Preparedness and being prepared mean different things to different people. To many people being prepared means having enough water and canned food, or power bars to get them through a couple of days. To others it means being ready to survive for a year or more on their own.
Apple has left an autofill bug in Safari unpatched that could potentially expose personal information you would never intend for anyone else to see.
Apples Autofill feature allows you to quickly fill out forms that you have previously entered, including credit card information and social security numbers.
A security expert has figured out a way of getting that information by tricking you to hit two keys: the "U" key and the "tab" keys. In theory you could place a hidden form behind a game on a web page that utilizes these keys and tricks you into filling out the form, and stealing your information.
Jeremiah Grossman discovered the bug and you can see a video of the flaw being demonstrated on his site under his entry: The Safari AutoFill Hack Lives!
Updated on Monday, September 27, 2010 at 7:18PM by
Keith Erwood
Many people (most security experts aside) who work with industrial SCADA (Supervisory Control and Data Acquisition) and PLC (Programmable Logic Controllers) systems have long considered these systems safe. In fact if you check the reference sources at the bottom, you will notice a recurring theme of, if you asked me if this was possible last week, I would have said no. I have personally had people tell me they are safe from these kinds of threats because they have multiple layers of firewall's and other "robust" cyber security in place. These people are wrong, and I hope this incident serves as a wakeup call to others who work with these systems everyday. Bottom line - All systems are vulnerable. A worm known as Stuxnet has infected systems from several countries including those of the United States, Indonesia, India, and Iran.
How up to date is your business when it comes to assessing your risk exposures, contingency planning, and overall risk management? Now, what would you say if I told you the SEC is requiring ALL publicly traded companies to have a written plan detailing the risks, and how they will respond to climate change?
Even though this occurred back in January of this year, I am finding very few people who have been aware of this new reporting and disclosure requirement.
The other day in my newsletter I mentioned that the SEC had issued interpretive guidance on disclosure related to business or legal developments regarding climate change. The response has been interesting, from laughter, and dismissal, to shock. Some people wondering just how they are supposed to measure the risk and others to say they have zero risks and exposures to it altogether.
Now, I am not currently buying into the man-made climate change side of the equation as I mentioned in the newsletter, and personally believe that these events are cyclical and natural. I also recognize that the issue is basically a political hot potato at the moment, and think most people here in the United States feel the same way I do. Though I admit I could be wrong.
The real story like I stated in my newsletter, is that history shows us that the climate will change, and the impacts of those changes can be dramatic, and have a negative impact on the business community. These impacts can occur whether the climate grows colder or hotter. So, even if it is not man-made, does it matter? The impacts will remain the same.
I am not going to add my assessments here as I did in the newsletter, but I did want to mention it here on Disaster Preparedness Blog for those that may not be aware of this, and provide you the links to the information from the SEC.
Here is a copy of the SEC Press Release on this ruling as well their Interpretive Guidance to the ruling at their respective links.
Specifically, the SEC's interpretative guidance highlights the following areas as examples of where climate change may trigger disclosure requirements:
Impact of Legislation and Regulation: When assessing potential disclosure obligations, a company should consider whether the impact of certain existing laws and regulations regarding climate change is material. In certain circumstances, a company should also evaluate the potential impact of pending legislation and regulation related to this topic.
Impact of International Accords: A company should consider, and disclose when material, the risks or effects on its business of international accords and treaties relating to climate change.
Indirect Consequences of Regulation or Business Trends: Legal, technological, political and scientific developments regarding climate change may create new opportunities or risks for companies. For instance, a company may face decreased demand for goods that produce significant greenhouse gas emissions or increased demand for goods that result in lower emissions than competing products. As such, a company should consider, for disclosure purposes, the actual or potential indirect consequences it may face due to climate change related regulatory or business trends.
Physical Impacts of Climate Change: Companies should also evaluate for disclosure purposes the actual and potential material impacts of environmental matters on their business.
No matter how you look at this issue, here is one other angle to consider. When looking at future risks, be certain to look at how possible future political and regulatory decisions might impact your business.
My name is Keith Erwood, and disasters are my life. Well, not just disasters really, but to help people like you, owners, executives and managers of businesses prepare for disasters and emergencies.
You can connect with me via social media sites at Facebook - LinkedIn - Twitter.
