Tech Risk & Security

Reading of this weeks Economist on mandatory pension (page 63), quote below " Given the choice between $1000 in now and $1100 next year, an individual may well take the money at once ... ... Behavioral finance also shows the surprising extent to which people are swayed by the way that choices are framed. " Behavior economy is going mainstream. As a security professional, I usually encountered people (even myself) taking risks just because it is convenient! And security professional should make use of behavior to control IT related risks.

Today when I was using MS word to edit a document, I encountered an error which hangs my application. By forcing it to quit, Windows XP started Microsoft Online Crash Analsysis (OCA) and asked me to send an error report to Microsoft. OCA has been with us for sometimes and I usually clicked on “OK” with an urge to start working as soon as possible. However, today I looked into what was happening behind the simple click and found something unexpected. Opening 5MB file generated by OCA with a notepad, I was stunned to find my entire document appear in plain text (see the figure below). The error-reporting module actually transfers the document I am editing to Microsoft. Immediately, I checkout their privacy website to find out if is declared and it is (see the red circle). At this moment, a lot of questions pop up 1. Most importantly, are the document content necessary for the error investigations? 2. I believe with million of error reporting, Microsoft and their staff will not have the r

A highly contaminated network "About 6000 machines connected to the network... of these 1100 were infected...no less than 400 000 different species of your least favorite malware were identified! " A read of this Blog shows how immediate pleasure overshadowed the risk of virus infections. While firewall and patches will keep the computer safe, PC gamers who are afraid of speed deterioration let themselves open for real world attacks. The figure shows 18.3% of gaming PCs are vulnerable. With the ever-growing PC game industry, the family of Zombie machines is also growing. Again, IT security is more on human behavior than technology. My advice is to have the machine dual-boot, one for productive work and one for adventures. (A side question is do we need 2 OS licenses for a dual boot machine?)