logically group privacy threats into a few definitive categories.
I read a great blog post by Jason Rudolph the other day. The post made me think about all of the people I have encountered over the years that were interested in the information security profession but were not quite sure how to get started.
John the Ripper (http://www.openwall.com/john) is a well-known and mature password auditing tool. However, if you are working from a recent OS (e.g., Ubuntu 9.04 or later) that uses SHA-512 hashing John has a problem.
Privacy, my fellow digital citizens, is a hydra of a beast. Many heads and many faces for sure, all of which enjoy a bevy of threats.
For anyone who remembers their zoology, or has watched enough Animal Channel or National Geographic, the concept of large animal herds escaping predators by concentrating in tight groups should not be foreign. After all, there’s safety to be had in numbers. But have you ever asked yourself, “what about those poor animals on the edge of the herd?” Those poor water buffalo, gazelles, etc. that are caught on the edge are obviously very interested in reaching the interior of the herd. There be lions and tigers (figuratively of course; tigers do not roam the savannas!) in those bushes after all.
There are occasions in technology where events or results inspire feelings of mystery. Those, “it must be magic” moments when our existing body of knowledge is incapable of processing the situation. I encountered one such event today, so I thought I would share a bit.
I was doing some work on a very large log correlation server recently.
By large I mean copious amounts of log files, not necessarily large in
size. Essentially, the chief task was that I needed to audit what was
being kept as online history. As you, dedicated readers, remember
PCI-DSS requires one year of history to be kept with 90 days active and online. That can mean
quite a bit of data in most cases. Being both technically-adept and
lazy, I turned to the “find” command.
Politicians have a vested interest in the security of our personal information. With
compromises and data leakage on the rise, there is surely plenty to be astir over.
We have even seen states begin passing (more are looking) legislation around the security
of consumers. It seems like every time we turn on this news or read a newspaper it
is smashed into our psyche: visions of Paul Revere riding that night and screaming,
“Hide your data, the Hackers are coming! The Hackers are coming!”
So, I’ve been thinking quite a bit
about PCI and what it means. Here are a few things I’m willing to put forth as statements.
Of course, I have a few unanswered questions too and I’ll put them out as well…maybe
one of our faithful readers can provide some insight.
If you have any questions about our services, please contact us.
(888) 4-TEVORA
Contact Us Now!
One Spectrum Pointe Drive, Suite 200
Lake Forest, California 92630.
Tel: 949.250.3290
Fax: 949.250.9993
Email: info@tevora.com
Driving directions
7485 Rush River Drive, Suite 710
Sacramento, CA. 95831
Tel: (888) 4-TEVORA
Fax: 925.369.0307
Email: norcal@tevora.com
Driving directions
Tevora South America
Alameda Jaú
1742 / 8 Andar
CJ 81 - São Paulo - Brasil
Tel:+55 11 3063-1853
www.tevora.com.br