Trust is Everything.

We spend so much time working toward a goal, delivering on an expectation, that it becomes business as usual. People trust me to do my job, I trust others to do theirs. Together we make great teams, great divisions, and a great company for our customers.

In the last two weeks, two major companies have lost my trust. One, Anthem, an insurance company, that had 80M customer medical records stolen and the other Lenovo, a computer manufacture, that installed software on their consumer laptops and desktops that intercepted TLS/SSL encrypted traffic using a self signed encryption certificate and embedded it into the operating system.

I trusted these companies like I know my company’s customers trust us. How can we prevent becoming the next untrustworthy company?

For Anthem, the problem was not following the basics of data security. Encrypt your data at rest, in flight, and protect your keys at all cost. Restrict data access to only those who need it – and ONLY the data they need. What a logistics nightmare to coordinate that among the entire company’s applications – but not as bad as the nightmare they’re living with now.

Regardless if you store your data in a colocation with insane physical and electronic boarder security or your own onsite datacenter with James Bond proof security – thieves don’t have to get out of their underwear to make off with a billion dollars with of data.Screenshot 2015-02-21 20.25.54

Lenovo had a simple task of maintaining their tradition of building computers that people want. Someone made the decision to install some extra software (presumably for profit) on their consumer computers that gathers “We thought [Superfish] would enhance the shopping experience…“. I call bullshit – the software was harvesting their customers data by decrypting encrypted browser traffic using a “Man in the Middle” attack. Lenovo decided to make an extra dollar and deceive their customers into thinking the lock on their browser actually meant they were secure. It took five months for the word to get out on the Lenovo malware, but in the week it hit the media – I’ve read about it everywhere. I’m watching LNVGY to see what happens when the stock holders finally figure out what this means.

It means companies large and small that buy one or thousands of their products in bulk may begin to question the integrity of Lenovo. If they installed privacy busting malware into their consumer goods – what kind of nefarious tricks were in the latest ThinkPad or X laptop in my business? Is my CIO’s bank account going to be hacked, company secrets leaked to a Lenovo partner in China, or my laptop used as a portal for Chinese hackers to run rampant in my network? A secret decryption chip and hook into the network hardware to leak secrets back to home base? Sure, it’s far fetched… or is it? Stranger things have been dreamed up.

Anyone can prevent these – stand up and say something. Call out bad ideas for what they are. Identify security risks when you see them. These are what makes great people, great. They take on the challenge  instead of letting the big sleeping dragons sleep. Eventually they’ll wake up, on their own or with the help of someone, and lay waste to your kingdom.

You might be interested in …

openSUSE, says me.

Uncategorized

openSUSE has become my Linux distro of the day. It seems to run very well out of the box on my ThinkPad R52. Although I had the best luck using the DVD form of distribution because it included the firmware for my Intel Pro 2915abg wireless card. The CDs will require you to install it […]

Read More

VMware Visio Stencils

Uncategorized

After dredging around looking for Visio Stencils I found the official post, then a broken link, and then finally a working link from Technodrone website. The files themselves are hosted on mediasite which is a pretty obnoxious with pop-ups and seizure inducing ads. Well, I’m reposting them here for an easy download: VMware-Stencil1-vSphere.zip VMware-Stencil2-vSphere.zip

Read More

Verizon Stores open for iPhone comparison shoppers.

Uncategorized

In a Verizon Wireless press release yesterday, Verizon will be keeping its stores open until 9pm to show customers their multimedia phones and the functionality they gain when connected to a faster network. This blogger is an Apple fan, but knows that if you base a device on network applications for customization – you better […]

Read More
%d bloggers like this: