Information Security Blog

Stealing Mac OS X

Several years ago I witnessed what was, at the time, possibly an ingenious method of theft. I was in a retail store that sold Apple products. A gentleman wearing iPod headphones was in the area, and appeared to be listening to some music while using one of the display computers to surf the web. It turns out, the music he was bobbing his head to existed only in his head, because he had configured his iPod to act as an external hard drive, and a FireWire cable was snaked out of his pocket and into the computer he was using. One of the joys of using Apple’s OS X operating system (installing software by simply dragging the icon into the Applications folder) also makes it very easy to steal from (drag that icon from the Applications folder onto an external hard drive). By the time I located a store employee to point out what was going on, the guy had finished his business and moved on. I believe he got away with a copy of Microsoft Office (or about $300, from the retailer’s point of view).

I was recently reminded of this when I attended a convention. A video game publisher had set up in the expo hall, and had PCs available for attendees to try out their latest, as-yet-unpublished game. One attendee thought so highly of the new game that he plugged a USB drive into the PC he was using and attempted to copy it so that he could continue to play on his own time. Unlike the gentleman in the previous story, this one did not make off with his ill-gotten goods, and ended up in the custody of the local police. If nobody had noticed what he was doing, that game probably would have been available on a peer-to-peer network by that evening. I don’t know how to predict the cost of something like that, but I suspect I’m not out of line if I say, “A lot.”

If you are a software publisher, it makes sense that you’d want to allow some level of “try before you buy” to your potential customers. Retail locations and conventions/trade shows are natural places to allow your target audience an opportunity to experience your product in its fullest form. What controls do you have in place to protect your product from the very public you want to interact with it?

Free Download: A Best Practices Guide to Database Security

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Download: Information Security Attestation Guide

A Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

Free Whitepaper: Stop Wasting Money on Penetration Testing

Penetration Testing is most frequently performed to:

Substantiate the net effectiveness of a mature control environment
Prove to a third party that an environment is secure/trustworthy
Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
To validate that significant changes did not have unanticipated results

Is ISO 27001 Right for (Y)our Organization?

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

How to deal with increasing threats
How to manage multiple regulatory requirements
How to handle client requests for attestation
To validate that significant changes did not have unanticipated results

Best Practices for Firing A Network Security Administrator

Want to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.