Instead of delivering tips for helping to improve security, let’s flip things on their head and look at some worst practices that trip up enterprise security personnel. By reviewing this list of things not to do, organisations can learn some important lessons from the failures of others. They suffered the pain, but we get the gain.
In this article, I’ve formulated several worst practices based on the common actions and beliefs of enterprise security personnel. I’ve seen the concept underlying each of these bad tips applied in real-world enterprises, causing a significant amount of grief. However, it’s important to note that there’s a grain of truth in each one of these issues. That’s what makes each one attract some adherents. To help make sense of it all, I will describe each worst practice, followed by the reality we face in securing our organisations.
Read the rest of this entry »

Facebook has millions of users throughout the world

Personal details of Facebook users could potentially be stolen, the BBC technology programme Click has found.

The popular social networking site allows users to add a variety of applications to their profile.

But a malicious program, masquerading as a harmless application, could potentially harvest personal data.

Facebook says users should exercise caution when adding applications. Any programs which violate their terms will be removed, the network said.

Stealing details

Read the rest of this entry »