Cloud Hosting

Millions of files on Americans found open on Internet, and how to avoid juice-jacking

Welcome to Cyber Security Today. Its Monday January 13th. Im Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.To hear the podcast click on the arrow below:

Employees at companies continue to be sloppy at protecting personal data. Heres another example: Someone at Front Rush, a U.S. firm which provides management software for college athletics programs, left a server open to the Internet. That server had more than 700,000 files including athletes medical records, performance reports, drivers licences and other personal information. Often this is a configuration problem where the person creating a database or file forgets to check a setting, or an IT staffer doing maintenance or an upgrade does something wrong. Regardless, managers around the world arent doing enough to make sure this doesnt happen in their organizations. This incident was originally reported by Vice.com.

Heres a similar incident: According to The Register, a researcher found an open database with details on 56 million American residents including home addresses and phone numbers. The database appears to belong to a web site called CheckPeople.com, where, for a fee, you can look up peoples names and find addresses. Most of the information seems to be available from public sources. Still, why it was unprotected isnt known. The server is in China. We dont know if this was a database stolen from CheckPeople, or an employee put it there and misconfigured it. As of the recording of this podcast CheckPeople hadnt responded to questions.

Misconfigured cloud storage is a big problem for companies. If your firm uses Amazon AWS for storage, there are tools like AWS Security Hub and the new Identity and Access Analyzer that help track down mistakes. If you use Microsoft Azure, theres Azure Security Center. If your firm uses other cloud storage firms, find out what if any security tools they offer.

Lets talk about juice-jacking. No, its not a way to steal fruit drinks. Juice-jacking is slang for delivering malware through infected public USB charging stations in airports, hotels and conferences. These stations are offered as a convenience for you to charge mobile devices. But if theyve been compromised your smartphone, laptop or tablet will be too. Thats right, the power plug and charging cable can deliver malware. Thats theyre used for both delivering power and transferring data. Security researchers have demonstrated how it can be done. But how big a problem is it? Were not sure, writer Mike Elgan says on IBMs Security Intelligence blog. But its better to be safe by not using public charging stations. Nor should you charge your device through someone elses computer. Instead, carry your own charging adapter and cable. If you buy a duplicate, make sure theyre from a packaged brand name and not from an open box of adapters and cables in a store beside the cash register. Worried about running out of power? Buy and carry a rechargeable USB mobile battery.

Finally, tomorrow is Microsofts monthly Patch Tuesday, when it will release security updates for Windows and other company software.

Thats it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. Thats where youll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. Im Howard Solomon

View original post here:
Cyber Security Today Millions of files on Americans found open on Internet, and how to avoid juice-jacking - IT World Canada