Cloud Services Breached, data stolen, at Epsilon

Article at http://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Highlights-Cloud-Computing-Security-Concerns-637161

This is why we are skeptical of buying “cloud” services — that is use of a file server — off site in some far eastern country. We have all been able to install our own file servers and web servers for years, and we feel that the risk of trusting an outside group to securely store our private company information is unreasonable for the purported business advantage. After all, an American computer consulting firm can be hired to install Linux and Apache for around $150/hour, and be done in maybe half a day. Individuals can be hired as 1099 contractors for a 3rd of that and mostly the same results — working Linux file server or web server, no license hassles, almost no virus problems.

Individuals supplying their own information on a at-risk foreign server is one thing — and consumers are foolish — but placing customer data or private corporate data “in the cloud” is just asking for Sarbanes-Oxley trouble.

I have found a way that DOES shut it all down, the criminals cannot get around it, and all it requires is the participation of you, the Fed Up Business user.

1. Install Google Chrome for your computer, or another web browser in which you can easily control which web sites are allowed to run javascript.

2. These next steps will turn javascript off by default. There is a really easy one-click way to turn it on for the sites you trust, which I will show you in a moment. Here is how you shut it off in Google Chrome: click the wrench in the upper right corner, then click Options. If you are using Linux click Preferences, Options is on Windows.

3. Click Under the Hood, then Content Settings, then Java Script, and finally check the radio button that says DO NOT ALLOW any site to run javascript. I’ll show you how to let sites you trust run javascript in a moment. Just click it.

Turn off Javascript as a default
Turn off Javascript as a default. Click the photo for a bigger picture.

 

4. Click the close buttons to return to browsing. Javascript will now be OFF unless you tell it otherwise.

The reason this works is that the scammers depend upon your browser trusting them to do anything they want on your computer. Their  link actually jumps off to another web site. This other web site runs javascript to sneak malware onto your computer with the infamous “drive by download”. Turning off javascript by default stops them.

NOW how do you enable javascript for sites you trust, for example your bank or FaceBook, that need it?  EASY. In the upper right corner of the URL box, next to the wrench and the star, a special symbol will appear for only web sites who need javascript when it is not turned on. Just Click It. On that web site, javascript will be allowed to work. On new web sites that you do not yet know if you trust, javascript will not work until you click the little icon.

Click the little icon to allow javascript
Click the little icon to allow javascript. Click the photo for a bigger picture.

 

This is a simple solution that every businessperson can use to protect her or himself from exploitation. This is also a good policy in general because many of the viruses and other malware planted on peoples’ computers must have javascript to be installed. By turning off javascript by default, you are protected. At least until you click the little button to turn it on.

So be sure, be cynical, and practice safe software.

 

One comment to this article