You can't secure what you don't acknowledge.SM

Thursday, November 11, 2010

Internet Password Breaker - yet another reason to encrypt your laptops

Elcomsoft just released their new version of Elcomsoft Internet Password Breaker which now supports Chrome, Opera, Safari and Firefox. In essence the program can recover passwords, sensitive form data and so on that users have conveniently stored in their browsers for the past, oh, several years. Furthermore, the tool can now instantly recover Microsoft Outlook, Outlook Express, Windows Mail and Windows Live Mail account info, user IDs, passwords and cached forms.

Here's a screenshot of the new version 2.0:

Using the tool is as simple as loading it up, selecting which browser or other type of account you want to recover sensitive information from and you're off. It's that easy.

Looking at this from a malicious user's perspective, imagine the damage that can be done when just one seemingly benign laptop is lost or stolen and happens to be completely exposed because its hard drive is not encrypted. Ugly stuff folks.

Looking at it from the opposite perspective, Elcomsoft Internet Password Breaker can really get you out of a bind when you make some sort of bonehead move like I've done before (like "accidentally" deleting your browser history) and need to recover your own information.

Either way, it's a good tool to have in your security or forensics toolbox.

Wednesday, November 10, 2010

The fundamental flaw of information security in SMBs

Here's a good piece that Entrepreneur Magazine put together for SMBs to ensure they have a secure information systems environment. I don't disagree with any of the recommendations. What I do find interesting is that there's no mention of "determine where you're weak".

Be it in the beginning before you put all of the recommended controls in place (and potentially saving yourself a lot of time/money if it's determined you don't need certain types of controls) or after everything is established - you absolutely have to assess where things stand.

You know my feelings on this: You cannot secure what you don't acknowledge. Building out a supposed secure infrastructure is only one piece of the puzzle. Basic controls are just the beginning.

That's the fundamental flaw with information security today - especially within SMBs...Owners and managers of SMBs read these recommendations, put their strong firewalls and passwords in place, and leave it at that. Months or years go by and then something bad happens: an employee breach, external hack, malware attack , you name it. All along these very people had no real sense of how secure or unsecure their systems really were. Don't follow their lead.

Tuesday, November 9, 2010

Some things you need to know about Windows Firewall & Microsoft Security Essentials

Here are a couple more pieces I wrote for where I ponder the utility of Windows Firewall as well as a few things you may not have thought about regarding Microsoft Security Essentials:

Weighing Windows Firewall for enterprise desktop protection

Microsoft Security Essentials may protect non-enterprise users in your business

Microsoft Security Essentials – when it may not be a good fit

My (belated) thoughts on Intel's purchase of McAfee

I've been so busy working that I've failed to post some timely pieces I wrote over the's one of them:

Intel's McAfee buy marks a turning point for security

I truly believe we cannot even fathom how this acquisition will impact us long term.

Windows 7 security tools & password weaknesses