Another Total Security Failure!?- 750K Socials Stolen in Utah April 10, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy.Tags: Chris Mark, cybersecurity, InfoSec, mark consulting group, markconsultinggroup.com, security, Social Security theft, Utah Health Department
add a comment
(RANT ALERT) While everyone is fighting over who gets to eviscerate Global Payments in the press today, a major breach of sensitive data goes unnoticed. For the record…Credit Card theft is NOT identity theft. Steal my credit card every day of the week…I have zero liability. Do NOT steal my social or passport or drivers license. We seem to be focused on the wrong data at times. I live in Utah and am pretty sure my wife, and my own 2 year old son’s Social was included in this breach.
Today on Foxnews.com a story was posted about how hackers stole “hundreds of thousands of social security numbers” from the Utah Health Department. Well…this is not entirely accurate. The data thieves did steal the Socials but they also stole medical information and other personal information such as names, addresses etc. The total number of records is nearing 900,000. Here is my beef…according to the story: (more…)
“A Failed State of Security”; Deterrence Theory & CyberCrime (Research Brief) March 5, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management.Tags: Chris Mark, cybersecurity, data breach, data security, deterrence theory, markconsultinggroup.com, PCI DSS, security
add a comment
Expanding on the concept of Rational Deterrence and its effect on crime, we have published a research brief on Deterrence Theory and Its Effect on CyberCrime. The brief outlines the failing strategy of compelling companies to prevent breaches without deterring those who commit the crimes. You download the brief (all 25 pages) here. Below is a short excerpt:
“At RSA’s annual security convention, the head of the Federal Bureau of Investigation, Mr. Robert Mueller stated, on February 28th, 2012, ominously: “There are only two types of companies. Those that have been hacked and those that will be.”[1] At the same event, the CEO of RSA, told the audience: “Our networks will be penetrated. We should no longer be surprised by this.” He further stated: “The reality today is that we are in an arms race with our adversaries, and right now, more often than not, they are winning.”[2] The comments, while accurate, are late in coming. RSA, one of the worlds’ largest security vendors, was breached in 2011. The breach was more than a simple theft of customer data. The breach was a theft of intellectual property that compromised the infrastructure of RSA’s 2-factor authentication system known as SecureID. This potentially exposed thousands (if not more) of companies to a bypass of their own access control mechanism.
RSA’s CEO then continued: (more…)
“Caveat Emptor”- Facebook reading private text messages?! February 27, 2012
Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation.Tags: android, Chris Mark, cybersecurity, facebook, mark consulting group, markconsultinggroup.com, privacy, security
add a comment
UPDATE: According to Facebook, this story was incorrect. To ensure the accuracy of my own reporting, here is their statement taken from MSNBC: “The Sunday Times has done some creative conspiracy theorizing but the suggestion that we’re secretly reading people’s texts is ridiculous. Instead, the permission is clearly disclosed on the app page in the Android marketplace and is in anticipation of new features that enable users to integrate Facebook features with their texts. However, other than some very limited testing, we haven’t launched anything so we’re not using the permission. If we do, it will be obvious to users what’s happening. We’ll keep you posted on our progress.” (more…)
Published Articles: – “Geopolitical Context of Piracy” February 24, 2012
Posted by Chris Mark in Industry News, Piracy & Maritime Security, Uncategorized.Tags: Dr. Heather Mark, geopolitical context of piracy, Maritime Security, markconsultinggroup.com, Piracy & Maritime Security, pirate as a rational actor, security
1 comment so far
UPDATE: The company that published the articles contacted Heather and has agreed to pull the articles off their website. This is good news and shows that the copany is interested in ensuring their readers get original work from the original author. In an interesting twist, the company representative stated that, when asked, the party who submitted the articles stated “unequivocally” that it was their work. Considering that the company pulled the articles, Heather has a PhD and background in defense, and political economy, and has published over 100 articles, scores of whitepapers, research briefs and other material as well as possessing the original whitepaper from which it was taken, I think the readers are savvy enough to know the actual author of the work. It certainly seems unlikely that a person who has never published a single article or other document would embark on something as complex as: “the Geopolitical Context of Piracy” for their first foray into writing.
Two years ago my wife, Dr. Heather Mark wrote a whitepaper on the Geopolitical Context of Piracy that has since been broken into its component sections and published verbatim as 4 different articles without any form of attribution to her. She was contacted by the organization that published the articles today to ask about her work and attribution. To assuage any concerns that it is indeed her sole work and not anybody else’s work here is a copy of the whitepaper. “Understanding Modern Piracy; Geopolitical and Regulatory Considerations”….the first section is titled: “Geopolitical Considerations”, the next section is titled: “Current Anti-Piracy Efforts”. Heather is a brilliant person and a tremendous righter writer (thanks to Heather’ brother Bill for pointing this out;). There are times that I certainly would like to “borrow” her work and claim it as my own. I would certainly appear smarter and more informed than I actually am. As professional writers (yup, we actually get paid to write;) it is disturbing when someone uses your work without attribution.
Kudos to the company for maintaining the integrity of its service and evaluating the content and writers.
Egypt States Position on Armed Guards and Weapons February 22, 2012
Posted by Chris Mark in Industry News, Piracy & Maritime Security, weapons and tactics.Tags: armed security, Chris Mark, Egypt, Maritime Security, mark consulting group, markconsultinggroup.com, Piracy & Maritime Security, UK P&I
1 comment so far
UK P&I Club released a bulletin that outlines Egypt’s position on armed guards and weapons within Egypt and its waters. Below are the salient points of the letter received from the Egyptian Government:
“1) The Egyptian Government forbids the presence of any Weapons / Armed Guards on
board of commercial vessels as per the rules and regulations of the International Maritime Organization. (more…)
Global Security, Privacy, & Risk Management 