Security Awareness is really important to me. I believe that creative and long lasting reminders, slogans, and images can really do a lot to help reduce IT security threats. The goal is to keep these ideas and concepts fresh in people’s minds. They may not really understand what the slogan means, but they will be more conscious of what they are doing.

I created this poster for a Security Awareness Competition sponsored by Educase (contest info and past winners). The target placement was for university computer labs, in order to remind users to stay safe on the Internet. One of the big issues in user-space security right now is Phishing and Identity Theft. I decided to tackle this topic in a simple to digest format.

Note: This article is about VMWARE Server version 1, this may not apply to version 2 or later.

A few weeks ago, I was working with some VMs, when all of a sudden my menus (File, Edit, etc.) and the toolbar disappeared. At first I thought I had somehow corrupted my system or something since I did not disable these menus on purpose. The only way to get them back was to go full screen and move my mouse to the top of the screen. I searched through all the options menus and did some Googling, but came up clueless. Until I went to close the VMWARE console from the taskbar, and I noticed an extra option for “show controls”. Low and behold, I was able to bring back all my menus. Looking at this “feature” now, it seems like a pretty good idea once you have your VM up and running; however, this is a horrible place to put the setting. It does not appear in any settings or configuration anywhere else. Also, I was unable to really troubleshoot this because I never refer to the toolbar and menus as the “controls”. Normally, I am working in VM with a much lower resolution than my host PC so I don’t care about the few saved pixels, but you may find it useful. The main reason I am writing this article is so you are aware and don’t freak out if you accidentally click on it (there are other programs which stupidly put controls in the taskbar or title bar…never do this if you are writing a program, its evil). Also, hopefully if this happens to someone else Google will point them here. This is however, a documented feature in VMware.  

This is a brief presentation which gives some background and examples on AP takeover attacks. There is a full academic report which I will post up soon and cross link as soon as possible.

The following is a mock memo to the CEO of a credit card company. This letter provides a high level overview of the Red Flags rule (see references for background information) and is meant to gain executive management's support in implementing the regulated requirements for complaince with the FACT 2003 Law.

Identity Theft and Compliance with Red Flags Rule Requirements

This memo addresses concerns and requirements related to the Red Flags Rule, which is a component of the “Fair and Accurate Credit Transactions Act of 2003” (FACT 2003). As a creditor organization, we are required to meet certain requirements outlined in sections 114 and elsewhere in the FACT 2003 law. In order to comply with this rule we are required to implement a set of policies and procedures in order to prevent, detect, and mitigate identity theft and data breaches related to our customers’ private and personal information. The FTC originally set a deadline for compliance of November 1, 2008; however, this date has been extended to May 1, 2009. Therefore, it is crucial that we rapidly develop and implement our identity theft prevent program before this date.