Cyber Security Today – Millions of files on Americans found open on Internet, and how to avoid juice-jacking

Millions of files on Americans found open on Internet, and how to avoid juice-jacking

Welcome to Cyber Security Today. It’s Monday January 13th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Employees at companies continue to be sloppy at protecting personal data. Here’s another example: Someone at Front Rush, a U.S. firm which provides management software for college athletics programs, left a server open to the Internet. That server had more than 700,000 files including athletes’ medical records, performance reports, drivers licences and other personal information. Often this is a configuration problem where the person creating a database or file forgets to check a setting, or an IT staffer doing maintenance or an upgrade does something wrong. Regardless, managers around the world aren’t doing enough to make sure this doesn’t happen in their organizations. This incident was originally reported by Vice.com.

Here’s a similar incident: According to The Register, a researcher found an open database with details on 56 million American residents including home addresses and phone numbers. The database appears to belong to a web site called CheckPeople.com, where, for a fee, you can look up peoples’ names and find addresses. Most of the information seems to be available from public sources. Still, why it was unprotected isn’t known. The server is in China. We don’t know if this was a database stolen from CheckPeople, or an employee put it there and misconfigured it. As of the recording of this podcast CheckPeople hadn’t responded to questions.

Misconfigured cloud storage is a big problem for companies. If your firm uses Amazon AWS for storage, there are tools like AWS Security Hub and the new Identity and Access Analyzer that help track down mistakes. If you use Microsoft Azure, there’s Azure Security Center. If your firm uses other cloud storage firms, find out what — if any — security tools they offer.

Let’s talk about juice-jacking. No, it’s not a way to steal fruit drinks. Juice-jacking is slang for delivering malware through infected public USB charging stations in airports, hotels and conferences. These stations are offered as a convenience for you to charge mobile devices. But if they’ve been compromised your smartphone, laptop or tablet will be too. That’s right, the power plug and charging cable can deliver malware. That’s they’re used for both delivering power and transferring data. Security researchers have demonstrated how it can be done. But how big a problem is it? We’re not sure, writer Mike Elgan says on IBM’s Security Intelligence blog. But it’s better to be safe by not using public charging stations. Nor should you charge your device through someone else’s computer. Instead, carry your own charging adapter and cable. If you buy a duplicate, make sure they’re from a packaged brand name and not from an open box of adapters and cables in a store beside the cash register. Worried about running out of power? Buy and carry a rechargeable USB mobile battery.

Finally, tomorrow is Microsoft’s monthly Patch Tuesday, when it will release security updates for Windows and other company software.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast