|
Ultrasaur Blog
Keeping track of exciting new threats to your digital records.
Archive for June, 2009
Saturday, June 27th, 2009
We normally focus on the bigger stuff, but fake expense receipts are a reminder that insider fraud does happen.
Some random thoughts on expense receipts:
- I’ve taken taxis for work where the driver offers to increase the receipt $10 or so, if I’d pay in cash.
- They offer perverse incentives, the bus system in Seattle is often easier than a taxi, but I could get a receipt for the taxi making it free (vs $2 to take the bus).
- When I lived in China, outside most subway stops were vendors selling taxi receipts. The idea again being that the subway was cheaper (and often faster), but you could still get reimbursed for a (more expensive) fictional taxi trip.
- The real cost is repeated over and over in the comments, if you need to ask for too much verification, you’re “making all trips cost an extra half day’s productivity for each traveler”
Tags: fraud, old timey ways, records
Posted in record falsification | No Comments »
Friday, June 19th, 2009
We don’t regularly follow physical security, but I enjoyed the article (thanks Bruce Schneier). It’s interesting to note that “high security” locks mean that they can stand up for 10 minutes — and according to Marc Weber Tobias, none last more than a few seconds reliably.
But the parallel that I find most interesting is how, as I’m prepping our next demo (where I hack a SharePoint server), is how little original work I had to do. Smarter people than me had already done the legwork, just like regular crooks who use Tobias’ work to bump the lock on your bike. You don’t have to protect your doors & servers against what you can do, but what the sum of the smartest hackers can do.
Side note, I want to buy this laptop just to have the big guy’s computer 
Tags: attacks, crime, stub
Posted in hackers | No Comments »
Friday, June 12th, 2009
I just got back from attending the Quantum Works Annual General Meeting in Toronto. Quantum Key Distribution (QKD) was a very hot topic and the focus of several presentations. QKD will likely be the first quantum computing technology to be applied in the real world.
There were presentations from Networks of Centers of Excellence and the Ontario Ministry of Research and Innovation, in which collaboration between research institutes and industry players was discussed.
Tags: cryptography, events, quantum computing
Posted in events | No Comments »
Thursday, June 11th, 2009
Not entirely counter-intuitive, but there’s a new study out showing that different industires suffer data breaches in different proportions (but still suffer them).
The Health Care and Social Assistance sector reported a larger than average proportion of lost and stolen computing hardware, but reported an unusually low proportion of compromised hosts. Educational Services reported a disproportionally large number of compromised hosts, while insider conduct and lost and stolen hardware were well below the proportion common to the set as a whole. Public Administration’s proportion of compromised host reports was below average, but their proportion of processing errors was well above the norm. The Finance and Insurance sector experienced the smallest overall proportion of processing errors, but the highest proportion of insider misconduct. Other sectors showed no statistically significant difference from the average, either due to a true lack of variance, or due to an insignificant number of samples for the statistical tests being used.
Source: Interhack (Full study as a PDF)
Tags: attacks, fraud, hacking, statistics
Posted in hackers | No Comments »
Monday, June 8th, 2009
Dave’s looking into improving our notifications by integrating our alerts with PagerDuty. With any luck it should pretty much work out of the box, and we’ll be peppering them with feature requests any day now.
Tags: features, partners
Posted in development | No Comments »
Monday, June 8th, 2009
We’re using the fantastic kNeu icon set in the application, and we’ve expanded on a couple of them. In the spirit of the original set, these are also available under the GPL:
 
(more…)
Tags: gpl, stub
Posted in Uncategorized | No Comments »
Sunday, June 7th, 2009
Dave and I presented at StartupCamp 6, going over the scenario where a system administrator goes rogue and alters files undetectably — and how our system detects them.
The questions & comments were good. Thanks to everyone who came out.
Also presenting were (in no particular order):
- Pager Duty from Toronto, who specialize in managing notifications. We were so impressed that we’re looking into integrating their product with ours.
- NeverBored Studios with a cool iPhone game.
- Kaimera Media with a video kiosk (burn a CD with video from an event while you wait).
- ThinkPanda and Primal Fusion both tackled the problem of information management with Primal Fusion being the larger and more polished.
- Giftah an online marketplace for buying and selling gift cards.
Tags: events, startups, waterloo
Posted in events | 1 Comment »
|
|