While setting up a new laptop our resident security engineering guru, Steve Healey made a funny discovery. Cell phone videos can be used to bypass facial recognition software. The laptop he was configuring offers biometric authentication via facial recognition using the built in webcam. Steve recorded a video of himself on his smartphone and then used it as the subject for authentication. By simply changing the viewing angle of the phone to the camera he was granted access. As a disclaimer, he didn't have the sensitivity turned all the way up. It also wasn't turned all the way down either though. Those of you using biometric devices, fingerprint readers, facial recognition, etc. on your mobile devices, take note. It's really not all that secure. You probably still want to use a password in combination with the biometrics. Low end biometric capture devices in cell phones, laptops, etc. are not the same ones you see protecting a Level-3 Bio Hazard lab! Kudos to Steve on this "shocking" discovery.
I'm happy to announce the launch of Pratum's new online security awareness training portal. If you are looking for a quick and cost effective way to provide security awareness training to your employees, our new security awareness training portal is for you. We call it InTraining. The training course meets the needs to provide employee security awareness training for HIPAA, SOX, PCI and other compliance requirements. Our fully integrated training portal provides a company administrator with the ability to enroll employees on the fly, create compliance reports for auditors and send reminders to those who haven't completed their annual training.
The multi-media content is designed to provide a high level overview of common information security topics in a format that is easily understood by the average employee. No fancy techno-jargon, just practical information employees need to know in order to protect the confidentiality, integrity and availability of company data.
If you're looking for OWASP training for your application developers to satisfy your PCI compliance, our OWASP course will be launching next month as well.
The Catholic Diocese of Des Moines was involved in a computer security breach last month in which thieves were able to steal more than $600,000 from their automated clearing house (ACH) account at Bankers Trust. To the credit of Bankers Trust, they were able to detect the fraudulent activity and notify the Diocese within a matter of days. Unfortunately the funds were already gone by then.
According to the Diocese press release and other media reports, the FBI has seized several computers from the Diocese but no employees of the Diocese or Bankers Trust are suspected to be involved. This either means one of two things. Either law enforcement is trying to divert attention away from the true angles they are working or the systems themselves were to blame.
If the computers are part of the problem we can assume they were either not patched and vulnerable to attacks or end users allowed some sort of malware to be installed and siphon data. Either way, this points to a break down in very rudimentary security practices.
This should be a warning to all organizations. Patch your systems, scan them for malware and please, please, please...educate your users. There is no patch for the human factor.
Get our blog articles delivered
to your inbox: