The NSA chilling effect is in full force, and you can probably guess where many companies are feeling too.

Then hidden problem facing IT security and why users expect magic.

Plus it’s a great batch of your questions, and our answers.

All that and more, on this week’s TechSNAP!

Thanks to:

— Show Notes: —

Companies start moving data and jobs to Canada to avoid the NSA

• “U.S. industry stands to lose billions as companies spooked by security leaks seek to store banks of personal data outside U.S.”
• “It’s also a question of perception. The Europeans want to say to their clients that their information is not in the United States even though it stays in North America.”
• Canada is also attractive due to the availability of skilled labour, the cooler climate (requiring less air conditioning) and cheap electricity
• Compared to moving data to Europe, the latency to Canada is much lower because of its proximity and diversity of fibre paths
• “No one will say which companies have decided to flee the U.S., but they are said to vary from European banking and insurance firms with operations in the U.S. to American oil and gas companies and retail outlets, according to Canadian industry representatives interviewed by the Star”
• Cisco has chosen Ontario as the destination of a $4 billion investment that will create 1700 engineering and tech jobs
• The 10 year deal will see more than half of the $4 billion spent on salaries
• The number of jobs could grow as high as 5000

• FreeNAS Mini on Amazon

Some speakers quit RSA conference and call for boycott

• After the revelation that RSA received $10 million from the NSA to make a flawed algorithm the default in their BSafe product, a number of speakers and panel participants have pulled our of the yearly conference run by RSA
• RSA denies it entered into a contract for the purpose of weaking its products
• RSA issued a warning against using the flawed algorithm in September when NIST issued a similar warning after the Snowden documents were leaked
• Researchers who have pulled out of the conference include:
• Mikko Hypponen – F-Secure’s Chief Researcher – Talk: Governments as Malware Authors
• Adam Langley – Google Security Expert
• Chris Palmer – Google Chrome security engineer
  • Christopher Soghoian – researcher with the American Civil Liberties Union
  • Marcia Hoffman – privacy attorney and former Electronic Frontier Foundation lawyer
    
  • Alex Fowler – Mozilla privacy and public policy expert
  • Josh Thomas – “Chief Breaking Officer” at security firm Atredis
  • Jeffrey Carr – Taia Global
• Taia Global is developing a product called Chimera, a commercial database of “rival state research and development projects” on the basis that knowing what the attackers are working on, lets you know which of your assets they may be out to steal
• “Organisers have said that next month’s conference in San Francisco will host 560 speakers, and that they expect more participants than the 24,000 who showed up last year”
• Additional Coverage

The hidden threat to network security? Management

• A survey and study by Stroz Friedberg called Information Security Risk in American Business was recently released
• The study shows much what you would expect, few people take security seriously, although everyone claims to care about it
• Most people expect the IT experts to somehow magically keep everything security, while end users go around sprinkling sensitive files all over the Internet and clicking the link in every spam email they get, and opening every attachment
• “Insiders are by far the biggest risk to the security of a company’s sensitive information, whether it’s a careless executive or a disgruntled employee”
• The horrible stats:
  • 87% of senior managers frequently or occasionally send work materials to a personal email or cloud account in order to work remotely
  • 58% of Senior management have accidentally sent sensitive information to the wrong person (compared to 25% of workers overall)
  • 51% of Senior management, and 37% of mid-level management have taken files with them after leave a job
    +45% of senior management say that C-level leadership are responsible for protecting companies against cyber-attacks
  • “Yet, 52% of this same group indicated they are falling down on the job, rating corporate America’s ability to respond to cyber-threats at a “C” grade or lower.”
  • Employees disagree, 54% say IT professionals should be responsible for cyber security
  • 73% of Employees fears their personal details such as Social Security numbers, birth date, banking information and home address could be stolen
  • “Only 35% of respondents reported receiving regular training and communications on mobile device security from their employers”
• “BYOD and the use of personal online accounts have become prevalent in American businesses, as workers use their personal smartphones, tablets, and preferred cloud providers to stay productive while at work and out of the office. This is opening the door for businesses to encounter new and emerging threats from hackers, malware, and viruses.”
• Full Study

Feedback:

• VPN’s: A developer’s nightmare
• FAQ – Microsoft’s PPTP Implementation
• Free and Open Source Support and FreeNAS Mirroring
• Nginx Client side SSL limiting
• Hows my SSL?
• Low-end server hardware prices

Round Up:

• Yahoo malware turned European computers into bitcoin slaves
• Humourous USENIX article about password security
• openSUSE forums defaced, emails leaked
• Poem about hacking the truth machine
• Zimbra 8 remote exploit
• How a simple screwup lead to a compromise and a $500 amazon bill
• Intel renames its ‘tainted’ McAfee brand to ‘Intel Security’
• Reading this May Harm Your Computer: The Psychology of Malware Warnings
• Not Cool: MPAA Joins The W3C
• OpenSSL site defaced – Official Statement
• The US Federal Election Commission is highly vulnerable to intrusions and data breaches
• Asprox botnet pushes KrebsOnSecurity themed malware