No announcement yet.

Underestimated threats

  • Filter
  • Time
  • Show
Clear All
new posts

  • Underestimated threats

    Working on a presentation for a few events, all of which are to privacy policy people. They understand compliance, but not security, and certainly not the technical aspect.

    I'm trying to run through some of the things that are obvious threats to people like us but are often misunderstood or completely unknown to the general public.

    I've so far got:
    Dect Phones
    Metadata (FOCA)
    Wireless networks (Public hotspots)
    Photocopier and PDA storage recovery

    Any ideas on things you've run across that people are poorly informed about?
    Never drink anything larger than your head!

  • #2
    Re: Underestimated threats

    Proper disposal of used storage media.

    2.4ghz surveillance cameras.
    Last edited by streaker69; September 6, 2010, 13:29.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.


    • #3
      Re: Underestimated threats

      Liquids in containers larger than 3 ounces
      Laptop backpacks that defy x-ray machines forcing the removal of said laptops
      Explosive soles

      Won't someone think of the children?
      perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'


      • #4
        Re: Underestimated threats

        Consequences of uninvited guests in the building...


        • #5
          Re: Underestimated threats

          Waste disposal, specifically dumpsters that are either unlocked, or using the usual (read: shitty) locks found on them.

          Offsite accessing of company email over unknown, public, potentially hostile, etc. networks. (hard to enforce for obvious reasons, but still can become a viable threat).
          "You have cubed asscheeks?"... "Do you not?"


          • #6
            Re: Underestimated threats

            Company info in Google docs. Just because an employee has been terminated doesn't mean their access to the Gdoc was shut down.

            9 dollars and 40 cents? That's an outrage! If I were you I wouldn't pay it! - Groucho Marx


            • #7
              Re: Underestimated threats

              Companies stupid enough to allow use of Google Docs or other 'cloud' services. Especially those that don't do some due diligence in the first place. There's been a some stories about data center failures causing 'cloud disasters' of late that people may have noticed this one.

              Use of public email systems (AOL, GMail, Hotmail, Yahoo, etc.) for business correspondence info, since the answers to the 'security questions' for password reset are easy to guess or look up. Just ask Sarah Palin.
              "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird


              • #8
                Re: Underestimated threats

                Privacy, thats what people are unaware of, EVERYONE wants privacy yet they hop on the WORLD WIDE WEB where we are all connected, where no matter where you go, your ip is in someones log book. Your credit card is in some companies INET server, hopefully the company your buying from is the REAL company. Never use credit cards on the net. But DefCon knows this
                Your Life Is Your Crime, It's Punishment Time