True cybersecurity requires a conceptual shift

The user knows nothing: Rethinking cybersecurity

This position — that the adversary knows your system as well as you do, if not better, as soon as it is stood up — while extreme, led to the creation of large number factorization, the basis for all modern encryption, from PGP to RSA tokens. Under these encryption schemes, as long as the key is kept private, someone can know everything about how the security system works and still not be able to crack it.

To get to a place of true cybersecurity, another stark innovation in thinking is needed. What is needed is an Inverse Shannon's Maxim: the user knows nothing.

Coincidentally, our CTO and I were having a conversation along these lines just yesterday. It's a thrill a minute at SecurLinx!

Industry report: mobile malware on the rise

In a departure from our normal biometrics fare, NQ Mobile has a new report [pdf] showing that mobile devices are increasingly being targeted by, and succumbing to, malware developers.

The linked pdf also has a list of the top five most infected markets.

NQ Mobile offers their mobile security suite in both free and premium versions.

Despite warnings that too few people protect access to their mobile device with a PIN, doing so does not prevent authorized users from being tricked into downloading malware. See: The Con is Mightier than the Hack

That means mobile security services are going to be an important factor in keeping the purple bar at the far right of the picture as short as possible.

Motley Fool on Biometrics

Is Your Body Your Best Defense Against Digital Terrorists? (Motley Fool)

If your digital life is linked together closely enough, the entire house of cards could be flattened in less than an hour. Family photos, email histories, business invoices, creative work, and all your connections -- it could all be gone before you wake up. But the solution may be closer than you think.

Infosec Professional Interviews SecurLinx CEO Barry Hodge on Information Security Challenges

Interview Series - Barry Hodge CEO SecurLinx Corporation (Infosec Professional)

The questions are:

♦ How has information security changed in the last 3 years?

♦ What do you think are the main threats facing organisations in 2012?

♦ Are organisations ready to deal with those threats and what can they do to protect themselves?

♦ The last 3 years has seen global organisations make significant in roads to protect data from a logical and network perspective. Does physical access control need to play a greater part and are organisations aware of it's benefits?

♦ Infosec has now become it's own profession, with job titles, budgets and certifications. What challenges do infosec professional face on 2012?

♦ What are the key questions your clients ask when looking to select a product or services offering? Experience, RoI, cost etc?

♦ With the global credit crunch effecting budgets across all areas, is security now seen as a luxury good for many projects?

I'll include only one answer here because I want you to click through to the whole interview. Here's his answer to the last question:

Security is looked at by most companies as a cost of doing business and if my competitor isn’t investing, I can let it go too. My personal opinion is that security can be a competitive advantage if it increases employee productivity and decreases cost. It is our job to design and implement solutions for our customers that do just that. Technology should facilitate the provisions of better security and lower the cost of ownership to the organization. I believe that is possible today.

Government Information Security: Q & A

Ilias Chantzos, Senior Director, Government Relations, EMEA & APJ, Symantec, discussed with Mehak Chawla the Indian government’s seriousness with regard to cyber security and how the era of multiple devices was changing the way that information needed to be protected.

These questions were formulated and answered from an Indian perspective but the issues under discussion have far broader applicability.

Here are the questions. The answers are at the link.

♦ What kind of threats does a government face when it comes to cyber security?

♦ In India, we are now seeing a trend towards mission critical activities such as the elections going online. How do we deal with the threat scenario in such cases?

♦ What’s the state of cyber security within the Indian government in terms of implementations?

♦ Is a comprehensive policy on cyber security emanating from the center, the need of the hour?

♦ It is the era of convergence and there are many devices accessing the networks of organizations. What are the risks associated with this and how do the governments deal with the same?

Information Security tips from Jay-Z and Kanye

Jay-Z and Kanye Show How to Prevent an Album Leak in the Digital Age (The Atlantic)

The measures employed to protect the release were a combination of physical and logical access control using tried and true methods (old-fashioned locked briefcases) as well as high tech, though inexpensive, biometrics.

More at Billboard.biz:
How Jay-Z and Kanye West Beat the Leakers With 'Watch the Throne'

To combat pre-release piracy, Kilhoffer, Grammy Award-winner for West's Graduation and John Legend's Get Lifted, claims that all sessions were saved offsite to hard drives in Goldstein's locked Pelican briefcase over the course of nine months. "Everywhere we went in hotels, we were locking hard drives and Noah took them with him," says Kilhoffer, who now travels with external memory units that can only be accessed by biometric fingerprints.

The technology, which Kilhoffer implements while traveling on West's current European tour, takes a live scan of one's finger to serve as key to access protected material. For less than $100, devices such as the Eikon Digital Privacy Manager and Zvetco Fingerprint Reader measure the finger's ridges and valleys with conductor plates, transmitting imprints through a USB cord to safeguard hard drive contents. While on the road, Kilhoffer and Dean are the sole gatekeepers to unlock the digital safes.