SSV Program Audio now available (@cvillepodcast)

The audio from the October 14 meeting of the Senior Statesman of Virginia, focusing on Internet Security, is now available through the Charlottesville Podcast Network.  10 Don’ts author Eric Rzeszut was one of two featured speakers.

Senior Statesmen of Virginia: Internet Security

Designing IT Guidelines for Global Travel, EDUCAUSE Review

10 Don’ts author Eric Rzeszut and Bryan Lewis (both of the University of Virginia’s McIntire School of Commerce) have published a new article in EDUCAUSE Review.  Entitled “Designing IT Guidelines for Global Travel,” the article points out the info security risks inherent in international travel for academics.  The article also offers guidelines on how faculty, staff, and students can better protect their devices and their data, as well as a discussion of the legal ramifications from US and foreign perspectives.

“Global programs present a unique challenge for most universities. In addition to the educational experience, global program coordinators take on the responsibilities of student health and safety while shuttling students across time zones and countries. With the major logistical effort required to transport students around the world for academic pursuits, technology concerns can be an afterthought. By working closely with travel coordinators, IT departments can ensure that all parties are in compliance with operational, security as well as legal requirements as they travel in foreign lands.”

Designing IT Guidelines for Global Travel

Why the Hell Is Windows 10 Sharing My Wifi Passwords? (@gizmodo)

Without the profanity, we discussed Microsoft’s new Wi-fi Sense “feature” in chapter 7 (“Don’t Be Careless with Your Phone”) of 10 Don’ts.  We called it a “potentially enormous security risk,” and Gizmodo would seem to agree:

“Look, Microsoft. Just because I am Facebook friends with someone, doesn’t mean I want to share my wifi passwords with them.

[…]

I’m not really complaining about the existence of the feature in the first place — I can see how it could be helpful, if you’re a non-data-plan-having tween hopping between various wifi-enabled basements. It’s the fact that Wi-Fi Sense is enabled by default, and most people will never know that it’s there.”

Full story: Gizmodo

How Adopting BYOD Can Actually Make a Workplace More Secure (@techvibes)

“There’s one major difference between companies that adopt BYOD policies and those that don’t: those that don’t are far more vulnerable to attacks.

Now, that may seem counterintuitive—after all, aren’t BYOD programs supposed to open the door to greater security risks? That’s what everyone says, and there’s certainly new complications that come with BYOD programs.

However, companies need to realise employees are connecting their phones and tablets at work, regardless of whether there’s a BYOD policy or not. So with that in mind, companies that make efforts to regulate the devices on their networks are far more likely to be protected than those who don’t.”

Full story: Techvibes

Millions of Android users at risk from adware, secretly lurking inside Google Play apps (@gcluley)

In chapter 7 of 10 Don’ts, we discuss mobile phone security, including the increased threat from mobile malware. Now, it seems that the Google Play store is suffering an outbreak of infected apps spreading to Android devices. Some of these apps use particularly nasty tricks, like hiding their malicious behavior for a week or more, disguising the source of the infection.

But you won’t notice the in-your-face advertising when you first install Durak. Instead, the adware module embedded in the app’s code waits a week or more before activating – making it harder for the user to know which app might be responsible for the irritating messages that they are now seeing.

Furthermore, the advertising messages may go further than suggesting that your Android device is performing slowly – and may actually display warnings that the security of your device, including personal photos and passwords, are at threat…

Full story: GrahamCluley.com

Sen. Wyden puts forward a bill to ban data “backdoors” (@arstechnica)

In the wake of revelations about the extent of US spying, both Apple and Google announced in September their newest phones will be encrypted by default. That means no one—not law enforcement or the companies themselves—would be able to grab data off a locked device.

The FBI didn’t like that idea one bit and said so to Congress. On Thursday, Sen. Ron Wyden (D-Ore.) introduced a bill that, if passed, would make sure the companies can encrypt unmolested. The Secure Data Act would prohibit government agencies from requiring any “backdoors” be placed in US software or hardware.

Full story: Ars Technica

The Risks of Connecting to New York’s New, Free Wi-Fi (@newsweek)

Chapter 5 of 10 Don’ts is entitled “Don’t Do Secure Things from Insecure Places.”  A proposed, New York City-wide wireless network might certainly be an “insecure place!!”

“New York City is looking to replace its antiquated public pay phones in order to bring the five boroughs what it claims will be the largest and fastest free municipal Wi-Fi network in the world. While providing Internet access to the hustling and bustling masses of the Big Apple is undoubtedly a step toward the future, there are also risks to consider.”

Full story: Newsweek

Mobile ISP Cricket was thwarting encrypted emails, researchers find (@washingtonpost)

In 10 Don’ts, we advise the reader to keep abreast of new solutions from technology and service providers in the realm of security.  Often times, Gmail, Yahoo!, etc. revise their security offerings and provide new ways for customers to keep their data safe.

Mobile telecom provider Cricket may have been working in the opposite direction — actively removing encryption from customers’ emails, making them less safe:

“Some customers of popular prepaid-mobile company Cricket were unable to send or receive encrypted e-mails for many months, according to security researchers, raising concerns that consumers may find that protecting their privacy is not always in their hands.

… [security research firm] Golden Frog says that in Cricket’s case, when the sending e-mail server asked if it might transmit an encrypted e-mail, the network simply scrubbed the request before the receiving mail server had a chance to hear it.”

Full story: Washington Post