The enterprise social networking platform, Jive (jiveon.com) used an exit-link tracking mechanism for all external links. The links through this exit mechanism were not validated. An attacker could leverage the trust in a Jive based social network to perform spear-phishing against community users. This issue was reported to Jive at has been remediated with an optional configuration setting as of the time of publication. Remediation requires action by the Jive instance administrator.Security » #Jive #Vulnerability Report #open redirect
Eric Goldman is a security professional with experience in the banking and manufacturing sectors. His primary interest is in security policy, compliance, and human factors. His research focuses on how IT teams can improve security and move towards a proactive security mindset. His research has been showcased in academic journals as well as professional journals. Eric also authors and contributes to security/software projects to help end users make informed decisions and protect their identity and security.
Organizations are increasingly investing in encryption capabilities. One form of encryption that is seeing increased deployment is end-user managed encryption; however, such deployments present many challenges for the enterprise. Such tools typically lack centralized management and control capabilities, either forcing or allowing users to make security decisions on their own. This makes monitoring and enforcement of proper usage difficult and leaves doubts over whether users are using encryption properly, if at all. In addition, monitoring and data loss prevention tools are often rendered mute because most solutions lack escrow and security infrastructure integration. In this article we will discuss some of the challenges and risks in deploying end-user managed encryption and will also evaluate alternative centralized solutions and their benefits.Security » #encryption #human factors #zip #siem #journal article
Social networks and similar service providers must take proactive actions to protect their users from fraud attempts and account abuse perpetrated by friends and family members. With easy physical access and intimate knowledge, these threat actors can impact not just the victim, but other users and the overall quality and reputation of your service. While service providers cannot force technical controls, such as screen saver passwords, on their users, they can adopt techniques and strategies to reduce their potential exposure and to help their users to take proactive measures to protect themselves and practice good security hygiene.Security » #fraud #social media #accounts #password management #redaction #journal article