Have you heard that lately? I haven’t. However, I expect to hear it each and every day the news covers yet another web security snafu, I would now immediately direct the questioner to Cryptocat, a new web-based chat tool that encrypts all communications to the point of being transparent to potential snoopers.

Not only does Cryptocat have an awesome 8-bit theme compete with feline (which you’ll see reflected in the following video), but runs on the browser of your iPhone or Android-powered mobile device and it’s completely free.

Enjoy this video to learn more.

Top Image (CC) jimkillock

It may get easier to go through security in U.S. airports this fall. According to the U.S. Travel Association, the TSA will launch a trial trusted traveler program for some passengers. 

Once a voluntary background check is passed, customers would be able to go through security with their shoes on and their laptops safely tucked in bags. It's like a dream come true.  

“We are extremely pleased to hear Administrator Pistole plans to implement a trial trusted traveler program as early as this fall,” said Roger Dow, president and CEO of the U.S. Travel Association. “U.S. travelers will greatly appreciate TSA’s responsiveness on this issue.”

I like Dow's optimism; however, how security theater plays out these days, I'm taking a wait-and-see approach before patting the TSA's back.

There's an interesting piece on The Faster Times website about journalist Peter Bergen.

"Peter Bergen was one of the first to regularly and consistently say that the best track to bin Laden would be through couriers, and my gut hunch is that the focus that the Obama/Donilon/Panetta team put on the Osama hunt followed the Bergen groove perhaps more earnestly than those that preceded it..." Steve Clemons wrote.

You may recall that Bergen was one of our speakers at last year's WEC in Vancouver. Just another example of the quality speakers we line up for our attendees year after year. 

Below is Bergen speaking to us about transportation security. 

The hotel industry has been in hot water recently over credit card security, and three of the industry's largest associations are not taking the issue lightly. The group has issued a joint statement regarding organized cyber crime attacks on credit card data. It identifies actions that hotels—not their system vendors—need to take immediately in order to minimize vulnerabilities and avoid the potential for hundreds of thousands of dollars in costs and fines that typically result when just a single hotel system is breached. The recommendations:

• Eliminate every default password on every machine on your network be it server, workstation, router, firewall or any other device that has a password. The most important machines to check are the ones you think are not vulnerable, such as a PC on an engineer's desk for monitoring building systems, or the PC in the parking garage attendant's office or the one in a closet running your keycard system. To do this right, have your IT department or network consultants map out your network electronically. They can identify every attached device and then physically try to log into each one using the manufacturer's default login credentials (easily obtainable via an Internet search). If that login and password work, change them. In 53 percent of newsworthy attacks investigated by forensics firm Verizon Business in 2009,thieves gained entry to the network by using the word "password" as the password. Don't make it this easy for them.
• Eliminate holes in remote access to systems inside your network. Remote access by vendors is an essential part of support for many hotel systems. The data thieves know this, and they know how to use it to get inside your network. They know all the default passwords, and they have even been known to steal master customer lists, complete with current passwords from vendors. At the very least, make sure that the administrative and remote-access passwords on all your systems have been changed. Better still, for each vendor that needs remote access, put in place a process that ensures that each time s/he connects, you know that it is really that person (not someone who has stolen a password lists). While there are many good technology solutions, you can also institute a manual policy of issuing one-time passwords that are changed after each use. If vendors want to connect, have your staff call them back on their regular support lines with the password. Give the list of passwords only to trusted staff, and store them under lock and key with instructions for changing them. Change the password as soon as the vendor is done. 
• If you store stacks of money in plain sight in an exit stairwell, you might expect to be robbed. Operating without an Internet firewall is just as risky. Yet many hotels, especially smaller ones, don't have a firewall. If you are connected to the Internet without one, then people you don't know, from around the world and many with malicious intent, can reach into your network. A recent University of Maryland study counted more than 2,200 attacks on an average Internet-connected computer every day—one every 39 seconds. If that computer is in your hotel, and if the intent is to steal credit card data, they will probably succeed. If you don't have a firewall, buy one and install it. Even a consumer-grade firewall, available for US$100 or less, provides a lot more protection than nothing. Get a firewall and configure it properly to prevent criminals from reaching your machines easily. It should allow only those types of traffic you need, and only to or from Internet addresses that you trust.