STE WILLIAMS

Win a top of the range HP Spectre laptop

Three men have been charged with pilfering trade secrets from a Wall Street firm after two of them emailed themselves computer code belonging to their former employer from their company email accounts.

Glen Cressman and Jason Vuu, both former employees of Wall Street firm Flow Traders, were each charged with unlawful duplication of computer related material and unauthorized use of secret scientific material after making off with sensitive documents, the Wall Street Journal reports.

The 26-year-old Vuu was charged with 20 counts of each offense, having emailed himself various materials related to Flow Traders’ trading strategies and valuation algorithms over the period from August 2011 to August 2012.

According to Bloomberg, Vuu was aware that he was doing something illicit, because he would sometimes change the file formats of email attachments in an attempt to conceal what it was that he was sending himself.

Vuu, who currently lives in California, allegedly shared the purloined code with a college friend, one Simon Lu of Pittsburgh, Pennsylvania, with the aim of starting a new trading company together. Lu has been charged with three counts each of the same offenses as Vuu.

But although Vuu’s lawyer, Jeremy Saland, admits that Vuu did email himself sensitive code without authorization, he maintains that no real damage was done.

“I’m confident that when the DA’s office has completed their investigation they will find Flow Traders did not suffer any economic loss,” Saland told Bloomberg. “Their algorithms and code weren’t taken or used in any malicious way that damaged or compromised their financial security.”

Meanwhile, Cressman has been charged with two counts each of the same offenses as Vuu, although unlike Vuu, the complaint does not allege that he did so as part of a plan to start up his own firm.

“Glen Cressman is innocent,” the 26-year-old’s attorney told Bloomberg. “He was a great employee for Flow Traders. I am confident that when everything is put on the table, the case against him will completely unravel.”

If convicted of these fairly minor offenses, each of the three men could face a maximum of four years in prison, but experts say it is likely that they wouldn’t have to serve any prison time at all.

The men are next due in court on November 18, when prosecutors will seek a grand jury indictment that would see the case proceed to trial. ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/27/wall_street_secrets_stolen_via_email/

Win a top of the range HP Spectre laptop

Sky Broadband has been caught using JavaScript to track every click and shuffle on its support pages, but it’s not alone: other ISPs have also admitted recording every frustrated wobble of the mouse on their support pages.

Readers at ISP Review spotted Sky using a JavaScript tool called SessionCam to record rodent tracks on its support pages, but the Murdoch-owned telly company said it doesn’t think it’s doing anything wrong, while BT also happily told ISP Review that it does the same thing with a similar product called ClickTale.

Sky told the website that data stored by SessionCam is “transferred to a secure environment using SSL encryption and secured using numerous levels of control at an application, data and infrastructure level”.

ISP Review is, of course, only concerned with ISPs, but the practice of logging one’s activity within a website is far from limited to that industry. For example, Crazy Egg – an outfit which promises “The Astonishing Power of Eye Tracking Technology… Without the High Costs” – counts eBay, Amazon and Dell, among others, in its customer list.

Crazy Egg produces heat maps showing where mice hang out, how far down the page visitors scroll and which bits they spend longest reading. It’s not perfect – it can’t tell if you’ve paused to read some text or were interrupted by a human visitor – but it can give a general impression to aid page design.

This is nothing new. Some shopping centres track visitors (as groups) to establish their browsing habits. Companies such as Path Intelligence track every mobile phone in a shopping centre (anonymously, as they have no access to, or – so they say – interest in customers’ details) to see how long a window display grabs one’s attention or the order in which shops are visited.

Websites have always taken a huge interest in users’ behaviour, and gained from the ability to record every click, but is recording every mouse-shuffle a step too far?

Those using the technology don’t think so, and while the dancing of a mouse pointer might not seem important, the ability to track one’s eyes (to see which advert is being viewed) is already available and slipping into mainstream products. Perhaps we should be working out how much we’re prepared to share before we start sharing it. ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/27/isps_scramble_to_explain_away_mousesniffing/

Win a top of the range HP Spectre laptop

The Poison Ivy Remote Access Tool (RAT) – often considered a tool for novice “script kiddies” – has become a ubiquitous feature of cyber-espionage campaigns, according to experts.

Research by malware protection firm FireEye has revealed that the tool served as lynchpin of many sophisticated cyber attacks, including the compromise of RSA SecurID data in 2011 and the “Nitro” assault against chemical makers, government offices, defence firms and human-rights groups last year.

A Peeping Tom webcam sextortionist has been jailed for six years in the US after targeting several young women in attacks that relied on a modified version of Poison Ivy, an incident which shows that the tool has malign uses beyond cyber-espionage.

Poison Ivy remains popular and effective eight years after its original release. FireEye has compiled a list of nation state-type attackers making use of the utility. These include a group called admin@338, which specialises in attacks targeting the financial services industry; th3bug, who have been hammering universities and healthcare facilities since 2009, and menuPass, a group that has run cyberespionage attacks against defence contractors over the last four years.

Poison Ivy is the preferred RAT of several threat actors located in China. Over recent months other attackers elsewhere in the world have begun adopting the same methodology.

A campaign by a Middle East hacking group called “Molerats” (AKA Gaza Hackers Team) switched during June and July to using Poison Ivy to attack Israeli government targets. The latest malware was signed with a fake Microsoft certificate, similar to earlier attacks using the XtremeRat trojan.

FireEye has also intercepted Egyptian- and Middle Eastern-themed attacks using decoy content in Arabic whose targets remain uncertain but may include targets in the Palestinian authority.

“The cyber attacks against Israeli and Palestinian targets that were first documented last year are ongoing,” FireEye concludes. “The attackers, which we have called ‘Molerats’, have also targeted government entities in the UK and in the US. In addition to using XtremeRAT, which is popular among Middle Eastern attackers, we have found that Molerats have adopted the use of Poison Ivy RAT, which is traditionally favoured by Chinese attackers.”

“We do not know if this is an intentional attempt by MoleRats to deflect attribution to China-based threat actors, or if they have simply added another, effective, publicly-available RAT to their arsenal. However, this development should raise a warning flag for those who attribute all Poison Ivy attacks to threat actors based in China. The ubiquity of off-the-shelf RATs makes determining positive attribution an increasing challenge,” it adds.

More details on the Molerats’ cyber-espionage campaign can be found in a blog post, featuring diagrams, screen shots and charts, and put together by three FireEye researchers (Nart Villeneuve, Ned Moran and Thoufique Haq) here.

“You can download the default version of Poison Ivy from poisonivy-rat.com,” explained FireEye’s Ned Moran. “However, each of these groups are using a custom version of Poison Ivy. We do not believe these specific custom versions are available for sale.”

RATs such as Poison Ivy require little technical savvy while offering unfettered access to compromised machines, hence their use by even well resourced professional cyber-ninja types. It can be considered as the easy to use front end of attacks that might be actually quite sophisticated when viewed as a whole.

“They [RATs] are often delivered as a key component of coordinated attacks that use previously unknown (zero-day) software flaws and clever social engineering,” explained Darien Kindlund, manager of threat intelligence at FireEye in a blog post. “Attackers can point and click their way through the target’s network to steal data and intellectual property,” using tools such as Poison Ivy, he added.

FireEye released its a white paper on its research into the hacker tool along with Calamine, a set of free tools to help organisations to detect possible Poison Ivy infections. ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/27/poison_ivy_rat_apt/

Win a top of the range HP Spectre laptop

Slack authentication in Tesla’s Model S REST API exposes the electric car to a variety of non-safety but non-trivial attacks, according to a Dell engineer and Tesla owner.

In this post over at O’Reilly, Dell senior distinguished engineer and executive director of cloud computing George Reese says the “flawed” authentication protocol in the Tesla REST API “makes no sense”. Rather than using OAuth, Tesla has decided to craft its own authentication, which Reese unpicked.

There’s one small reassurance for owners of the ‘leccy car: none of the vulnerabilities he discusses cause any kind of safety issue – although he creepily notes that an attacker would be able to see everywhere the car goes.

Tesla, it turns out, has broken one of the golden rules of security – the one that says “don’t re-use user IDs and passwords for different functions”. In this case, the e-mail and password used to build the car at the Tesla Website are retained later for customers logging into the car via the Website.

There’s also a persistence issue: when a user logs into the Tesla Website to get to their car, it creates a three-month token for which there’s no revocation mechanism. If the system is compromised, the attacker would have access to the login for three months, and if “an attacker gains access to a website’s database of authenticated tokens,” then all the cars would be visible to the attacker.

While the flaw doesn’t offer access to any “operational” aspects of the car – like steering or brakes – the risks are still significant. An attacker could fool around with configuration settings, the climate control, the sunroof, open the charge port, and anything else supported by the API. Apart from tracking owners’ movements, “there is enough here to do some economic damage both in terms of excess electrical usage and forcing excess wear on the batteries”, Reese notes.

Reese links to an unofficial documentation of the API, which outlines its capabilities, here. ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/27/tesla_cars_hackable_says_dell_engineer/

Win a top of the range HP Spectre laptop

Updated Hacktivist collective the Syrian Electronic Army (SEA) – or someone using its name – has claimed responsibility for hijacking the Twitter.co.uk, NYTimes.com and HuffingtonPost.co.uk web addresses.

At the time of writing, many of the domain names the SEA claimed to have seized were back under their owners’ control. In some cases, only the contact details for the domains were altered.

However, the records for nytimes.com and Twitter.co.uk pointed to addresses of nameservers operated by the SEA: effectively allowing the miscreants to redirect tweeters and NYT online readers to any site of the hackers’ choosing.

The internet’s domain name system (DNS) works by converting human-readable addresses, such as www.theregister.co.uk, into network IP addresses that computers use to talk to each other. By altering the DNS records, attackers can cause havoc by ushering potentially sensitive web traffic to malicious systems (which is why using HTTPS is important).

Below are the hijacked DNS records for nytimes.com and twitter.co.uk last night:

The attack actually hit an Australian domain registrar of which both Twitter and the Times were clients: Melbourne IT.

The New York Times attributed an outage last night to malicious activity; its workaround made it clear that a domain redirect was the problem since it pointed readers at its IP address to get directly to its site, sidestepping the domain-name system.

Twitter users were quick to blame the problems to domain-name registrar MelbourneIT, which is common to many of the hijacked domains. HD Moore of Metasploit Framework fame told Mashable that “if the attackers have found a weakness in the MelbourneIT system”, then other domains would also be at risk.

The New York Times also attributed the attack to MelbourneIT:

“The New York Times website was unavailable to readers on Tuesday afternoon following an attack on the company’s domain name registrar, Melbourne IT. The attack also required employees of The Times to stop sending out sensitive emails”, it has told employees.

The Register has tried to contact MelbourneIT, so far without success. ®

Updated to add

While MelbourneIT has yet to return calls from Vulture South, it has apparently told Business Insider a reseller was responsible for the hijack blunder.

Theo Hnarakis, chief executive of the web hosting biz, told Australian Broadcasting Corp radio today that hackers had modified the New York Times‘ domain using a partner’s username and password.

“They came in through the front door,” AP reported Hnarakis as saying. “If you’ve got a valid user name and password … the assumption from our systems is that you are the authorised owner and user of that domain name.”

Its statement is below.

The credentials of a Melbourne IT reseller (username and password) were used to access a reseller account on Melbourne IT’s systems.

The DNS records of several domain names on that reseller account were changed – including nytimes.com.

Once Melbourne IT was notified, we:

• changed the affected DNS records back to their previous values
• locked the affected records from any further changes at the .com domain name registry
• changed the reseller credentials so no further changes can be made

We are currently reviewing our logs to see if we can obtain information on the identity of the party that has used the reseller credentials, and we will share this information with the reseller and any relevant law enforcement bodies.

We will also review additional layers of security that we can add to our reseller accounts.

For mission critical names we recommend that domain name owners take advantage of additional registry lock features available from domain name registries including .com – some of the domain names targeted on the reseller account had these lock features active and were thus not affected.

The Register will post further updates as required. There are more technical details about last night’s DNS hijack over on the CloudFlare blog. ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/27/twitter_ny_times_in_domain_hijack/

Win a top of the range HP Spectre laptop

A pair of Italian security researchers investigating the practice of Facebook scamming estimates that the trade brings in around $200m a year.

Andrea Stroppa and Carlo De Micheli analyzed the pricing of Facebook spam on 20 black-market websites offering access to Facebook users for a price. The spammers set up fan sites and encourage people to join them, then pump out spam messages to encourage click-throughs, bringing in between $87m and $390m per year.

“The spam posters get paid an average of $13 per post, for pages that have around 30,000 fans, up to an average of $58 to post on pages with more than 100,000 fans,” De Micheli told The Guardian.

“If we consider these two as extremes, the pages we analysed generate a revenue of 18,000 posts per day, times the revenue per post – ranging from $13 to $58 – 365 days a year.

The researchers found that such spam was being used to drive traffic to YouTube videos and e-commerce sites using shortened URLs to disguise the location of the linked-to page. Google also inadvertently benefits – around 9 per cent of the spammer’s links make money from redirects to AdSense-funded pages.

Spammers seem to have little care as to what they set up spam fan sites for – the team noted one for victims of the Boston terrorist bombing, but said that the spammers they contacted insisted they were doing nothing wrong.

“Facebook doesn’t ban us, simply because we generate the content on Facebook itself. Everyday I materialize funny, and interesting content full of phrases and so forth that is shared and liked by thousands of users,” said one in a Skype conversation.

“Without the fan pages Facebook would be an empty place. Tell me how many links do you see shared by your friends on your timeline everyday? You see – the answer is simple.”

Facebook spam has been around for a while – the researchers found adverts for spamming payments going back to 2010 – but in the last year or so spamming services have matured and grown. Facebook told the paper it was doing what it could.

“We have developed a number of automated systems to identify potentially harmful links and stop them from spreading,” a company spokesman said. “Those systems quickly spotted these links, and we are working to clear them from the site now. ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/30/facebook_scammers_raking_in_200_meeellion_in_illicit_profits/

Win a top of the range HP Spectre laptop

The US National Security Agency may have some of the most sophisticated cyber-surveillance programs in the world, but it was trivial for former NSA contractor Edward Snowden to walk off with sensitive data, sources say, owing to the agency’s antiquated internal security.

“The [Defense Department] and especially NSA are known for awesome cyber security, but this seems somewhat misplaced,” former US security official Jason Healey told NBC News on Thursday. “They are great at some sophisticated tasks but oddly bad at many of the simplest.”

While some sources claimed that it was Snowden’s genius for infiltrating electronic systems that allowed him to make off with a cache of at least 20,000 documents – “Every day, they are learning how brilliant [Snowden] was,” one former US official said – other sources suggested that all he needed was a little determination and the right business card.

“It’s 2013,” an insider told NBC, “and the NSA is stuck in 2003 technology.”

For example, the NSA policy prevents a typical worker from doing things like copying files to USB thumb drives or other external storage. But Snowden had an easy way around those restrictions, simply by virtue of being classified as a “systems administrator”.

With that privilege, Snowden would have been able to move files around at will, sources claim. If higher-ups ever questioned him about it, he could have claimed he was doing so in order to repair a corrupted drive or some other maintenance operation.

Snowden’s administrator account also gave him the ability to log into the accounts of other users of the agency’s NSAnet computer systems – some of whom had higher security clearance than Snowden himself did.

In essence, Snowden was able to impersonate those NSA employees to gain access to highly sensitive documents, which he was then able to copy to thumb drives. This was so easy to do that one source described him as a “ghost user” of NSAnet, whose activities couldn’t easily be traced.

The NSA is reportedly only now piecing together the exact steps Snowden took to infiltrate its systems, including identifying specific users whose accounts he used to access documents. But there’s no clear paper trail – investigators are said to be looking for red-flag discrepancies, such as accounts that were accessed while their owners were on vacation.

Once he began collecting documents, Snowden was surely also emboldened by the fact that, as a contractor working for Booz Allen Hamilton in Hawaii, he never once needed to set foot in NSA headquarters. Instead, he could access the files he wanted from a computer terminal some 5,000 miles away.

The NSA reportedly employs around 40,000 people, roughly 1,000 of which are systems administrators. Like Snowden, most of those systems admins are contractors – or they were, at least.

Earlier this month, NSA director General Keith Alexander announced that the agency plans to reduce its total number of sysadmins by 90 per cent, specifically to reduce the number of staffers who have access to secret information.

Such measures come too late to reduce the impact of Snowden’s leaks, however. As one former intelligence official described the aftermath of Snowden’s disclosures to NBC News, “The damage, on a scale of 1 to 10, is a 12.” ®

Win a top of the range HP Spectre laptop

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/08/30/snowden_sysadmin_access_to_nsa_docs/

August 29, 2013–Tenable Network Security, the leader in real-time vulnerability management, today announced SecurityCenter 4.7trade. With this release, Tenable introduces a first-of-its-kind security “app store” – a catalog of hundreds of apps created by Tenable researchers that provide the latest intelligence for identifying advanced threats and compliance violations.

“Tenable’s advanced analytics have allowed us to extend SecurityCenter as both a solution for security assessments and one for data center maintenance and operations. We are looking forward to the ‘security apps’ in 4.7,” said Russell Butturini, Senior Enterprise Security Architect at Healthways, a global disease management and well-being provider and ranked #8 on Information Week 500.

These analytics are directly accessible from within the SecurityCenter console and offer extensive visibility for multiple teams – network, security, operations, and compliance. The apps dramatically cut time and resources required to identify and respond to vulnerabilities, advanced threats, and compliance violations without the need to write complex scripts or rely on 3rd party tools.

Key capabilities of SecurityCenter 4.7 include:

New and simpler framework for creating and updating dashboards, dynamic asset lists, and reports.

Extended mobile device coverage to track mobile device types, users, and vulnerabilities through active, passive scanning and MDM integration.

Remediation report summarizing vulnerabilities, most effective remediation, as well as time to remediate.

Support for SCAP 1.2. Users can upload and download SCAP files for use in scan jobs.

Allows user to accept and recast risk rules to adjust priority based on customer specific requirements.

“Tenable’s mandate is to protect its clients 24/7, so we realize that our solutions’ capabilities need to be as dynamic as the current threat landscape,” said Ron Gula, CEO of Tenable. “We provide customers with the only real-time vulnerability management platform with built-in scan, log, and network analysis technology to assess IT infrastructure risk. With this release, we’re making SecurityCenter even more strategic for our customers by providing direct access to the latest security and compliance intelligence as identified by our world class researchers.”

For more information on Tenable Network Security products and solutions, please visit www.tenable.com.

About Tenable Network Security

Tenable Network Security is relied upon by more than 17,000 organizations, including the entire U.S. Department of Defense and many of the world’s largest companies and governments, to stay ahead of emerging vulnerabilities, threats and compliance-related risks. Its Nessus and SecurityCenter solutions continue to set the standard for identifying vulnerabilities, preventing attacks and complying with a multitude of regulatory requirements. For more information, please visit www.tenable.com.

Article source: http://www.darkreading.com/applications/tenable-launches-security-app-store-for/240160641

Facebook has released its first ever Transparency Report, listing all the national governments that have requested access to information on its members. The report includes how many requests were made, how many users the requests affected, and how many resulted in data being handed over.

In the wake of the ever-expanding PRISM kerfuffle, many of the web giants we trust with huge amounts of information about ourselves have gone out of their way to deny or minimise any bulk sharing of that data with government snoops, in the USA or elsewhere.

Statements have emerged from Microsoft, Apple, Google and Yahoo, vigorously denying granting the USA’s National Security Agency unfettered snooping rights to their servers. Back in June babyfaced Facebook head honcho Mark Zuckerberg added his own promises, reassuring his followers that information was only passed on in response to carefully vetted legal demands.

Now Facebook has followed up by producing a detailed breakdown of those demands, similar to the data Microsoft and Google have been publishing for some time. Google recently added details of malware and phishing issues observed in their trawling of the web.

The stats, covering the first half of 2013, show a significant chunk of the data is demanded by US authorities – somewhere between 11,000 and 12,000 requests received, referencing over 20,000 US-based members, of which some 79% resulted in data being handed over.

The closest rival is India, with 3,245 requests for data on 4,144 citizens and a 50% hit rate. The other big hitters are the expected big European countries, with the UK, Germany, Italy and France next in sequence on the list.

Of course in interpreting the figures we need to remember that Facebook users are not evenly distributed around the world – the US has by far the biggest number of Facebook users, with over 160 million at the end of 2012, more than half the total population of the country.

India is in second place, although its 62 million users are barely noticeable among the country’s vast population. Brazil, not far behind India in user base with 58 million members, had only 715 data requests of which 33% resulted in data being handed over.

Those wondering where China is in these figures may need reminding that Facebook is pretty much banned there, although there are occasional reports of opening up.

The US is the only country not to provide precise counts, so it is listed as having 11,000-12,000 requests about 20,000-21,000 users, apparently for legal reasons.

As Facebook explains:

We have reported the numbers for all criminal and national security requests to the maximum extent permitted by law. We continue to push the United States government to allow more transparency regarding these requests, including specific numbers and types of national security-related requests. We will publish updated information for the United States as soon as we obtain legal authorisation to do so.

Advice to Facebook users on maintaining their privacy may thus need a small addendum: don’t share anything sensitive with strangers, and if you don’t want “the man” to know about it, don’t share it at all, especially if you’re in the US.

Follow @VirusBtn
Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/5ayggrWlSew/

Kate Gosselin, who shot to fame in the US after appearing in a reality TV docusoap ‘Jon Kate Plus 8’ about her life with her eight children, including sextuplets, is suing her husband for allegedly hacking into her personal email account, her phone and her bank account, as well as stealing a hard drive full of personal files including family photos.

The information yielded by the alleged hacking and data theft went into a much-hyped book on the couple’s very-publicised divorce, written by Robert Hoffman, a tabloid journalist and friend of Jon Gosselin, the celebrity husband who is also named in the suit.

The book was pulled by Amazon after allegations that it relied on improperly-sourced information.

Hoffman claims to have found the information by rummaging through Ms Gosselin’s bins, but is also quoted as hinting he has over 5,000 personal photos belonging to her – an unlikely find for a dumpster-diver.

The story has been carried by huge numbers of celeb-loving media outlets, including the notorious Mail Online website, probably mainly as an excuse to carry plenty of photographs of the plaintiff in a variety of outfits.

All stories of course refer to the heinous act of hacking.

The legal papers on the case, filed in the US District Court Eastern Division of Philadelphia and dug out by celeb site Radar Online among others, also make occasional use of the terms “hacking” and “hack”, but as so often in these cases it would appear that the words are being used in the loosest possible sense.

A more accurate way of describing the husband’s activities might perhaps be “guessing her password”, and possibly even “knowing the password having been married to her for 10 years”. There certainly seems to be no evidence of any special technical skill involved in accessing the information.

The moral of the story will of course be that you should ensure your passwords are fit for purpose and kept private.

If you are a celebrity with oodles of private information you don’t want leaked in a bestselling memoir – and you have a grumpy and possibly vindictive former partner who might know (or have enough knowledge of you to guess) that your email account password is 12345 – you are best advised to change it as soon as possible.

And to change it to something that cannot be guessed, even by someone who knows the names of all your favourite pets, former teachers and most beloved sports teams.

The same advice holds true for normal people, as well as celebrity octomoms. Better still, let a password manager utility create properly complex passwords for you, different ones for all sites, and all hidden behind a single extra-strong passphrase.

There is of course another side to this story, as it would be unkind to put the blame entirely on someone who seems to be guilty of nothing more than the almost universal crime of poor password hygiene.

There have been many cases of partners falling out and using their intimacy to get at information about their estranged other halves that they really should not be seeing, and many of these cases, quite apart from being rather sad, involve some sort of crime being perpetrated.

In a lot of cases, those involved are not fully aware of the criminal nature of their activities.

So if you find yourself on the other side, trying to get at information which is not rightfully yours, ask yourself, should I really be doing this?

If it were, say, an expensive wristwatch or a fancy pair of shoes, rather than some digital bank records or racy celeb photos, would that make a difference? If it was secured by a physical lock rather than a password, would it be right to bust in and make off with the swag?

The answer should be, probably not – so leave that data alone.

Follow @VirusBtn
Follow @NakedSecurity

Image of Kate Gosselin courtesy of s_bukley / Shutterstock.com. Image of padlock courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/foJ7I1z0ApY/