Google Chromes cache makes data easy to steal – Is you credit or business at risk?

Google Chromes cache makes data easy to steal.

For those using the Google Chrome web browser, it is important to know that a critical privacy bug has been found in the browser software which has not yet been fixed by Google.

 

Specifically, Chrome routinely stores sensitive information, such as names, e-mails, contact information, and/or even credit card information which are typed by users into web forms at trusted websites. It appears that Chrome stores this information within the program in plain text which can be easily accessed by anyone with access to the user’s computer.

 

As such, until Google addresses this vulnerability, users should be extremely cautious in entering private data into websites using the Chrome browser if there is any chance that the user’s computers can be accessed by others. Furthermore, because the information is cached in the program without any encryption or any other security measures, any trojan horse or similar malware on a user’s computer could potentially access this information and forward it on to identity thieves.

While this clearly has serious potential repercussions for individuals using Chrome, the situation is even more serious for businesses, who could, as a result, be out of compliance with PCI-DSS security rules which are usually mandated by credit card processing companies, if the business wants to be able to accept payments by credit card.

As such, individuals and businesses alike need to take this vulnerability very seriously.

Advertisements

In Technology Wars, Using the Patent as a Sword – NYTimes.com

In Technology Wars, Using the Patent as a Sword – NYTimes.com.

In it’s seventh installment on the iEconomy, The New York Times focuses in on the dysfunction in the current patent system. The article uses as a graphic example of the carnage regularly be wrought on certain sectors of the innovation economy the cautionary tale of a small-sh technology company names Vlingo.

Vlingo was a voice-recognition software company which became embroiled in a patent infringement suit with a much larger rival, Nuance. Vlingo ultimately prevailed at trial, but the expenses were such that company was completely drained at the end of the litigation and ended up being acquired by Nuance (the result that Nuance apparently wanted all along).

The NYT article is a good read for a view of just how broken the current system is. The article is by no means perfect. (The Apple enthusiast site imore.com correctly takes the NYT article to task for almost loosing the point of the impact of the patent system on small, outsider innovation company in its examination of Apple’s role in the process.) Nevertheless, the article does get the essential point across: in the process of trying to encourage innovation through the protection of intellectual property, the current system is now subverting its own goals, by creating an environment in which only the massive players at the very top of the market can afford the huge costs of protecting intellectual property (and protecting themselves from attempts to use IP laws to crush competitors).

Although I spend a lot of time attempting to raise awareness of the problems with our current intellectual property laws, much of my writing leave unanswered the question of what, as a company attempting to navigate these complicated and sometimes treacherous waters, should I do. Outside of actively pressing for updates and reforms to our current laws, there are actually quite a number of things that innovation companies can and should be doing.

While these steps will (and need to be, given the complexity and length of the subject matter) discussed in detail in subsequent blog posts, the two most important steps companies can take are: (1) take affirmative steps to protect your intellectual property, (2) ensure that you have processes in place within your company (or through outside resources) to ensure that your products and services are not infringing on the intellectual property of others. Both of these are significant undertakings for an innovation company, particularly ones still in the early-growth phase. These, however, are critical business considerations and failure to incorporate them into a company’s business plan can have dire consequences. As such, planning and budgeting for these as an integral part of a business’ development is a critical risk-management step.

Strategic Considerations for Cloud Computing as Part of Corporate IT Infrastructure.

An interesting article on corporate IT strategy. Particularly when read in context with come of the comments and responses from the Author.
Clearly effective use of cloud computing resources by corporations requires some very careful thought (and re-examination of its IT risks).

Gigaom

Cloud computing changes everything, including corporate strategy as a practice. I have listed five reasons why, although I’m sure there are many more. Long story short: Corporate strategists need to get out of their 20th century mindset and into the 21st century.

1. Emergent strategy rules

For years, the practice of strategy has been about analyzing value chains, applying frameworks like Porter’s five forces or newer strategic-intent-driven ideas like Blue Ocean Strategy. The problem with those framework-driven ideas is they assume a very static, deterministic model of the world. They work when the variables required to solve a problem are already well known, few in number and change at a slow pace.

Cloud computing doesn’t operate in the intentional strategy space. There are a lot of unknowns, many of which can change rapidly. A small firm could develop something valuable very quickly, scale it to millions of users in a…

View original post 1,017 more words

3 reasons juries have no place in the patent system (or do they?) — Tech News and Analysis

3 reasons juries have no place in the patent system — Tech News and Analysis.

In this piece from GigaOm, columnist Jeff Roberts argues, in the wake of the verdict in the Apple vs. Samsung case, that juries should not be involved in the resolution of patent disputes. While Roberts does point out some of the issues that can potentially skew results in jury trials, I am dubious that this is really a valid “fix” to the increasingly clear problems with our current patent system.

His first two points about juries potentially being swayed by brand loyalty and/or “He’s a copy-cat!” are unfortunately just (or at least nearly) as true for judges as they are for juries. While judges are well trained in the law, that does not mean that they do come to cases with certain “biases” in place. (They are human, after all.) Nor are judges immune from falling victim to certain logical fallacies in their analysis of complex matters, including oversimplification of those complex matters to fit them into paradigms with which it is easier to grapple (i.e. “He’s a copy-cat!”). What’s more, both of these issues can cut either or both ways, in any given case. I am not sure that either of these issues necessarily favors plaintiffs vs. defendants in general. In many cases it comes down to the particular facts of that case and how effective the lawyers on each side are at telling a compelling and believable story to ties together the complexity of the case.

With respect to Roberts’ point about jury trials being more expensive than bench trial, this is undeniably true. There are more moving parts to a jury trial, and thus they are more expensive. The larger and more complex a trial is, however, the smaller the gap in complexity and expense between jury and bench trials. This gap can be huge in a small case, with a relatively small number of factual and legal issues to be decided and relatively small amounts of money at stake. The difference. in cases that are already highly complex, dealing with mountains of evidence ,and in which the stakes are very high, is, in terms of percentages of difference, relatively small. It is not the fact that each side in Apple vs. Samsung case might have saved a million dollars by having a non-jury trial that is so ridiculous. It is the fact that each side spend tens of millions of dollars on legal fees in the fight that is ridiculous.

Don’t get me wrong. The lawyers in this case worked hard (many, many late nights, missed children’s birthday parties and soccer games, etc.) and they undeniably fought hard and effectively (some more effectively than others) for their clients. They deserve their compensation for the hard work they did. The problem is a system which incentivizes the creation and hoarding of patents and the use of those patents to create an environment where companies seek to control markets through litigation. This is made worse by the fact that billions of dollars are spent each year in carrying out the strategy of market dominance through litigation, rather than spending that money on fresh R&D, charity, or other productive, positive pursuits.

Ultimately for our Intellectual Property schema to make sense in society as whole, as well as from an economic efficiency standpoint, it must balance a number of goals, including (but by no mean limited to): (1) incentivizing companies and individuals to innovate, (2) providing an avenue to grow and benefit the national economy, and (3) giving predictability and stability to industries so that it is reasonably possible to understand what is and is not protected intellectual property (anybody who tells you we are already there has never actually been involved in IP litigation).

The current system, by most objective analyses, is failing to a greater or lesser extent in each of these goals. Rationalizing out system of defining and protecting intellectual property will be no small task as there remain many fundamental disputes as how to accomplish such a reform (and, indeed, whether such reform is event truly needed.)

In the meantime, the IP landscape remains treacherous. Failing to protect one’s IP can tremendous costs, both actual and “opportunity” in nature. The process of defending that IP (and/re defending ones’ self from someone elses’) is complex, length, and expensive. Making ones way through the complexities of the technology economy is fraught with both great peril and great opportunity. And closely minding one’s IP “Ps and Qs” is a critical part of minimizing the perils and maximizing the opportunities.

The Problem with BYOD….

47% of BYOD employees don’t have passwords on their phone!
51% say their company doesn’t have the ability to remote wipe the BYOD!!
And 49% say their IT Departments never even talked to them about security on the device!!!
Survey says: FAIL!!!!

Cybercrime disclosures rare despite new SEC rule…. But lawmakers plan to change this!| law.com

Cybercrime disclosures rare despite new SEC rule.

In October of 2011, the Securities and Exchange Commission issued a non-mandatory guidance statement on cybersecurity and the reporting of security requirements. Despite this guidance, which was intended to clarify existing reporting requirements for publicly traded companies under Sarbanes-Oxley and other federal privacy laws and regulations, many companies are either not reporting cybersecurity breaches or are skirting the reporting requirements by making very general disclosures which appear designed to minimize or disguise the nature and severity such breaches.

In response to this dearth of meaningful reporting, the Chairman of the Senate Commerce, Scientce and Transportation Committee, Sen. Jay Rockefeller, is seeking to add provisions to cybersecutiy laws that would strengthen and clarify breach-reporting obligations.  Among the results of these changes would be a requirement that the SEC clarify when companies must disclose cyber breached and requiring companies  to spell out the steps they are taking to protect their computer systems from intrusions.

In the wake of such spectacular hacks as the breach of LinkedIn’s site and the repeated intrusions into Wyndam Hotel’s systems (for which the FTC is actively pursuing punitive enforcement against the company), it has become increasingly clear that cyber-crime is a real risk to businesses. In response to the damage that such intrusions does to both investors and end-customers, the government is clearly placing increased pressure on companies to step up and combat this economic threat through implementation of better preventative measures and by disclosing the existence of breaches after the fact, to ensure that system issues within companies’ security are not simply swept under the proverbial rug. Increasingly businesses must make protection of critical infrastructure and its data storage, handling, and destruction key elements in their business planning and implementation, rather than the afterthought if often seems to be.

We suck at security, study says [infographic] | VentureBeat

We suck at security, study says [infographic] | VentureBeat.

VentureBeat is featuring an article and accompanying inforgraphic that tells a truly frightening tale of just how much security exposure companies face on the IT front.

Based on a recent survey by the Ponemon Institute of more than 600 IT and security professionals, over 90% of them had experienced data leakage in the past 12 months. Yikes!

This, boy and girls, is not an area where there is “safety in numbers.” These are real sources of liability that can cost real (and significant) money. Repeat the mantra after me: policies, procedures, and practice. This is the was to risk management / risk avoidance nirvana!