Anthem breach: Vendors never let a good crisis go to waste

Given this week’s news of a potentially huge security breach at insurance provider Anthem, security vendors of all types are eager to give advice, and, oh, get their company names in front of affected consumers or (better yet) other big companies spooked by what happened to Anthem.

The [company]Anthem[/company] breach, in which hackers accessed names, addresses, birth dates, medical ID numbers and social security numbers of customers, could affect up to 80 million people.

So, what could Anthem do better going forward? According to what showed up in my inbox, it should apply file-level protection (Varonis), use fraud detection and behavioral analysis (NuData Security), apply cloud-based security (Zscalar) and speed up disclosure and response (Co3 Systems and Incident Response Management Systems). You get the picture.

Given that no one outside of Anthem, its vendors and maybe the hackers, actually knows what systems it had in place, it seems rather presumptuous for security vendors to insert themselves as would-be saviors, but such is the way of corporate PR.

And now for the real victims

So now that we know what security companies thinks other customer-facing vendors should do — which is basically, “buy our stuff” what about the  poor schlubs whose information was stolen? What are they supposed to do? Well there was the usual advice from the National Consumers League and others.

People should be more suspicious than usual of email from unknown people — bad guys use email to launch phishing attacks. Don’t open messages from anyone you don’t know; don’t click on links in email unless you’re sure where it will take you (hover over the link to see if the URL looks legit); don’t respond to odd email if you happen to open it. Stop reusing passwords across sites or, better yet, get a password manager. Use two-factor authentication. Yaddayaddayadda.

If you suspect credit card fraud, get your credit reports or credit score updates (Credit Karma is a good and free service), although, as NBC reported, the credit agencies will not catch medical identity theft. In that scenario, a person’s purloined medical ID number could be used at hospitals, ERs and pharmacies to get care and drugs, “racking up charges and wrecking victims’ medical records.”

The best way to detect medical ID theft is to scrupulously check your Explanation of Benefits documents each and every time. And make sure to shred all medical documents.

At this point, given all the breaches at Target, Home Depot, JPMorgan Chase and now Anthem, it’s probably safe to assume that some of your information is already “out there,” so do as much as you can yourself to protect your assets. No vendor is going to do it for you.

Web giants take on phishing in quest to make the Internet better

Companies such as Google, PayPal, Facebook and Microsoft have teamed up to create a standard to help boost email security. They are part of a working group to create the DMARC standard, which will help cut down on the number of phishing attacks.

Lookout: Safe browsing comes to Android

Lookout, a mobile security company, today added a new feature to its security software that protects web users from visiting malicious sites on their Google Android smartphones. As consumers turn to the mobile web and apps for services, the need for such protection may increase.

The Worm Has Turned: iPhone Exploit Gets Nasty

Last week the news about yet another non-belligerent iPhone worm did the rounds and people responded by saying things like “How silly jailbreaker’s are for not changing their SSH root passwords,” and “It’s only a matter of time until a worm appears that’s not so friendly…” OK, yes, geeky people said those things. Normals will likely never know that jailbreaking is something you can do to a phone.

Well, the predictions of gloom have proven true. Over the last few days, and reported by The Mac Observer, a new worm has been identified. This one, (so-far limited to iPhone owners in the Netherlands), takes advantage of the exact same SSH-exploit as the previous worm. Once on a user’s iPhone, it circumvents Mobile Safari’s anti-phishing technology to present a spoof of a popular banking website. Users are tricked into handing over their online banking authentication details. The worm spreads from iPhone to iPhone, but is limited to jailbroken handsets connected to the same Wi-Fi network. Read More about The Worm Has Turned: iPhone Exploit Gets Nasty

White-Label Video Shops, Compared

We promised once upon a time that we could compile a side-by-side comparison of all the white-label video platform providers. Well, somehow other fun things got in the way, and we never got around to it. But recently I found a market comparison of all the folks powering video management and delivery compiled by one such company, Endavo Media. We’ve never covered Endavo before but we connected on Twitter, where they’d posted a link to the comparison chart. As always, the company who created it comes off looking the best, but even so it’s nice to see quite so many of the players organized by feature sets in one place. (Update: Please see the excellent comments from competitors and customers correcting the chart.) Here’s the chart:

Update 2/19: Endavo apparently modified this chart from a Marketing Mechanics report without permission. Marketing Mechanics has provided us with an updated chart (please click through to download the PDF, as it’s way bigger than will fit on our page).

Endavo apparently has a complicated corporate history. As we’ve seen time and again, enterprise video was a Plan B (or C or D). From Endavo’s about page:

Endavo Media was originally founded and incorporated (CeriStar) in 1999 by a group of technology entrepreneurs led by former CEO of Iomega Corporation. In 2002, CeriStar acquired a non-operating public company and began operations as a public company in September 2002. The company changed its name to Endavo Media and Communications, Inc. in September 2004, to better reflect the company’s direction as a business. Funded through the public holding company through 2007, Endavo Media was sold to management by its parent company in early 2008 and is now a privately held company.

By the way, if you want to connect with NewTeeVee on Twitter, please do!