Sikkerhet

The harm in seemingly harmless files and applications

Author: Katrina Rosseland

The harm in seemingly harmless files and applications

Many of the day to day applications that people use on their computers can be more harmful then they realize. Microsoft Powerpoint has been noticed to have the ability to infect users with malware if given a malicious powerpoint by an attacker.

PPSX is the non-editable format which is used for this type of attack. The malicious file is emailed to the victim and upon it opening, it runs an executable piece of malware. This malware is used to spy on corporations for political reasons. Powerpoint is a seemingly harmless program that has been weaponized along with so many trusted processes that are relied on daily.

Another example of this is the use PNG files to hack android phones. Attackers can hide code inside a PNG photo that is then executed. Google has released patches for this bug since its discovery but regardless it displays that there are major vulnerabilities that exist even in applications or files published by reliable sources. It is imperative to limit the applications, devices and people who you trust with your digital information seeing as even major corporations have undiagnosed security flaws waiting to be discovered and taken advantage of by hackers.

 

Sikkerhet

Smart bulbs and the dangers of the IoT

Author: Katrina Rosseland

About myself: As a 15 year old girl, I attended the first Hacker Highschool class in Norway and was hired to fulfill the role of a project assistant at DIGFO. Currently 16, I am glad I can contribute to the surprisingly low but slowly rising percentage of women in cyber security today.

Smart bulbs and the dangers of the IoT

The Internet of Things or IoT has seemingly exploded in the past several years with the introduction of Google Home, Amazon’s Alexa, and numerous other staples of today’s modern home. Among the several devices considered part of the IoT are «smart bulbs».

These bulbs connect to WiFi and can be controlled remotely, giving people a fun, new, seemingly harmless gadget to add to their homes. As with almost every device that is given the ability to connect to various points, it can pose some serious security issues.

There was an experiment in which someone broke a cheap «smart light» open to see what information they could get out of it and to everyone’s surprise, with little to no effort, they obtained the SSID and the encryption key of the WiFi network. Within the bulb, the data was stored in plaintext, conveniently readable to anyone. This issue was then fixed and now the data is encrypted, thus resolving the problem, but the security issues with the IoT are far from over.

Having a multitude of devices connected to each other and outside networks is asking for trouble, especially when these devices are so new and misunderstood to the average person. It is important to keep in mind that these devices have a substantial amount of information on us and our networks/devices especially if they are all linked together. Bruce Schneider in the book «Click Here to Kill Everybody» recommends to stop, think, then connect. Because it is not always necessary to connect everything. Do you really need to connect your toaster to the web and possibly make yourself vulnerable to attacks? By succumbing to the modern way of living easier with the use of the IoT, you are in less control of what your devices know and do with your data.

GDPR

GDPR Panda

I går skrev jeg om verktøy i Microsoft Office pakken som kan hjelpe med å følge personvernregelverket. Men hva med dem som ikke ønsker å oppgradere til E3 eller E5 lisensen, eller ikke har Office 365?

Da anbefaler jeg Panda Adaptive Defense 360 med Data Control modulen. Dette er så bra at vi ble Panda partner på dagen og nå videreselger deres produkter gjennom Sikkr.

Løsningen er genial. Man installerer en agent (program) som leter etter virus og skadevare på maskinen. Hva hvis man lette etter personopplysninger samtidig og setter dette i system for oversikt og kontroll. Dette er akkurat hva Panda har gjort.

Se skjermbilde, ta kontakt med oss lurer du på noe.

panda data control

GDPR

GDPR Office 365

Den nye personvernloven setter ikke noe krav om systemer og tjenester for å følge regelverket.

Man skal med andre ord lage rutiner, policyer og prosesser som gjør at virksomheten følger kravene. Det finnes derimot noen verktøy som kan hjelpe med å gi oversikt og kontroll. Skulle det skje at noe blir plassert feil eller at rutiner ikke blir fulgt, kan Microsoft Office 365 hjelpe. Har du E3 eller E5 lisens får du med eDiscovery (lokalt søk, originalarkiv og eksport) og DLP (Data Loss Prevention, Manuelle regler for lagring og sletting og manuell klassifisering).

Med dette kan du finne ut hvilken data du har hvor og forhindre at det blir sendt ut av organisasjonen.

Les mer om forskjellene på Office lisensene her. Legger ved noen klipp som beskriver mer om mulighetene.