The Alabama Department of Public Health faces data breach

July 4th, 2014 by admin No comments »
Seal of the Alabama Department of Public Healt...

The Alabama Department of Public Health faces data breach

The Alabama Department of Public Health (ADPH) has send out breach notices for more than 500 patients. According to the reports, the affected includes patients treated at one of Alabama’s 65 county health departments. Patient’s personal information and identities were compromised due to this incident.

Data compromised includes clients’ names, dates of birth, and Social Security numbers from ADPH, as well as several other entities. Privacy Officer Samarria Dunson, “[w]e believe now that it is possible they may have been former employees, but we are still participating in the investigation. It would be particular records that were printed out by individuals.”

ADPH released a statement saying it was informed on June 5, 2014 that the U.S. Attorney’s Office for the Middle District of Alabama and the U.S. Department of Justice’s Tax Division that they were prosecuting a case of theft involving personal information.

“We believe now that it is possible they may have been former employees, but we are still participating in the investigation,” Alabama Department of Public Health Privacy Officer Samarria Dunson.

“It would be particular records that were printed out by individuals,” Dunson said.

Dunson says victims range in age, but most were young adults.

“They were born mostly in the year of 1996 which would make then 18 now. Unfortunately that seems to be a group of people that these type of criminals really go after maybe because they are not filing tax returns right now or really keeping up with their credit score,” Dunson said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Child Vaccination records stolen

July 2nd, 2014 by admin No comments »

Cryptographically secure pseudorandom number g...

The San Antonio Metropolitan Health District recently suffered data breach when laptop containing information was stolen.

The San Antonio Metropolitan Health District recently suffered data breach when laptop containing information was stolen. According to reports, number of child patients stands at 300 whose vaccination information was present on the laptop. Information on the laptop included patients’ last names, dates of birth, doctor identifier and immunization names.

“Metro Health takes the privacy of individual health information seriously and is reviewing all practices and policies associated with the handling and transport of protected health information,” a spokeswoman said to woai.com.  “While the likelihood of harm from this breach is minimal, those affected by this theft are being individually notified and advised to monitor their health insurance statements closely for any unusual activity.”

Metro Health’s site fails to explain the laptop location at the time of the theft. Also it has been come to the notice that laptop which contained vaccination records from the Vaccines for Children program, has not been recovered.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Neurodiagnostics centre notifies patients of data breach

June 29th, 2014 by admin No comments »
English: Icon from Nuvola icon theme for KDE 3...

Neurodiagnostics centre notifies patients of data breach

Colorado Neurodiagnostics of Littleton, Colo. has notified an unknown number of patients after data breach. According to the reports, laptop was stolen from the office which contained Protected Health Information (PHI).  The information which was comprised includes patient names, dates of birth and clinical information but there were no Social Security numbers or financial data.

It was also noticed that laptop was password protected but the status of encryption was not known. The theft was reported to the Littleton Police and the federal Office for Civil Rights. Colorado Neurodiagnostics is offering affected patients identity protection services. Also, patients are also encouraged to closely monitor financial accounts and, if there is any suspicious activity

According to the organization, they will use security cameras and boost security training among employees. Furthermore to boost the security they should verify the status of encryption software on laptop.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

NRAD suffered PHI data breach

June 27th, 2014 by admin No comments »
Desk full of laptop computers

NRAD suffered PHI data breach

NRAD medical associates situated in Garden City, New York suffered data breach due to unauthorized access of the data by one of its employee. NRAD has informed around 97,000 patients which were affected by this breach. According to the reports, internal employee accessed protected health information (PHI) and patient billing data back in April 2014. Information included date of birth, address, Social Security number, and health insurance information.

The employee working as radiologist was able to pass IT security safeguards in place and accessed information. NRAD said that it “immediately enhanced security measures” and doesn’t believe any of the compromised data was used maliciously. “We believe there is very low risk from this event and the data breach has been contained. We have no evidence that any customer financial or credit card information was involved,” the organization said, according to the report. They do not indicate when the breach occurred or how it was discovered.

In response to the discovery, NRAD “immediately implemented enhanced security measures,” and recommended that patients contact one of the three major credit bureaus to place a fraud alert on credit reports. In the FAQ, they state that the radiologist is “no longer employed at the practice and his misconduct was reported to the appropriate authorities and government agencies for investigation.” The breach was also reported to HHS.

According to the NRAD:

In terms of the scope of the breach, NRAD reports that it affects approximately 97,000 current and former patients, which they state is approximately 12% of the more than 800,000 patients they have treated over the past 20 years. It was not clear from their letter whether all 800,000 current and former patients’ information was still in their billing system (and if so, why).

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Tools for Compliance management which can boost security

June 24th, 2014 by admin No comments »
English: A candidate icon for Portal:Computer ...

Tools for Compliance management which can boost security

HIPAA has certain set of rules when it comes for compliance management. Compliance requirements are many times seen as an unnecessary burden but if proper procedures are followed then it can protect your organization even from data breach. Moreover it can also protect you from lawsuits to corporate espionage. The risk associated with compliance failures can include financial impact or fines, data loss, lost business or even a suspension of operations.

Below is the list of compliance management tools -

  • www.glpi-project.org: A free, open source tool, GLPI offers IT and asset management capabilities. After all, a good inventory is the first step in seeing what needs to be secured.
  • www.ptatechnologies.com: A free toolset that is driven by the methodology of effectively managing operational and infosec risks in complex systems using calculative threat analysis and threat modeling.
  • www.somap.org: The ORICO Framework and Tool are two projects in one, offering risk management and the toolset to build a reference implementation of a security framework.
  • sourceforge.net/projects/assetmng: An open source IT asset management system that provides identification, valuation and risk assessments.
  • http://openfisma.org : An open source framework that is designed to reduce the complexity and automate the regulatory requirements of the Federal Information Security Management Act (FISMA) and the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).

IT managers may need to build their own solutions and integrate off-the-shelf products with other solutions. Luckily for those choosing a path of self-development, several free tools can become part of an integrated solution.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

7 common myths about data encryption

August 16th, 2012 by admin No comments »

“IT professionals, at the enterprise level, frequently turn to encryption for protecting data,” read the report. “Although encryption is a proven technology that delivers strong, effective data security, common myths and misconceptions about it persist, even among some people who are generally knowledgeable about computers. All too often, the myths surrounding encryption are based on misunderstanding of the technology or outdated concepts.”

The report outlines and debunks seven common myths about data encryption & computer security.

English: A candidate icon for Portal:Computer ...

English: A candidate icon for Portal:Computer security (Photo credit: Wikipedia)

1. Passwords protect laptops. Although it may seem like a username and password is enough to protect your laptop, read the report, this practice is “woefully inadequate” if your laptop is lost or stolen. In fact, those with little experience can remove the hard drive from a laptop and access data contents from another system. “A variety of common hacking tools can make short work of the username and password combinations that normally protect a laptop during login,” read the report. Relying on password protection alone for casual computer use works for some, but for enterprise applications, passwords alone are “weak and unacceptable, nor are they a suitable method for meeting regulatory requirements.”

2. Data encryption slows performance and lowers productivity. Historically, data encryption did slow down less-powerful computer processors. “To many users, this seemed like an unacceptable trade-off to pay for the benefits of data security,” according to the report. “It also established data encryption in many peoples’ minds as a technology that caused poor performance.” However, encryption operations that were once performed in software, read the report, are carried out more efficiently in processor hardware, and as a result, most users on modern systems don’t even notice when the encryption is taking place. “Although mobile computing devices – such as tablets, laptops and smart phones – don’t have the same processing capacities as desktop machines, typically, even their processors can efficiently handle encryption fairly transparently.”

3. Deploying data encryption solutions can be a challenge. For organizations with thousands of employees, data encryption solutions without a single point-of-control can be a challenge to plan, deploy, implement and maintain. But, well-designed solutions offer aspects, like a management console, to alleviate some of the headaches. “This ensures consistency in maintaining the highest standard to meet corporate and regulatory policies,” read the report. “It also eases the IT burden, particularly in comparison with solutions that require several components.” Other aspects of data encryptions solutions that have made their implementation easier include their level of transparency, their impact on IT operations, and the changes required of certain processes.

4. Enterprise encryption solutions are too expensive. Although a laptop costs as little as $300 these days, the financial repercussions if the laptop is breached can easily dwarf the expense, the report shows. According to a Ponemon Institute study, which surveyed 329 private and public sector organizations in the U.S., the use of encryption data can save organizations, on average, $20,000 per laptop, if sensitive data happens to be breached. “Companies evaluating the costs of data encryption solutions should factor in the true cost, rather than simply the relatively trivial cost of the hardware itself,” it read.

5. OS-based encryption protection is sufficient for enterprises. Encryption capabilities available through operating systems do offer some degree of protection against breaches, read the report, but these solutions lack the manageability and the cross-platform support that characterize serious enterprise solutions. “For complying with regulatory mandates, data security solutions that let administrators centrally manage the key operations, determine the data content to encrypt, and ensure that corporate policies and practices are being followed, offer a more effective approach,” the report read. “When a centralized management approach is applied, the level of data security rises, since the likelihood of sensitive files remaining encrypted diminishes.”

6. There is no compelling reason to encrypt data. According to the report, protection of assets, which is the primary reason for encrypting data, encompasses two major concerns that are fundamental to organizations of any size and include meeting the local, state, and federal regulations, as well as preventing unauthorized individuals from gaining access to PHI. “When implemented properly, encryption of sensitive data can satisfy the requirements of most laws and mandates,” the report read. “Data encryption backed by a solution that ensures organization-wide compliance serves these goals very effectively.”

Security

Security (Photo credit: jan.gosmann)

7. IT departments have no practical way to protect mobile devices. With the rising popularity of mobile devices comes a new imperative for data protection, according to the report. “Incorporating mobile devices, as well as equipment that run diverse operating systems, can be an IT nightmare, unless a solution accommodates all types of computing devices in a uniform, consistent, manageable way,” it read. Since employees use mobile devices running on different platforms, it’s important for devices to be integrated into the infrastructure and data security strategy. “A mechanism for protecting mobile devices should be an integral part of any serious data security solution,” it added. “Modern solutions allow you to monitor the data security status of all devices used by a user, irrespective of the form factor or operating system used, within a single administration console.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Why Use Encryption?

August 4th, 2012 by admin No comments »

People often complain that using encryption in email is too much work. Sometimes, it can be fraught with difficulty for the encryption novice. Managing public and private keys can be confusing at first, and getting someone at the other end to use encryption as well can sometimes be a challenge. Worse yet, it can be difficult to maintain an encryption key “identity” properly once you’ve gotten everything set up — as things stand, good encryption practice is not a “fire-and-forget” proposition where you can just go through the hassle of setup once and be done with it.

English: Icon from Nuvola icon theme for KDE 3...

English: Icon from Nuvola icon theme for KDE 3.x.

It requires maintenance.

Sure, it’s easier to just skip the encryption. While we are sufficiently motivated to set up encryption keys for ourself and maintain the attendant identity, we sometimes find the persistent encryption identity maintenance downright annoying. We understand the desire to forget about it, and just ignore good encryption practice altogether. There’s just one problem with that attitude: it’s stupid.

Encryption is your last defense against malicious security crackers violating your privacy. When all other means of protecting the data on your computer prove fruitless, encryption is the last barrier against your most sensitive data being accessible to people who simply should not have it.

When you’re communicating with someone else over the Internet, encryption is also your first line of defense. Authenticating on the SMTP server that handles your outgoing mail should only be done via an encrypted connection (and no SMTP server should operate without some attempt to authenticate users), so that a malicious security cracker “listening in” will not be able to pluck your username and password out of plain text communication. The same is true of receiving emails, and authorization on your POP or IMAP server for incoming mail should be encrypted as well. The importance of SSL/TLS encryption (usually marked by the https: //URI scheme) for accessing any website — like a Webmail server — that requires authentication and provides access to sensitive data.

Sometimes, more than simply the authentication should be encrypted, however. If you are discussing private matters, and sharing sensitive data — such as passwords, trade secrets, social security numbers, home addresses and telephone numbers, the schools your children attend, or any of a number of other pieces of information that might be abused — you don’t want outsiders being able to “listen in” on that either. Encrypted connections with your mail servers protect only the leg of the journey between you and the server on your end, even if the encryption protects the entire session rather than just authorization. Even if both of you use encrypted sessions on your respective mail servers, you still have to consider the problems of the other third of the journey, between the sender’s SMTP server and the receiver’s POP or IMAP server.

An often overlooked weak point in the security of data over an email’s journey is the actual mail server itself. Even if two mail servers somehow negotiated a secure, encrypted connection through which plain text emails could be passed without fear of being intercepted and read along the way, the mail servers themselves are probably not impervious to eavesdropping. How do you know, when you’re sending an email, that they have not been compromised by some malicious security cracker that will search through emails for sensitive data? Are you maintaining the server yourself, or is it maintained by your IT department’s netadmins, your ISP, or someone else entirely that may not have your best interests at heart? Too often, people assume that the servers that manage their daily communications are free of any suspicion without even knowing the names of anyone that actually has daily, unfettered access to those servers for maintenance purposes. Are you willing to bet your security on the assumption that people you’ve never met — never even heard of — are trustworthy?

There are two defenses against all these hazards along the way:

  1. Email encryption
  2. Email avoidance

When communicating about sensitive subjects, you can either encrypt your email or simply not send it. Anything else is not secure. You may make the argument that nothing is ever truly secure, and there’s some truth in that statement, but there are degrees of relative security — and security that is unlikely to be broken within this century at current levels of encryption cracking technology is far better than “security” that amounts to doing the next best thing to tracking down a malicious security cracker and handing over all your secrets yourself.

Keep in mind that any other form of long-distance communications may be subject to eavesdropping as well, particularly when you aren’t using encryption. The dangers are significantly different in many cases, such as when using a telephone, and the solutions to the problems those dangers pose are very different as well. Those dangers exist, nonetheless — so choosing to discuss something over your cell phone without encryption just because you don’t trust email without encryption doesn’t necessarily make you more secure. All that changes is the threat landscape.

Telephone Encryption

Telephone Encryption (Photo credit: Ryan Somma)

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Benefits of Encryption

August 8th, 2012 by admin No comments »

Why is encryption of your computer important?  There are several compelling reasons that encryption should be considered an essential requirement in today’s data sensitive business climate:

Native encryption

Native encryption (Photo credit: Wikipedia)


Peace of mind

Should your computer get lost or stolen, you will have the peace of mind knowing that your data is totally secure and unreadable and protected against unauthorized access.

Identity Theft Prevention
Identity theft remains one of the highest priorities for fraudsters today.  Encrypting your computer ensures that your identity is protected in the event that it is lost or stolen.  The 2003 survey from the Identity Theft Resource Center found that:

Only 15% of victims find out about the theft through proactive action taken by a business

The average time spent by victims resolving the problem is about 330 hours

73% of respondents indicated the crime involved the thief acquiring a credit card

The emotional impact is similar to that of victims of violent crimes
Safe Decommissioning of Computer
When the computer reaches its end of life or is replaces, it will either be disposed of or repurposed.

When this happens, unless specific action is taken, your data is usually retrievable from these decommissioned computers, even if the hard disk has been reformatted and restored to factory defaults!  However, when you decommission an encrypted computer, you automatically have this base covered, as encrypted data is undistinguishable from random data, simply reformatting (blanking) or reinstalling windows on the computer will ensure the previous data is totally unrecoverable from the surface of the disk!

Unauthorized Access Protection

Basic decryption mix net

Basic decryption mix net (Photo credit: Wikipedia)

Keep your data confidential and away from prying eyes while the computer is still within your ownership – the pre-boot password authentication that whole disk encryption provides is the most robust method known of protecting your data from unauthorized access. Computer protection is very important.

Compliance with Data Protection Acts
using whole disk encryption is recommended by the Data Protection Commissioner and shows that you have taken action to be compliant with the Data Protection Acts 1988 and 2003 in Ireland.  For more detailed, see our article the on Data Protection Act Compliance.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Types of Encryption

August 12th, 2012 by admin No comments »

Encryption is a process that takes information and transcribes it into a different form that is unable to read by anyone who does not have the encryption code. Depending on the type of encryption, information can be displayed as various numbers, letters, or symbols. Those who work in cryptography fields make it their job to encrypt information or to break codes to receive encrypted information.

English: A candidate icon for Portal:Computer ...

English: A candidate icon for Portal:Computer security (Photo credit: Wikipedia)

Manual Encryption

Manual encryption is a type that involves the use of encryption software. These are computer programs that encrypt various bits of information digitally. Manual encryption involves the user’s participation completely. The files he wants to encrypt are chosen, and then an encryption type is chosen from a list that the security system provides. This is great for personal computers because it allows a user to encrypt personal files in a way that will suit him, thus protecting personal material on a computer.

Transparent Encryption

Transparent encryption is another type of computer software encryption. It can be downloaded onto a computer to encrypt everything automatically. This is one of the most secure types of encryption available because it doesn’t leave out anything that might be forgotten when using manual encryption. Every executable application and file created in the computer has an encrypted copy that can withstand power surges and protects information in case a computer is stolen.

Symmetric Encryption

Not all encryption is done via a computer software program. You can easily encrypt information by yourself. One of the simplest ways to do this is through symmetric encryption. Here, a letter or number coincides with another letter or number in the encryption code. You can make the code up yourself–for example, a=1, b=2 and so on. You can take any written text and substitute letters and numbers for their coded counterpart, thus encrypting the text.

Asymmetric Encryption

Asymmetric encryption is a secure and easy way that can be used to encrypt data that you will be receiving. It is generally done electronically. A public key is given out to whomever you want or posted somewhere for the public to see. They can then encrypt information using the key and send it to you. This is often done when writing emails. However, to decipher the encrypted code, there is another key, a private one, that only one person has. This means that while any can encrypt the data with the public key, it can only be read again by whomever the private key has.

Email Encryption

NEW LAPTOP
Laptop

As mentioned, email encryption typically uses asymmetrical encryption methods. This entails that emails that are received cannot be read by others, such as hackers who may be trying to get into an email inbox. There are two types of encryption methods used with email. The first is when a central station, such as an email provider, has the sole decision in who gets the private key to the email. This is usually given only to the user of an email address. The second type gives the user control over who gets the key. This means they can allow others to read encrypted emails with the private key they are given.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

How Does Password Encryption Work?

August 14th, 2012 by admin No comments »

What is encryption?

Encryption is the process of securing information by transforming it with an algorithm into a form that can only be readily translated by those that know the algorithm used to make it. A simple encryption might use an algorithm which replaces a certain letter with another letter every time it appears. Encryption is used to privatize information by turning records of the information into a jumble of nonsensical characters. Encryption has historically been used in government correspondence, especially in the military, but since the convention of the computer and the internet, encryption has become an important part of securing vital information such as passwords and preventing identity theft.

Computer password encryption

Password Strength

Password Strength (Photo credit: wmharshana)

When someone uses a password on a computer, the password goes through an encryption process that changes the characters used into a string of characters that is usually much longer than the password itself and will appear to be completely random. Most password encryptions work as a one way check for password validity: the algorithm used always transforms a given password into the same string of characters. When a password is entered, it is run though the algorithm, and the encrypted string of characters produces is compared to the encrypted password that is stored, and if they match, the password is accepted. Good encryptions will transform a given password into a character string that is nothing like the string produced by the same password when a typo is made.

Password and encryption strength

Password encryption is a necessary security measure to protect sensitive information, but even the best encryption systems are not perfect. Weak encryptions that use simple algorithms produce character strings that can be attacked directly. Stronger encryptions can still be cracked through volume or brute force attacks where each possible password is tested. Preventing access to the encrypted password is the only way to ensure it the encryption itself cannot be attacked, but still, passwords may be vulnerable to guessing strategies. People often use parts of real words in passwords, or use words or numbers that are of familiarity and importance to us. This makes passwords easier to remember, but also much easier to crack. Using the same password for many different programs and internet sites is also common for ease of use, but again, this makes passwords more vulnerable. For maximum protection, using a different string of random characters for each password is best.

Remembering passwords

Remembering passwords (Photo credit: hardeep.singh)

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Stolen Laptop Leads to Data Breach

August 17th, 2012 by admin No comments »
MSI laptop computer

MSI laptop computer (Photo credit: Wikipedia)

A laptop stolen from the locked car of an Apria Healthcare employee has exposed the protected health information (PHI) of as many as 11,000 patients. The healthcare company provides home infusion, respiratory, and medical equipment in all 50 states in more than 500 locations.

According to a company press release, the theft occurred on June 14, 2012, in Phoenix, Arizona; however, its ramifications could extend to California, New Mexico, and Nevada because of the laptop’s use in billing services. A report in the Arizona Daily Star has noted that 4,178 of the approximate 11,000 patients affected reside in Arizona. The California-based company immediately notified local law enforcement and began its own internal investigations, which revealed that PHI included Social Security numbers and names. Potentially, it also comprises dates of birth and other personal information.

In Apria’s official announcement, the company’s Associate General Counsel and Privacy Officer Doreen Bellucci revealed that the company will review its security measures. This includes encryption of  laptops and other internal privacy safeguards, she told that Arizona news outlet. Apria will supply affected patients with a year’s worth of credit monitoring.

This latest incident is troubling for two reasons: first, the lack of physical safeguards; second, the lack of technical safeguards. While locks and alarms will only slow down rather than deter a dedicated thief, they don’t make up for the sheer negligence of exposing such valuable piece of hardware to prying eyes and wandering hands. Moreover, the lack of encryption smacks of a blatant disregard for the trust patients put into providers regarding their personal and financial information.

At the very least, an entity covered under the Health Insurance Portability and Accountability Act (HIPAA) needs to put administrative safeguards in place to analyze the risks associated with PHI. It should include the education of staff to ensure that all members are aware of an organization’s safeguards.

It’s not unlikely that an employee working at multiple locations should need to carry a laptop between worksites. However, this practice should carry with it special procedures and protocols to ensure that PHI in physical transit is not unnecessarily exposed to a health data breach. Hopefully, fewer covered entities will avoid doing the bare minimum to safeguard patient information.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Major companies still vulnerable to online data theft.

August 22nd, 2012 by admin No comments »

Despite well-publicized data­ thefts in recent years, major US companies are as vulnerable as ever to hacker attacks, and many executives say their businesses lack the resources to protect themselves, according to a report from the Waltham-based computer security company CounterTack Inc.

Notable data breaches

Current Computer Setup

Current Computer Setup (Photo credit: Ronald Heft)

CounterTack commissioned a survey of 100 information security executives at companies with revenues greater than $100 million and found that half had dealt with computer network attacks during the previous 12 months.

A third of those executives doubted their organizations could fend off future attacks, and 84 percent said their companies were vulnerable to “advanced persistent attacks” — highly aggressive assaults launched by major criminal organizations and foreign governments, such as the 2011 attack­ on the Bedford data security company RSA Security.

That incident compromised the company’s popular SecurID data protection technology and led to follow-up attacks­ against major US defense contractors who relied on RSA’s network security products.

CounterTack chairman William Fallon, a retired four-star admiral who headed the US military’s Central Command, said that advanced persistent threats are the most dangerous because they are carried out by highly skilled criminals or spies with ample resources and plenty of time.

“This is not some simple kid playing with a computer to cause you some heartburn,” said Fallon. “This is very sophisticated­ penetration by people who are well trained. They know what they’re doing.”

Fending off advanced persistent threats requires a big investment of time and expertise, but according to the survey, 44 percent of security executives said they lack the resources to fight such attacks.

Fallon’s company makes a product that allows network operators to keep intruders under surveillance as they probe a company’s network, and possibly limit any damage the intruder might do.

“The best thing you can do is to have intelligence,” said Fallon, “not just spending all your money throwing up walls, which is not going to work.”

Mike Tuchen, chief executive of the Boston data security company Rapid7 LLC, said that if anything, the CounterTack survey understates the vulnerability of corporate networks. Still, the danger of advanced persistent threats may be somewhat overstated, he said, because most companies aren’t likely targets for such intensive hacking. The information stored by most businesses, though valuable, probably wouldn’t be worth an all-out hacking campaign of the kind that compromised RSA Security, he said.

“Targeted attacks are really going against companies that are strategic targets” like major banks, said Tuchen, because “that’s where the money is.”

Defense contractors or companies that operate critical infrastructure, like electric utilities, would also be likely targets for attacks from hostile foreign governments, he added.

Still, every company is at risk from less-advanced online criminals, Tuchen said. Virtually every company network is breached sooner or later, he said, and many companies do not detect breaches for months or even years.

“The question isn’t will I get compromised,” Tuchen said, “but how quickly will I discover it when I am.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

The 15 worst data security breaches of the 21st Century

August 25th, 2012 by admin No comments »

Data security breaches happen daily in too many places at once to keep count. But what constitutes a huge breach versus a small one? For some perspective, we take a look at 15 of the biggest incidents in recent memory.

English: A candidate icon for Portal:Computer ...

English: A candidate icon for Portal:Computer security (Photo credit: Wikipedia)

1. Heartland Payment Systems

Date: March 2008

Impact: 134 million credit cards exposed through SQL injection to install spyware on Heartland’s data systems.

A federal grand jury indicted Albert Gonzalez and two unnamed Russian accomplices in 2009. Gonzalez, a Cuban-American, was alleged to have masterminded the international operation that stole the credit and debit cards. In March 2010 he was sentenced to 20 years in federal prison. The vulnerability to SQL injection was well understood and security analysts had warned retailers about it for several years. Yet, the continuing vulnerability of many Web-facing applications made SQL injection the most common form of attack against Web sites at the time.

2. TJX Companies Inc.

Date: December 2006

Impact: 94 million credit cards exposed.

There are conflicting accounts about how this happened. One supposes that a group of hackers took advantage of a weak data encryption system and stole credit card data during a wireless transfer between two Marshall’s stores in Miami, Fla. The other has them breaking into the TJX network through in-store kiosks that allowed people to apply for jobs electronically. According to KNOS Project cofounder and chief architect Kevin McAleavey, this was possible because TJX’s network wasn’t protected by any firewalls. Albert Gonzalez, hacking legend and ringleader of the Heartland breach, was convicted and sentenced to 40 years in prison, while 11 others were arrested.

3. Epsilon

Date: March 2011

Impact: Exposed names and e-mails of millions of customers stored in more than 108 retail stores plus several huge financial firms like CitiGroup Inc. and the non-profit educational organization, College Board.

The source of the breach is still undetermined, but tech experts say it could lead to numerous phishing scams and countless identity theft claims. There are different views on how damaging the Epsilon breach was. Bruce Schneier, chief security technology officer at BT and a prolific author, wrote in a blog post at the time that, “Yes, millions of names and e-mail addresses (and) other customer information might have been stolen. Yes, this personal information could be used to create more personalized and better-targeted phishing attacks. So what? These sorts of breaches happen all the time, and even more personal information is stolen.” Still, Kevin McAleavey of the KNOS Project says the breach is being estimated as a $4 billion dollar loss. Since Epsilon has a client list of more than 2,200 global brands and handles more than 40 billion e-mails annually, he says it could be, “the biggest, if not the most expensive, security breach of all-time.”

4. RSA Security

Date: March 2011

Impact: Possibly 40 million employee records stolen.

The impact of the cyber attack that stole information on the company’s SecurID authentication tokens is still being debated. The company said two separate hacker groups worked in collaboration with a foreign government to launch a series of spear phishing attacks against RSA employees, posing as people the employees trusted, to penetrate the company’s network. EMC reported last July that it had spent at least $66 million on remediation. But according to RSA executives, no customers’ networks were breached. John Linkous, vice president, chief security and compliance officer of eIQnetworks, Inc. doesn’t buy it. “RSA didn’t help the matter by initially being vague about both the attack vector, and (more importantly) the data that was stolen,” he says. “It was only a matter of time before subsequent attacks on Lockheed-Martin, L3, and others occurred, all of which are believed to be partially enabled by the RSA breach.” Beyond that, Linkous says, is the psychological damage. “The breach of RSA was utterly massive not only from a potential tactical damage perspective, but also in terms of the abject fear that it drove into every CIO who lost the warm-and-fuzzy feeling that the integrity of his or her enterprise authentication model was intact. Among the lessons, he says, are that even good security companies like RSA are not immune to being hacked. Finally, “human beings are, indeed, the weakest link in the chain,” Linkous says.

5. Stuxnet

Date: Sometime in 2010, but origins date to 2007

Impact: Meant to attack Iran’s nuclear power program, but will also serve as a template for real-world intrusion and service disruption of power grids, water supplies or public transportation systems.

The immediate effects of Stuxnet were minimal — at least in this country — but eIQnetworks’ John Linkous ranks it among the top large-scale breaches because, “it was the first that bridged the virtual and real worlds. When a piece of code can have a tangible effect on a nation, city or person, then we’ve truly arrived in a strange, new world,” he says. Linkous says Stuxnet is proof that nation-states, “are definitely actors — both attackers and victims — in the cyberwarfare game.” He adds that the more that electro-mechanical industrial and energy systems migrate to larger networks — particularly the Internet — “the more we’re going to see these real-world intrusions.”

6. Department of Veterans Affairs

Date: May 2006

Impact: An unencrypted national database with names, Social Security numbers, dates of births, and some disability ratings for 26.5 million veterans, active-duty military personnel and spouses was stolen.

The breach pointed once again to the human element being the weakest link in the security chain. The database was on a laptop and external hard drive that were both stolen in a burglary from a VA analyst’s Maryland home. The analyst reported the May 3, 2006 theft to the police immediately, but Veterans Affairs Secretary R. James Nicholson was not told of it until May 16. Nicholson informed the FBI the next day, but the VA issued no public statement until May 22. An unknown person returned the stolen items June 29, 2006. The VA estimated it would cost $100 million to $500 million to prevent and cover possible losses from the theft.

7. Sony’s PlayStation Network

Date: April 20, 2011

Impact: 77 million PlayStation Network accounts hacked; Sony is said to have lost millions while the site was down for a month.

This is viewed as the worst gaming community data breach of all-time. Of more than 77 million accounts affected, 12 million had unencrypted credit card numbers. According to Sony it still has not found the source of the hack. Whoever they are gained access to full names, passwords, e-mails, home addresses, purchase history, credit card numbers, and PSN/Qriocity logins and passwords. “It’s enough to make every good security person wonder, ‘If this is what it’s like at Sony, what’s it like at every other multi-national company that’s sitting on millions of user data records?’” says eIQnetworks’ John Linkous. He says it should remind those in IT security to identify and apply security controls consistently across their organizations. For customers, “Be careful whom you give your data to. It may not be worth the price to get access to online games or other virtual assets.”

8. ESTsoft

Date: July-August 2011

Impact: The personal information of 35 million South Koreans was exposed after hackers breached the security of a popular software provider.

It is called South Korea’s biggest theft of information in history, affecting a majority of the population. South Korean news outlets reported that attackers with Chinese IP addresses uploaded malware to a server used to update ESTsoft’s ALZip compression application. Attackers were able to steal the names, user IDs, hashed passwords, birthdates, genders, telephone numbers, and street and email addresses contained in a database connected to the same network. ESTsoft CEO Kim Jang-joon issued an apology and promised to, “strengthen the security system of our programs.”

9. Gawker Media

Date: December 2010

Impact: Compromised e-mail addresses and passwords of about 1.3 million commenters on popular blogs like Lifehacker, Gizmodo, and Jezebel, plus the theft of the source code for Gawker’s custom-built content management system.

Online forums and blogs are among the most popular targets of hackers. A group calling itself Gnosis claimed responsibility for the attack, saying it had been launched because of Gawker’s “outright arrogance” toward the hacker community. “They’re rarely secured to the same level as large, commercial websites,” says the KNOS Project’s Kevin McAleavey, who adds that the main problem was that Gawker stored passwords in a format that was very easy for hackers to understand. “Some users used the same passwords for email and Twitter, and it was only a matter of hours before hackers had hijacked their accounts and begun using them to send spam,” says McAleavey.

10. Google/other Silicon Valley companies

Date: Mid-2009

Impact: Stolen intellectual property.

In an act of industrial espionage, the Chinese government launched a massive and unprecedented attack on Google, Yahoo, and dozens of other Silicon Valley companies. The Chinese hackers exploited a weakness in an old version of Internet Explorer to gain access to Google’s internal network. It was first announced that China was trying to gather information on Chinese human rights activists. It’s not known exactly what data was stolen from the American companies, but Google admitted that some of its intellectual property had been stolen and that it would soon cease operations in China. For users, the urgent message is that those who haven’t recently updated their web browser should do so immediately.

11. VeriSign

Date: Throughout 2010

Impact: Undisclosed information stolen.

Security experts are unanimous in saying that the most troubling thing about the VeriSign breach, or breaches, in which hackers gained access to privileged systems and information, is the way the company handled it — poorly. VeriSign never announced the attacks. The incidents did not become public until 2011, through a new SEC-mandated filing. “How many times were they breached?” asks eIQnetworks’ John Linkous. “What attack vectors were used? The short answer is: we don’t know. And the response to that is simply: we should.” “Nearly everyone will be hacked eventually,” says Jon Callas, CTO for Entrust, in a post earlier this month on Help Net Security. “The measure of a company is how they respond.” VeriSign said no critical systems such as the DNS servers or the certificate servers were compromised, but did say that, “access was gained to information on a small portion of our computers and servers.” It has yet to report what the information stolen was and what impact it could have on the company or its customers. Linkous says the company’s “failure to disclose until legally required to do so is going to haunt VeriSign for some time.”

12. CardSystems Solutions

Date: June 2005

Impact: 40 million credit card accounts exposed. CSS, one of the top payment processors for Visa, MasterCard, American Express is ultimately forced into acquisition.

Hackers broke into CardSystems’ database using an SQL Trojan attack, which inserted code into the database via the browser page every four days, placing data into a zip file and sending it back through an FTP. Since the company never encrypted users’ personal information, hackers gained access to names, accounts numbers, and verification codes to more than 40 million card holders. Visa spokeswoman Rosetta Jones told Wired News at the time that CSS received an audit certification in June 2004 that it was compliant with data storage standards, but an assessment after the breach showed it was not compliant. “Had they been following the rules and requirements, they would not have been compromised,” Jones said. The company was acquired by Pay-by-touch at the end of 2005.

13. AOL

Date: August 6, 2006

Impact: Data on more than 20 million web inquiries, from more than 650,000 users, including shopping and banking data were posted publicly on a web site.

In January 2007, Business 2.0 Magazine ranked the release of the search data in among the “101 Dumbest Moments in Business.” Michael Arrington, a lawyer and founder of the blog site TechCrunch, posted a comment on his blog saying, “The utter stupidity of this is staggering.” AOL Research, headed by Dr. Abdur Chowdhury, released a compressed text file on one of its websites containing 20 million search keywords for more than 650,000 users over a three-month period. While it was intended for research purposes, it was mistakenly posted publicly. AOL pulled the file from public access by the next day, but not before it had been mirrored and distributed on the Internet. AOL itself did not identify users, but personally identifiable information was present in many of the queries, and as AOL attributed the queries to particular user accounts, identified numerically, an individual could be identified and matched to their account and search history by such information. The breach led to the resignation of AOL’s CTO, Maureen Govern, on Aug. 21, 2006.

14. Monster.com

Date: August 2007

Impact: Confidential information of 1.3 million job seekers stolen and used in a phishing scam.

Hackers broke into the U.S. online recruitment site’s password-protected resume library using credentials that Monster Worldwide Inc. said were stolen from its clients. Reuters reported that the attack was launched using two servers at a Web-hosting company in Ukraine and a group of personal computers that the hackers controlled after infecting them with a malicious software program. The company said the information stolen was limited to names, addresses, phone numbers and e-mail addresses, and no other details, including bank account numbers, were uploaded. But one problem was that Monster learned of the breach on Aug. 17, but didn’t go public with it for five days. Another, reported by Symantec, was that the hackers sent out scam e-mails seeking personal financial data, including bank account numbers. They also asked users to click on links that could infect their PCs with malicious software. Once that information was stolen, hackers e-mailed the victims claiming to have infected their computers with a virus and threatening to delete files unless the victims met payment demands.

15. Fidelity National Information Services

Date: July 2007

Impact: An employee of FIS subsidiary Certegy Check Services stole 3.2 million customer records including credit card, banking and personal information.

Network World reported that the theft was discovered in May 2007, and that a database administrator named William Sullivan, said to own a company called S&S Computer Services in Largo, Fla., had been fired. But the theft was not disclosed until July. Sullivan allegedly sold the data for an undisclosed amount to a data broker, who in turn sold it to various marketing firms. A class action lawsuit was filed against FIS and one of its subsidiaries, charging the companies with negligence in connection with the data breach. Sullivan agreed to plead guilty to federal fraud charges and was sentenced to four years and nine months in prison and ordered to pay a $3.2 million fine. On July 7, 2008, a class-action settlement entitled each person whose financial information was stolen to up to $20,000 for unreimbursed identity theft losses.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Hackers leak information stolen from over 100 sites

August 27th, 2012 by admin No comments »

Hacker collective Team GhostShell has posted on Saturday on their Twitter account links to a massive leak that supposedly includes over one million of user record sets stolen from around 100 website across the globe.

computer security

computer security (Photo credit: justonlysteve)

Working with two other groups, MidasBank and OphiusLab, the hackers purportedly breached “WallStreet, CIA Services, MIT, Consulting Firms, Political Advisors, Security Companies, Corporations, Weapon’s Dealers, Laboratories, Internet Hosting Services, Academics, Banks, Police Departments, Aviation, The Navy, Stocks Exchange, Bonds Exchange, Markets, Emirates Organizations, Various Businesses, Hedge Funds, Estate Agencies, Public Affairs, Robotics” in what they say is the team’s “final form of protest this summer against the banks, politicians and for all the fallen hackers this year.”

The records contain usernames, real names, email addresses, passwords, and more.

According to the group’s statement, they are also offering access points to other hacker crews, and they include:

1. Six billion databases from a Chinese mainframe full of Chinese & Japanese technology. It’s very possible that it has from other countries as well; we haven’t checked them all for obvious reasons.
2. Over 105 billion databases to a US stock exchange mainframe/s. It’s very possible that the actual number is over 1 trillion, I wasn’t prepared the first time and it gave me a memory error after 105 when it tried to add another digit. This job will require you to have at least 1TB available.
3. Access-points to 3-4 different servers belonging to the Department of Homeland Security. The sensitive information isn’t that great but it may be good for street credit
Whether the leaked information has really been extracted from the stated companies remains to be seen. According to Softpedia, who checked some of the leaked login credentials, they seem to be legitimate.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Build a better & more secure password

August 28th, 2012 by admin No comments »

If you think that “Qwerty” or “1234567″ are fabulous passwords then that would be a mistake, but still if you do, this infographic was created just for you and the rest of the 79% of people who use “risky password construction practices.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Facebook cracks down fake “Likes”

September 3rd, 2012 by admin No comments »

Facebook Inc is weeding out fake “Likes” on its social network that are being caused by spammers, malware and black marketers as it strives to maintain credibility as an advertising platform.

Facebook said the number of Likes, or endorsements by users, on corporate pages is likely to drop by less than 1 percent, on

Image representing Facebook as depicted in Cru...

Image via CrunchBase

average, after the crackdown.

“Newly improved automated efforts will remove those Likes gained by malware, compromised accounts, deceived users, or purchased bulk Likes,” Facebook said in a post on its official blog on Friday.

“While we have always had dedicated protections against each of these threats on Facebook, these improved systems have been specifically configured to identify and take action against suspicious Likes,” the post continued.

Thanks to a growing black market, companies can instantly raise their profile on Facebook by purchasing thousands of Likes at a time – a practice that is forbidden by the No. 1 social network, which has 955 million users.

Many of these Likes come from bogus Facebook user accounts rather than genuine users of the social network.

Meanwhile, various spam-like programs on Facebook deceive users into unwittingly liking something when they perform another action, such as clicking to watch a video.

Facebook said the cleanup will benefit both users and companies that maintain pages on the network, by giving a more accurate measurement of fan count and demographics.

Ensuring the integrity of Likes is serious business for Facebook, which depends on advertising revenue from large brands and other businesses. Many of the ad campaigns that companies conduct on Facebook are designed to garner Likes – a sign that their marketing message has resonated with consumers.

The problem is not unique to Facebook, say analysts, who note that Twitter and Google Inc also grapple with fake accounts, spam and other techniques to game the service.

But for Facebook, the pressure to show that activity on its social network is genuine has grown as concerns have mounted on Wall Street about the company’s long-term profit potential.

Shares of Facebook set a new low on Friday, falling as much as 5.3 percent to $18.08, after brokerages cut their price targets on the stock. Facebook has lost more than 50 percent of its market value since its initial public offering in May.

Facebook estimates that 1.5 percent of its users are “undesirable” accounts set up for purposes that violate its terms of service, according to its most recent 10-Q regulatory filing.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

12 million Apple user IDs compromised

September 5th, 2012 by admin 3 comments »

Twelve million unique Apple iPhone IDs have been stolen, a million of them have been released onto the Internet and hacker group Anonymous claims that the FBI has a copy of everyone’s Apple ID.

For its part, the FBI is disclaiming any responsibility, although it hasn’t yet explained what the IDs where doing on one of its notebooks in the first place. And all this at about the same time that Apple finally announced the launch date for the iPhone 5.

Image representing Apple as depicted in CrunchBase

Image via CrunchBase

In a Facebook post, Wiki Leaks (of which Grok is an unashamed fan and tiny financial contributor) says Anonymous (for who Grok also shares a guilty respect) claims that all Apple iPhone IDs are held by the FBI. (Actually we doubt that bit — no government enterprise is that efficient).

“During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of ‘NCFTA_iOS_devices_intel.csv’ turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zip codes, cell phone numbers, addresses, etc. The personal details fields referring to people appear many times empty leaving the whole list incomplete on many parts. No other file on the same folder makes mention about this list or its purpose.”

Before we all get too paranoid, Techcrunch tips a little bit of cold water onto the fire. “For starters, there’s no proof at this time that the leak came from the FBI, that personally identifiable info was also involved, that there are actually 11 million other records sitting in a spreadsheet somewhere, or that this is not the case of older data leak being re-released for any other reason than to simply stir the pot. Those are just Antisec’s claims. The data is being examined now by a number of industry and security experts, though, so we should eventually know whether we can rule out any other known leaks as the source.”

In a later post, Techcrunch also reported the FBI’s denials that there is any evidence the data came from one of its laptops. “The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed,” reads the statement. “At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”

As the story pointed out, the FBI’s position is something of a non-denial-denial. For those of you who still hold with the quaint notion that privacy is protectable on the Web, Mashable provides some guidance on how to check if your ID was one of those compromised. It outlines how to collect your UDID and then directs you to a website called Last Pass which has already created a tool to let you check.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Hackers from China target defense data, human rights groups

September 7th, 2012 by admin No comments »

BOSTON: The hacker group that attacked Google in 2009 has launched hundreds of other cyber assaults since then, focusing on US defense companies and human rights groups, according to new research from security software maker Symantec.

Google said in January 2010 that it and more than 20 other companies were the victims of a sophisticated cyber attack – later dubbed Operation Aurora – from China-based hackers that resulted in the theft of intellectual property.

Image representing Google as depicted in Crunc...

Image via CrunchBase

Although the hackers were never publicly identified, the incident heightened tensions between Washington and Beijing over growing evidence that a significant number of cyber attacks against US institutions originated from China.

“It was big news at the time, but what people don’t realize is that this is happening constantly,” said Eric Chien, a manager in Symantec’s research group. “They haven’t gone away, and we wouldn’t expect them to go away.”

Symantec said on Friday the hackers behind Operation Aurora have focused on stealing intellectual property, such as design documents from defense contractors and their suppliers, including shipping, aeronautics, arms, energy, manufacturing, engineering and electronics companies.

The hackers used components of a common infrastructure that Symantec termed the “Elderwood Platform,” named after a word repeatedly found in the software code used in different attacks.

Over the past year, the Elderwood hackers have focused almost exclusively on stealing data from companies that supply parts to big defense contractors, rather than targeting the firms themselves, Chien said.

The second most common group of targets was non-government organizations involved in Tibetan human rights issues. Financial firms and software companies were also targeted, Symantec said.

The security firm, which sells anti-virus software to corporations and consumers under the Symantec and Norton brands, declined to identify specific victims and noted that it did not have evidence to prove the attacks originated from China.

Cyber security experts widely believe the Google attacks originated from China.

Dmitri Alperovitch, chief technology officer of security startup CrowdStrike, said his firm has linked the culprits to more recent attacks, including ones last year on EMC’s Security division and Lockheed Martin.

The hackers infected personal computers by exploiting what were major security flaws in commonly used software from Adobe Systems and Microsoft. Such flaws, known as zero-day vulnerabilities, are rare because they are difficult to find. The flaws have since been fixed.

Last year, security experts uncovered eight zero-day flaws being exploited by various hacking groups, according to Symantec.

Symantec said it believed the Elderwood hackers alone have used eight zero-day vulnerabilities from 2010 to 2012 – the largest number it has seen from a single organization. That suggests the group had the money to hire large teams of skilled software engineers or purchase them.

Some experts estimate that a zero-day vulnerability that enables attackers to hack into highly secured systems can cost hundreds of thousands of dollars, even more than $1 million.

The fact that the Elderwood hackers has used so many zero-day vulnerabilities suggests it is either a very large criminal group, or backed by a nation-state, or a nation-state itself, Chien said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Microsoft Disrupts ‘Nitol’ Botnet in Piracy Sweep

September 15th, 2012 by admin No comments »

Microsoft said Thursday that it convinced a U.S. federal court to grant it control over a botnet believed to be closely linked to counterfeit versions Windows that were sold in various computer stores across China. The legal victory also highlights a Chinese Internet service that experts say has long been associated with targeted, espionage attacks against U.S. and European corporations.

Microsoft said it sought to disrupt a counterfeit supply-chain operation that sold knockoff versions of Windows PCs that came pre-loaded with a strain of malware called “Nitol,” which lets attackers control the systems from afar for a variety of nefarious purposes.

In legal filings unsealed Thursday by the U.S. District Court for the Eastern District of Virginia, Microsoft described how its researchers purchased computers from various cities in China, and found that approximately 20 percent of them were already infected with Nitol.

It’s not clear precisely how many systems are infected with Nitol, but it does not appear to be a particularly major threat. Microsoft told the court that it had detected nearly 4,000 instances of Windows computers infected with some version of the malware, but that this number likely represented “only a subset of the number of infected computers.” The company said the majority of Nitol infections and Internet servers used to control the botnet were centered on China, although several U.S. states — including California, New York and Pennsylvania — were home to significant numbers of compromised hosts.

Dubbed “Operation b70” by Microsoft, the courtroom maneuvers are the latest in a series of legal stealth attacks that the software giant has executed against large-scale cybercrime operations. Previous targets included the Waledac, Rustock, Kelihos and ZeuS botnets.

The core target of this takedown was 3322.org, a Chinese “dynamic DNS” (DDNS) provider. DDNS providers offer typically free services that allow millions of legitimate users to have Web sites hosted on servers that frequently change their Internet addresses. This type of service is useful for people who want to host a Web site on a home-based Internet address that may change from time to time, because dynamic DNS services can be used to easily map the domain name to the user’s new Internet address whenever it happens to change.

Unfortunately, these dynamic DNS providers are extremely popular in the attacker community, because they allow bad guys to keep their malware and scam sites up even when researchers mange to track the attacking IP address and convince the ISP responsible for that address to disconnect the miscreant. In such cases, dynamic DNS allows the owner of the attacking domain to simply re-route the attack site to another Internet address that he controls.

Microsoft told the court it found “a staggering 500 different strains of malware hosted on more than 70,000 subdomains” at 3322.org. The court granted Microsoft temporary control over the name servers for that domain. While 3322.org is owned by a Chinese firm, the dot-org registry is controlled by the Public Interest Registry, a company based in Reston, Va.

Although Microsoft did not explicitly address this in its filing, experts say 3322.org has long been associated with malware used in highly targeted attacks aimed at stealing corporate and government secrets from U.S. and other Western firms.

“The vast majority of the interactions with the 3322.org hostnames for those outside of Asia — particularly those in the United States are malicious,” said Steven Adair, a security expert with Shadowserver.org, a nonprofit that helps ISPs track malware attacks. “While not quite as prevalent now, the 3322.org domain has been a hot spot for malware used to conduct cyber espionage for several years now. We can already tell this move has had an impact on cyber crime operations.”

But it is not clear how effective this action will be at blocking that activity, or more than temporarily disrupting Nitol’s operations.

Joe Stewart, director of malware research for Dell SecureWorks, posted a message to Twitter.com this morning noting that only 57 percent of the subdomains he’s been tracking as related to targeted, espionage-type attack activity were disrupted by Microsoft’s action.

Part of the problem may be that much of the malware calling home to 3322.org has instructions built into its genetic makeup to seek out commands and updates from many other dynamic DNS providers not impacted by the court order, said Gunter Ollmann, vice president of research at security firm Damballa.

“What we’ve seen is that we’re currently tracking about 70 different botnets that had command and control domain names within 3322,” Ollmann said. “But all of those have secondary domain name [controllers] outside of 3322.org.”

Potentially complicating matters further, 3322.org now appears to be instructing affected users on how to get around having their sites redirected to Microsoft’s servers.

Microsoft has made the legal documents related to this case freely available fromnoticeofpleadings.com.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Apple Releases Fix for Critical Java Flaw

September 13th, 2012 by admin No comments »

Apple has issued an update for Mac OS X installations of Java that fixes at least one critical security vulnerability in the software.

If you own a Mac, take a moment today to run the Software Update application and check if there is a Java update available. Delaying this action could set your Mac up for a date with malware. In April, the Flashback Trojan infected more than 650,000 Mac systems using an exploit for a critical Java flaw.

Image representing Apple as depicted in CrunchBase

Image via CrunchBase

Java for Mac OS X 10.6 Update 10 and Java for OS X 2012-005 are available for Java installations on OS X 10.6, OS X Lion and Mountain Lion systems, via Software Update or from Apple Downloads.

Apple stopped bundling Java by default in OS X 10.7 (Lion), but it offers instructions for downloading and installing the software framework when user’s access webpage that uses it. The latest iteration of Java for OS X configures the Java browser plug-in and Java Web Start to be deactivated if they remain unused for an extended period of time.

Update, 8:14 p.m.: It looks like I may have misread Apple’s somewhat hazy advisory, which appears to state that this update addresses CVE-2012-4681, the Java flaw that was recently spotted in increasingly widespread attacks against Java 7 installations on Windows. Upon closer inspection, it looks like this patch applies just to CVE-2012-0547. The above blog post has been changed to reflect that. In any case, Mac users should not delay in updating (or better yet, removing) Java.

If you don’t really need Java, remove it from your system. If you decide later that you do need Java, you can always reinstall the program. If you still want to keep Java, but only need it for specific Web sites, you can still dramatically reduce the risk from Java attacks just by disabling the plugin in your Web browser. In this case, I would suggest updating to the latest version and then adopting a two-browser approach. If you normally browse the Web with Firefox, for example, consider disabling the Java plug-in in Firefox, and then using an alternative browser (Chrome, Safari, etc.) with Java enabled to browse only the site that requires it.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Twitter hires security expert Charlie Miller

September 17th, 2012 by admin No comments »

Twitter is creating a security dream team. Charlie Miller, famous for his hacks on the iPhone and Mac Book Air, finding holes in iOS and devising ways to hijack Android phones with NFC, will be starting his new job at the micro blogging company next week.

Miller will be working with encryption expert Moxie Marlinspike, who was hired by Twitter last year.

“Monday I start on the security team at Twitter. Looking forward to working with a great team there!” Miller tweeted this morning.

Miller told CNET today that he can’t talk about his new job until he gets settled in it.

After getting a Ph.D. in mathematics at the University of Notre Dame, Miller worked for five years as a “global network exploitation analyst” for the National Security Agency. He then worked for a financial-services firm and at Independent Security Evaluators and Accuvant.

But it’s his hacking and penetration testing skills that have earned him a reputation. Miller has highlighted numerous security flaws within Apple software over the years. One of his most high-profile discoveries was vulnerability in the mobile version of Safari in 2007, shortly after the first iPhone was released. Additionally, he’s been a fixture at the Pwn2Own security contest, in which people vie to gain control of Apple’s Mac OS X computers through the built-in Safari Web browser.

Image representing Twitter as depicted in Crun...

Image via CrunchBase

More recently, Miller detailed that the low-level system software that ships on all of Apple’s recent-model batteries could be hacked, letting would-be attackers theoretically disable the batteries given access to an administrator account. Miller got himself booted from participating in Apple’s developer program last year after he released findings of a security hole in the iOS that let applications grab unsigned code from third-party servers that could be added to an app even after it has been approved and is live on Apple’s App Store.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Microsoft Fixes IE Bugs

September 19th, 2012 by admin No comments »
English: Microsoft Windows Internet Explorer w...

English: Microsoft Windows Internet Explorer wordmark official (Photo credit: Wikipedia)

Microsoft has released an emergency update for Internet Explorer that fixes at least five vulnerabilities in the default Web browser on Windows, including a zero-day flaw that miscreants have been using to break into vulnerable systems.
The patch, MS12-063, is available through Windows Update or via Automatic Update. If you installed the stopgap “fix it” tool that Microsoft released earlier this week to blunt the threat from the zero-day bug, you need not reverse or remove that fix it before applying this update. The vulnerability resides in IE 7, 8, and 9, on nearly all supported versions of Windows, apart from certain installations of Windows Server 2008 and Windows Server 2012.
Separately, Microsoft issued an update for vulnerabilities in Adobe Flash Player in Internet Explorer 10 on all supported versions of Windows 8 and Windows Server 2012. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10. Adobe addressed these in two separate Flash updates last month, including a fix for Flash zero-day that has been under active attack.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Malware Dragnet Snags Millions of Infected PCs

September 21st, 2012 by admin No comments »

Microsoft Corp. made headlines when it scored an unconventional if not unprecedented legal victory: Convincing a U.S. court to let it seize control of a Chinese Internet service provider’s network as part of a crackdown on piracy.

I caught up with Microsoft’s chief legal strategist shortly after that order was executed; in a bid to better understand what they were seeing after seizing control over more than 70,000 domains that were closely associated with distributing hundreds of strains of malware. Microsoft said that within hours of the takeover order being granted, it saw more than 35 million unique Internet addresses phoning home to those 70,000 malicious domains.

English: A candidate icon for Portal:Computer ...

English: A candidate icon for Portal:Computer security (Photo credit: Wikipedia)

First, the short version of how we got here: Microsoft investigators found that computer stores in China were selling PCs equipped with Windows operating system versions that were pre-loaded with the “Nitol” malware, and that these systems were phoning home to sub domains at 3322.org. The software giant subsequently identified thousands of sites at 3322.org that were serving Nitol and hundreds of other malware strains, and convinced a federal court in Virginia to grant it temporary control over portions of the dynamic DNS provider.

Microsoft was able to do that because – while 3322.org is owned by a firm in China — the dot-org registry is run by a company based in Virginia. Yet, as we can see from the graphic above provided by Microsoft, Nitol infections were actually the least of the problems hosted at 3322.org (more on this later).

To learn more about the outcome of the seizure, I spoke with Richard Boscovich, a senior attorney with the company’s digital crimes unit (DCU) who helped to coordinate this action and previous legal sneak attacks against malware havens. Our interview came just hours after Microsoft had been cleared to seize control over the 70,000+ sub domains at 3322.org. I asked Boscovich to describe what the company was seeing.

“Just a quick view of what we’ve been seeing so far is upwards of 35 million unique IP [addresses] trying to connect with the 70,000 sub domains.”

“The numbers are quite large,” he said. “Just a quick view of what we’ve been seeing so far is upwards of 35 million unique IP [addresses] trying to connect with the 70,000 sub domains.”

Certainly IP addresses can be very dynamic — a single computer can have multiple IP addresses over a period of a few days, for example. But even if there were half as many infected PCs than unique IPs that Microsoft observed reporting to those 70,000 domains, we’d still be talking about an amalgamation of compromised PCs that is far larger than any known botnets on the planet today.  So how certain were Microsoft that these 35 million unique IPs were in fact infected computers?

“We started identifying what our AV Company blocks,” Boscovich explained. “We saw a lot of different types of malware, from key loggers to DDoS tools and botnets going back there. Our position would be if you’re reaching out to these 70,000 sub domains, that the purpose would be you’re directed there to be infected or you are already infected with something. And that something was up to 560 or so malware strains we identified [tracing back] to 3322.org.”

COLLATERAL DAMAGE?

malware on capitol records

malware on capitol records (Photo credit: abraham.williams)

Microsoft’s past unilateral actions against malware purveyors and botnets have engendered their share of harsh reactions from members of the security community, and I fully expected this one also would be controversial. I wasn’t disappointed: Writing for Internet policy news site CircleID, longtime anti-spam activist Suresh Ramasubramanian warned that Microsoft’s action would cause “extremely high collateral damage,” both to innocent sites and to ongoing investigations.

…All that Microsoft DCU and Mr. Boscovich have achieved are laudatory quotes in various newspapers and a public image as fearless and indefatigable fighters waging a lone battle against cybercrime

“So, in the medium to long term run …all that Microsoft DCU and Mr. Boscovich have achieved are laudatory quotes in various newspapers and a public image as fearless and indefatigable fighters waging a lone battle against cybercrime,” Ramasubramanian wrote. “That manifestly is not the case. There are several other organizations (corporations, independent security researchers, law enforcement across several countries) that are involved in studying and mitigating botnets, and a lot of their work just gets abruptly disrupted (jeopardizing ongoing investigations, destroying evidence and carefully planted monitoring).”

Boscovich said Microsoft worked hard to focus its legal request on 3322.org sub domains that appeared to be doing little else than serving as controllers, updaters or data repositories for malware operations. He noted that the 70,000 domains the court granted it control over were only a small subset (less than 3 percent) of the 2.75 million sub domains currently host at 3322.org.

“There’s always a balancing act,” the Microsoft lawyer told me. “You want to make sure you do it in such a way to minimize collateral damage on legitimate sites. The unique aspect of this action was the great lengths that we went to make sure that we surgically took out and sinkholed 70,000 sub domains out of a domain hosting 2.75 million sub domains total. We developed technology along with Nominum where we were able to — once a domain was pointed to us — to only take out those 70,000, allowing all of the other sub domains which are beyond the scope of our order to simply resolve and not be impacted.”

Boscovich added that Microsoft and Nominum will be working with Internet service providers to help clean machines seen reporting to the hostile 3322.org sites.

“A lot of people in the security community like to do a lot of research, they like sit on these things and see what’s happening, but sometimes the right thing to do is get to the victims, tell them that they’ve been victimized, tell them that they’re victimizing others, and help clean them up,” he said.

Other luminaries in the security research space expressed surprise at the breadth of Microsoft’s latest legal action, but said it was too soon to say how much of an impact it would have on the malware ecosystem. Dan Hubbard, chief technology officer at OpenDNS, said his firm has been blocking all 2.75 million sub domains at 3322.org for almost two years.

“We very rarely get complaints, and even today we see 1.1 million requests [attempting to go to] 3322.org with zero complaints,” Hubbard said. “The vast majority of it is not good.”

But he said he wonders what Microsoft is going to do with all of the sensitive information flowing through the sinkholed 3322.org domains. As I noted in my previous piece, sub domains at 3322.org have long been associated with targeted malware used in espionage attacks against U.S. and other Western corporations.

“There is going to be quite a bit of sensitive information that’s coming across the flow, from credit card details to proprietary company records,” Hubbard said. “It will be interesting to know what are the bounds around that, what they do with that data, and are they going to inform companies that are impacted.”

Joe Stewart, a senior security analyst with Dell SecureWorks, agreed, calling the scope of the interception order “unprecedented.”

“That they are intercepting or trying to intercept millions of malicious requests while still allowing service to operate is unprecedented, sort of like they’re acting as ‘the great firewall of Microsoft.’

“It’s a little bit surprising that Microsoft went to the lengths they did,” Stewart said. “That they are intercepting or trying to intercept millions of malicious requests while still allowing service to operate is unprecedented, sort of like they’re acting as ‘the great firewall of Microsoft.’ It’s not the sink holing of these sub domains that’s novel, it’s that they’ve injected themselves legally between this service in China and its users. Handled responsibly, it could be a good thing.”

WILL THE REAL JOHN DOE PLEASE STEP FORWARD?

Like others before it, this latest legal salvo by Microsoft seeks to unmask individuals behind the alleged criminal activity at 3322.org. It does this using so-called “John Doe,” requests, which are legal proceedings that can enable a plaintiff or prosecutor to gather information on a number of individuals, in a bid to learn their identities and/or to prove they were parties to a conspiracy.

I asked Boscovich if Microsoft’s John Doe requests in previous targeted botnets takedowns had produced any leads. Specifically, I wanted to know if there were any updates to the John Does named in connection with its targeting of the Kelihos spam botnets. In that case, Microsoft identified 31-year-old Andrey N. Sabelnikov of St. Petersburg, Russia, a former system developer and project manager for Agnitum, a Russian antivirus firm.

“In the Kelihos case, we named the Russian AV…the individual that we alleged was the developer of the code for Kelihos,” Boscovich said. “We’re resolving that case now, and very shortly you’ll hear a statement that will be coming out.”

Shortly after that story broke, Sabelnikov vehemently refuted Microsoft’s allegations, saying he had never participated in the management of botnets or any other similar programs. But according to Boscovich, Microsoft will soon be publishing a statement that says otherwise.

“I think that once you see the statement that he agreed to that we’re going to publish in the next couple of days on the Kelihos case, I think that will put that to rest. I think we’ve been pretty accurate that when we name someone we know who they are. And there have been a lot of cases referred to law enforcement, and a lot of the evidence based upon which they’re much further along now based upon the stuff that we have done. So anybody who thinks that these things are not effective, from purely an identification of individuals behind it is concerned, they’re wrong.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Must Read for IE Users

September 23rd, 2012 by admin No comments »

Microsoft is urging Windows users who browse the Web with Internet Explorer to use a free tool called EMET to block attacks against a newly-discovered and un-patched critical security hole in IE versions 7, 8 and 9. But some experts say that advice falls short, and that users can better protect themselves by surfing with an alternative browser until Microsoft issues a proper patch for the vulnerability.

Image representing Microsoft as depicted in Cr...

Image via CrunchBase

EMET, short for the Enhanced Mitigation Experience Toolkit, is a tool that can help Windows users beef up the security of commonly used applications, whether they are made by a third-party vendor or by Microsoft. EMET allows users to force applications to use one or both of two key security defenses built into Windows Vista and Windows 7 — Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP).

Put very simply, DEP is designed to make it harder to exploit security vulnerabilities on Windows, and ASLR makes it more difficult for exploits and malware to find the specific places in a system’s memory that they need to do their dirty work.

Before I get into the how-tos on EMET, a few caveats. EMET is a great layer of security that Windows users can and should use to enhance the security of applications. But EMET may not block the exploit code now publicly available through the Metasploit framework. In fact, Tod Beardlsey, an engineering manager with Rapid7, the security firm that manages Metasploit, told The Associated Press that EMET does not appear to be completely effective against this exploit.

I asked Metasploit founder HD Moore what he thought was the best way to block this exploit, and he pointed out that the exploit available through Metasploit requires the presence of Java on the host machine in order to execute properly on IE 8/9 on Windows 7 and Vista systems (the exploit works fine without Java against IE7 on XP/Vista and IE8 on XP). Obviously, while the lack of Java on a Windows machine may not prevent other exploits against this flaw, it is a great first start. I have consistently urged computer users of all stripes to uninstall Java if they have no specific use for it.

Using a non-IE browser such as Chrome, Firefox, Opera or Safari is a far safer approach, at least until Microsoft releases a proper patch for this flaw (note that Windows 8 and Internet Explorer 10 are not affected by this vulnerability).

If you decide to stick with IE, I’d encourage you to read closely the security advisory Microsoft published last night. It describes a number of tweaks that users can make to ratchet up security settings in IE, and details the process of setting up IE to use EMET.

EMET can force individual applications to perform ASLR on every component they load, whether the program wants it or not. Please note that before you install EMET, you’ll need to have Microsoft’s .NET platform installed. And while it does technically work on Windows XP (Service Pack 3 only), XP users cannot take advantage of mandatory ASLR and some of the other notable protections included in this tool.

To wrap Internet Explorer in EMET’s settings, launch the program and click the “Configure Apps” button in the bottom right corner of the application window. Selecting the “Add” button in the next box that brings up a program selection prompt; browse to C:\Program Files\Internet Explorer, and then add the “iexplore.exe” file. It should be okay to accept all of the defaults that EMET adds for you.

While you’re at it, add the rest of your more commonly used, Internet-facing apps. But go slow with it, and avoid the temptation to make system-wide changes. Changing system defaults across the board – such as changing ASLR and DEP settings using the “configure system” tab – may cause stability and boot up problems. I’ve been using it on a 64-bit Windows 7 system and phasing in some of my most-used applications on-by-one with the “configure apps” button just to make sure the added security doesn’t crash the programs (see screen shot below). So far, the only problem I’ve run up against was Skype, which didn’t seem to like being forced into using the six different protection mechanisms that EMET employs by default when you manually add application: It simply would crash upon startup.

Just keep a running list somewhere of the apps you have set to use EMET, and if you experience problems or glitches with these programs going forward, you may be able to fix said bugginess simply by tweaking EMET a bit.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Chinese Hackers Blamed for Intrusion at Energy Industry Giant

September 25th, 2012 by admin No comments »

A company whose software and services are used to remotely administer and monitor large sections of the energy industry began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Experts say digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests.

The attack comes as U.S. policymakers remain gridlocked over legislation designed to beef up the cyber security posture of energy companies and other industries that maintain some of the world’s most vital information networks.

In letters sent to customers last week,Telvent Canada Ltd. said that on Sept. 10, 2012 it learned of a breach of its internal firewall and security systems. Telvent said the attacker(s) installed malicious software and stole project files related to one of its core offerings — OASyS SCADA — a product that helps energy firms mesh older IT assets with more advanced “smart grid” technologies.

The firm said it was still investigating the incident, but that as a precautionary measure, it had disconnected the usual data links between clients and affected portions of its internal networks.

“In order to be able to continue to provide remote support services to our customers in a secure manner, we have established new procedures to be followed until such time as we are sure that there are not further intrusions into the Telvent network and that all virus or malware files have been eliminated,” the company said in a letter mailed to customers this week. “Although we do not have any reason to believe that the intruder(s) acquired any information that would enable them to gain access to a customer system or that any of the compromised computers have been connected to a customer system, as a further precautionary measure, we indefinitely terminated any customer system access by Telvent.”

English: A candidate icon for Portal:Computer ...

English: A candidate icon for Portal:Computer security (Photo credit: Wikipedia)

The incident is the latest reminder of problems that can occur when corporate computer systems at critical networks are connected to sensitive control systems that were never designed with security in mind. Security experts have long worried about vulnerabilities being introduced into the systems that regulate the electrical grid as power companies transferred control of generation and distribution equipment from internal networks to so-called “supervisory control and data acquisition,” or SCADA, systems that can be accessed through the Internet or by phone lines. The move to SCADA systems boosts efficiency at utilities because it allows workers to operate equipment remotely, but experts say it also exposes these once-closed systems to cyber attacks.

Telvent did not respond to several requests for comment. But in a series of written communications to clients, the company detailed ongoing efforts to ascertain the scope and duration of the breach. In those communications, Telvent said it was working with law enforcement and a task force of representatives from its parent firm, Schneider Electric, a French energy conglomerate that employs 130,000 and has operations across the Americas, Western Europe and Asia. Telvent reportedly employs about 6,000 people in at least 19 countries around the world.

The disclosure comes just days after Telvent announced it was partnering with Fox borough, Mass. based Industrial Defender to expand its cybersecurity capabilities within Telvent’s key utility and critical infrastructure solutions. A spokesperson for Industrial Defender said the company does not comment about existing customers.

In its most recent dispatch to customers impacted by the breach, dated Sept. 25, 2012, Telvent executives provided details about the malicious software used in the attack. Those malware and network components, listed in the photocopied Telvent communication shown here strongly suggest the involvement of Chinese hacker groups tied to other high-profile attacks against Fortune 500 companies over the past several years.

Joe Stewart, director of malware research at Dell Secure Works and an expert on targeted attacks, said the Web site and malware names cited in the Telvent report map back to a Chinese hacking team known as the “Comment Group.”

In July, Bloomberg News published an in-depth look at the Comment Group and its many years of suspected involvement in deploying sophisticated attacks to harvest intellectual property and trade secrets from energy companies, patent law firms and investment banks.

That investigation looked at data gathered by a loose-knit group of 30 security researchers, who tracked the Comment Group’s activity over less than two months last year and uncovered evidence that it had infiltrated at least 20 organizations — “many of them organizations with secrets that could give China an edge as it strives to become the world’s largest economy. The targets included lawyers pursuing trade claims against the country’s exporters and an energy company preparing to drill in waters China claims as its own.”

Politicians in Congress and the Obama administration are becoming more vocal about accusing China and Russia of hacking U.S. computer networks for economic gain, espionage and other motives. But those accusations tend to ring hollow abroad, as Reuters recently observed: “U.S. standing to complain about other nations’ cyber attacks has been undermined, however, by disclosures that Washington, along with Israel, launched sophisticated offensive cyber operations of its own against Iran to try to slow that nation’s suspected quest for a nuclear weapon.” The malware alluded to in that Reuters piece — Stuxnet — was designed to attack specific vulnerabilities in SCADA systems known to be used in Iran’s uranium enrichment facilities.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Facebook to introduce new security feature

September 27th, 2012 by admin No comments »

Facebook is set to announce new security features that will let people set passwords for third-party apps and get help from friends when they can’t get into their account.

When hackers hijack accounts, the first thing they typically do is change passwords so legitimate account holders can’t get back in. Instead of going through the rigmarole of verifying that you are the legitimate account owner, Facebook will now let friends vouch for you.

Image representing Facebook as depicted in Cru...

Image via CrunchBase

The new Trusted Friends feature, which like App Passwords will available for “testing” in coming weeks, lets you select three to five friends who can be trusted to help get access to a hijacked account. Facebook will send secret codes to the select friends who can then share them with you.

“It’s sort of similar to giving a house key to your friends when you go on vacation–pick the friends you most trust in case you need their help in the future,” the company said in a blog post due to go live today.

Similarly, Facebook is bulking up security for in-system apps. Your Facebook login already generally allows you to access your Facebook apps, but in some cases you may prefer to use an unrelated and/or unique password for particular apps. And now you can.

To use App Passwords, click on Account Settings, then select Security Tab and the “App Passwords” section. “You can generate a password that you won’t need to remember, just enter it along with your email when logging into an application,” the company said in a statement.

“There are tons of applications you can use by logging in with your Facebook credentials. However in some cases you may want to have a unique password for that application,” the blog post says. “This is especially helpful if you have opted into Login Approvals, for which security codes don’t always work when using 3rd party applications.”

These moves are Facebook’s latest attempts to help people keep hackers and hijackers out of their accounts. In May, Facebook announced a number of security offerings, including a two-factor authentication called Login Approvals that require a code when you log in from an unrecognized device. The site will also generate warnings when links look suspicious or if it senses dubious activity going on behind the scenes of clicks. Facebook also launched a bug bounty program in July.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Content hosting for the modern web

October 1st, 2012 by admin No comments »

Our applications host a variety of web content on behalf of our users, and over the years we learned that even something as simple as serving a profile image can be surprisingly fraught with pitfalls. Today, we wanted to share some of our findings about content hosting; along with the approaches we developed to mitigate the risks.

Image representing Google as depicted in Crunc...

Image via CrunchBase

Historically, all browsers and browser plugging were designed simply to excel at displaying several common types of web content, and to be tolerant of any mistakes made by website owners. In the days of static HTML and simple web applications, giving the owner of the domain authoritative control over how the content is displayed wasn’t of any importance.

It wasn’t until the mid-2000s that we started to notice a problem: a clever attacker could manipulate the browser into interpreting seemingly harmless images or text documents as HTML, Java, or Flash—thus gaining the ability to execute malicious scripts in the security context of the application displaying these documents (essentially, a cross-site scripting flaw). For all the increasingly sensitive web applications, this was very bad news.

During the past few years, modern browsers began to improve. For example, the browser vendors limited the amount of second-guessing performed on text documents, certain types of images, and unknown MIME types. However, there are many standards-enshrined design decisions—such as ignoring MIME information on any content loaded through <object> ,<embed> , or <applet> —that are much more difficult to fix; these practices may lead to vulnerabilities similar to the GIFAR bug.

Google’s security team played an active role in investigating and remediating many content sniffing vulnerabilities during this period. In fact, many of the enforcement proposals were first prototyped in Chrome. Even still, the overall progress is slow; for every resolved problem, researchers discover a previously unknown flaw in another browser mechanism. Two recent examples are the Byte Order Mark (BOM) vulnerability reported to us by Masato Kinugawa, or the MHTML attacks that we have seen happening in the wild.

For a while, we focused on content sanitization as a possible workaround – but in many cases, we found it to be insufficient. For example, Aleksandra Dobkin managed to construct a purely alphanumeric Flash applet, and in our internal work the Google security team created images that can be forced to include a particular plaintext string in their body, after being scrubbed and recoded in a deterministic way.

In the end, we reacted to this raft of content hosting problems by placing some of the high-risk content in separate, isolated web origins—most commonly *.googleusercontent.com. There, the “sandboxed” files pose virtually no threat to the applications themselves, or to google.com authentication cookies. For public content, that’s all we need: we may use random or user-specific sub domains, depending on the degree of isolation required between unrelated documents, but otherwise the solution just works.

The situation gets more interesting for non-public documents, however. Copying users’ normal authentication cookies to the “sandbox” domain would defeat the purpose. The natural alternative is to move the secret token used to confer access rights from the Cookie header to a value embedded in the URL, and make the token unique to every document instead of keeping it global.

While this solution eliminates many of the significant design flaws associated with HTTP cookies, it trades one imperfect authentication mechanism for another. In particular, it’s important to note there are more ways to accidentally leak a capability-bearing URL than there are to accidentally leak cookies; the most notable risk is disclosure through the Refererheader for any document format capable of including external sub resources or of linking to external sites.

In our applications, we take a risk-based approach. Generally speaking, we tend to use three strategies:

In higher risk situations (e.g. documents with elevated risk of URL disclosure), we may couple the URL token scheme with short-lived, document-specific cookies issued for specific sub domains of googleusercontent.com. This mechanism, known within Google as File Comp, relies on a range of attack mitigation strategies that are too disruptive for Google applications at large, but work well in this highly constrained use case.

In cases where the risk of leaks is limited but responsive access controls are preferable (e.g., embedded images), we may issue URLs bound to a specific user, or ones that expire quickly.

In low-risk scenarios, where usability requirements necessitate a more balanced approach, we may opt for globally valid, longer-lived URLs.

Of course, the research into the security of web browsers continues, and the landscape of web applications is evolving rapidly. We are constantly tweaking our solutions to protect Google users even better, and even the solutions described here may change. Our commitment to making the Internet a safer place, however, will never waver.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Windows 7 malware infection rate soars in 2012

October 3rd, 2012 by admin No comments »

Windows 7’s malware infection rate climbed by as much as 182% this year, Microsoft said today.

Image representing Microsoft as depicted in Cr...

Image via CrunchBase

But even with that dramatic increase, Windows 7 remained two to three times less likely to fall to hacker attack than the aged Windows XP.

Data from Microsoft’s newest twice-yearly security report showed that in the second quarter of 2012, Windows 7 was between 33% and 182% more likely to be infected by malware than in the second quarter of 2011.

The infection rate for Windows RTM, or “release to manufacturing,” the original version launched in Oct. 2009, was 33% higher this year for the 32-bit edition (x86), 59% higher for the 64-bit (x64) OS.

Windows 7 Service Pack 1 (SP1) — the upgrade that shipped in Feb. 2011 — saw even larger infection increases: 172% for x86, 182% for x64.

Microsoft blamed several factors for the boost in successful malware attacks, including less savvy users.

“This may be caused in part by increasing acceptance and usage of the newest consumer version of Windows,” said Microsoft in its latest Security Intelligence Report. “Early adopters are often technology enthusiasts who have a higher level of technical expertise than the mainstream computing population. As the Windows 7 install base has grown, new users are likely to possess a lower degree of security awareness than the early adopters and be less aware of safe online practices.”

But other elements came into play, argued Tim Rains, director of Microsoft’s Trustworthy Computing group.

“There are several factors at play here. In XP, for example, we’ve seen infection rates go up because of particular pieces of malware that are more effective on that platform,” said Rains in an interview. “[And] in different places in the world, [users'] ability to keep Windows up to date varies greatly.”

For the first time, Microsoft ranked the threats facing each version of Windows, bolstering Rains’ assertion that some malware families are more successful against, or at least more often aimed at, specific Windows builds, and thus affect the infection rates.

But security researchers were more likely to pin the blame on Windows 7’s popularity.

“Windows 7 has really been the first platform adopted by both enterprises and consumers, and that kind of adoption hasn’t happened in quite some time for Microsoft,” said Andrew Storms, director of security operations at nCircle Security. “Given the market movements, its likely that the attackers follow.”

And Windows 7 is a more popular operating system this year: From June 2011 to June 2012, Windows 7’s usage share grew 45%, according to statistics from metric firm Net Applications.

Microsoft collects infection data from several sources, including the Malicious Software Removal Tool (MSRT), a free utility it distributes to all Windows users each month that detects, and then deletes selected malware. It then normalizes the data by comparing an equal number of computers for each edition of Windows.

The measurements are expressed as X per thousand: Windows XP SP3’s infection rate, for instance, was 9.5 in the second quarter, or 9.5 XP SP3 machines out of every 1,000.

The x86 editions of Windows 7 RTM and SP1 came with higher infection rates than the x64 versions, and Windows 7 SP1 was less likely to be infected than RTM. Windows 7 RTM x86 had the highest rate, 5.3, while Windows 7 SP1 x64 had the lowest, just 3.1.

But even with that low rate, Windows 7 SP1 x64 had the dubious distinction of sporting the largest year-to-year increase because in the second quarter of 2011, its infection rate was an even lower 1.1.

Microsoft’s numbers back up the belief that Windows 7 is a more secure OS than the still-present-in-large-numbers XP, and make a good case for users of the latter to migrate to the former, a transition Microsoft and industry analysts.

Image representing Windows as depicted in Crun...

Image via CrunchBase

If history is any guide, Windows 7’s infection rate will continue to climb as its market share does the same, and won’t begin to decline until a successor replaces it on a large number of PCs.

“There is probably no single technology feature set that can explain infection rates in either incline or decline,” said Storms. “It has more to do with what the attackers want to attack. And as we have seen, attackers generally get what they want.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Malware-infected computers rented as proxy servers on the black market

October 5th, 2012 by admin No comments »

Cybercriminals are using computers infected with a particular piece of malware to power a commercial proxy service that funnels potentially malicious traffic through them, according to security researchers from Symantec.

Three months ago, Symantec researchers started an investigation into a piece of malware called Backdoor.Proxybox that has been known since 2010, but has shown increasing activity recently.

Busy proxy servers

Busy proxy servers (Photo credit: Jared Klett)

“Our investigation has revealed an entire black hat operation, giving us interesting information on the operation and size of this botnets, and leading us to information that may identify the actual malware author,” Symantec researcher Joseph Bingham said Monday in a blog post.

The malware is a Trojan program with root kit functionality that transforms the computer into a proxy server. The root kit component uses a novel technique to prevent access to the malware’s other files and increase the malware’s persistence on the system, Bingham said.

However, the most interesting aspect of this attack is how the infected computers are used by the attackers.

Botnets are one of the main tools used by cybercriminals because they are versatile. They can be used to send email spam, launch distributed denial-of-service attacks, solve CAPTCHA challenges on websites, perform online banking fraud or click fraud and many other activities.

In this particular case, the botnets operators are using it to power a commercial proxy service called Proxybox.name.

Because they can hide a user’s real IP (Internet Protocol) address, proxy servers are commonly used to evade online censorship attempts, bypass region-based content access restrictions or, in many cases, engage in various illegal actions.

Fully anonymous and transparent SOCKS proxy servers — proxy servers that can route traffic for any application, not just browser connections — are hard to come by and this is exactly what the Proxy box service offers.

According to the Proxy box website, for $25 a month, customers can get access to 150 proxy servers from the countries they desire, while for $40 they can get access to an unlimited number of proxies. The service operators promise not to keep any access logs, which makes these servers perfect for criminal use because there will be no logs for authorities to request and review.

“We expect over 2,000 bots online all the time,” the Proxy box operators say on their website. However, after monitoring the botnets command and control servers, the Symantec researchers believe that there are around 40,000 active proxies at any given time.

The Proxy box malware is distributed in a variety of ways, including through drive-by download attacks launched from compromised websites that host commercial exploit toolkits like Black hole, Bingham said.

Advertisements for the Proxy box service seen on underground forums were linked to ads for other black market websites that offer VPN (virtual private network), private antivirus scanning or proxy testing services and offer the same ICQ contact number and payment methods: Web Money, Liberty Reserve and RoboKassa.

“We started to look into the payment accounts associated with these websites, and found out that they were tied to an individual with a Ukrainian name living in Russia,” Bingham said. “The additional details associated with this Web Money account are undisclosed as we work with law enforcement in countries associated with the command-and-control servers.”

The risks for users whose computers are infected with Backdoor.Proxybox are significant. Because of the unauthorized proxy servers running on their systems, their IP addresses might be involved in a lot of illegal activities without their knowledge.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Google upgrades Search Appliance

October 7th, 2012 by admin No comments »

Google is upgrading its Search Appliance for the enterprise in an effort to help workers find information stored anywhere in their organizations.

Google Search Appliance 7.0 was unveiled today and will be available Oct. 16 for sale or for customers to download. The new version would help employees in large enterprises find stored information whether they’re using a desktop PC, a tablet or a Smartphone.

“Google is really doubling down on enterprise search,” said Matthew Eichner, general manager of Enterprise Search for Google. “We think that enterprise search is an unsolved problem…. We’re really targeting now the world’s largest organizations with great complexity problems.”

The appliance is designed to enable administrators to add information from sources stored in the cloud, social networking sites, the public Web and secure storage. The new appliance also offers search for SharePoint 2010,Microsoft’s collaboration tool.

“With GSA 7.0, we’ve refined our relevance signals,” Eichner wrote in a blog post. “Entity Recognition automatically identifies and suggests content you might be looking for, and GSA 7.0 also harnesses the ‘wisdom of crowds,’ allowing employees to add their own search results.”

The update also includes a new interface and a new document preview feature that enables users to view thumbnails and flip through full-screen document previews alongside their search results. Google Translate offers automatic translations in more than 60 languages displayed in search results.

David Schubmehl, an analyst with IDC, said the appliance update is important for major enterprises that need to make their information stores available to employees.

“People are still dissatisfied with the way their internal search systems work,” Schubmehl said. “Everybody wants it to be as good as the Web. If I don’t find the answer, I at least want to find an answer… Google is trying to make internal search as good as Web search.”

Schubmehl noted that productivity can be adversely affected if people have to spend a lot of time searching for information stored within their own organizations.

An IDC study in 2009 found that the time spent searching for information that year alone averaged 8.8 hours per week per employee, adding up to a cost of $14,209 per worker per year.

“There’s a generation of workers who are starting to leave the workforce, and they’ve created years or decades of information and that information could be very valuable if people knew about it,” said Schubmehl. “Let’s say I’m working in a pharmaceutical company doing drug research and I know there are seven groups doing research around the world. Who are these other researchers and are they doing the same work I am? It can be hard to get even that information.”

Schubmehl added that Google Search Appliance 7.0 still has challenges. For instance, each kind of repository has a different access method, so administrators have to create a custom program or control to read the data from each particular system.

However, the new appliance also has benefits, such as better navigation and more filters for different types of files.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Hackers pwn the sun – Exploit code released for software used to manage solar energy plants

October 9th, 2012 by admin No comments »

Black hat hackers can now take over photovoltaic solar arrays and harness their combined energy to create vaporizing solar death beams.Well, that may be an exaggeration, but only a slight one.

The US Department of Homeland Security is warning about vulnerabilities in a common SCADA (supervisory control and data acquisition) package that is used to remotely monitor and manage solar energy-generating power plants.

The DHS’s ICS-CERT issued an advisory on Wednesday that exploit code was circulating on the internet for security holes affecting the Italian vendor Sinapsi’s eSolar Light Photovoltaic System Monitor.

English: Seal of the United States Department ...

English: Seal of the United States Department of Homeland Security. (Photo credit: Wikipedia)

The eSolar Light Photovoltaic System Monitor is a SCADA product that allows solar power stations to simultaneously monitor different components of photovoltaic arrays, such as photovoltaic inverters, energy meters, and gauges and so on.

According to information released by the researchers Robert Paleari and Ivan Speziale, the Sinapsi eSolar product contains a number of critical security vulnerabilities that make the devices easily exploitable by remote attackers, who could gain administrative privileges and run arbitrary commands and code on vulnerable eSolar devices.

Those security holes include a slew of SQL injection vulnerabilities in WebPages included with the device firmware. Among other things, the researchers found they could exploit SQL injection holes in the web based management interface to access the underlying MySQL database, gaining access to usernames and passwords for the device.

Passwords, the researchers noted, were stored in plaintext. And, in a pattern that has become distressingly common in the SCADA world, the researchers discovered hard coded administrative accounts for the Sinapsi devices.

The login.php page would accept a small number (two or three) of universal passwords that would grant access to the device regardless of what user login they were paired with.

ICS-CERT said in its advisory that the vulnerabilities, if successfully exploited, could allow attackers to remotely connect to the management server, “executing remote code, possibly affecting the availability and integrity of the device.”

The researchers disclosed the holes to Sinapsi in August, 2012 and released details of their findings on October 9, after failing to get a response, they said.

solar panels

solar panels (Photo credit: spanginator)

The impact of the security holes could be widespread. The Sinapsi eSolar management product is bundled with photovoltaic SCADA products from other vendors, as well. They include the Enerpoint eSolar Light, Astrid Green Power Guardian and Schneider Electric Ezylog Photovoltaic Management Server, according to ICS-CERT.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

PC Satisfaction Increased by Tablets?

October 11th, 2012 by admin No comments »
Photo of HP Tablet PC running MS Windows Table...

Photo of HP Tablet PC running MS Windows Tablet Edition. Modified with Picasa2. (Photo credit: Wikipedia)

Recent news on PCs have been mostly negative with most people in the tech industry saying that the PC is dead, due in large part to the incredible rise of the tablet PC. Many people have been saying that tablets are killing the PC business and that it is only a matter of time before tablets completely make PCs obsolete. However, recent reports are suggesting that tablets may actually be boosting the rate at which consumers appreciate their PCs.

Personal computer satisfaction increased by 2.6% this year, giving it a record high score of 80 on the American Consumer Satisfaction Index (ASCI). According to the index, the reason for this satisfaction increase is probably due to rise in tablet use among consumers.

When you think about it, this seems a little contradictory, though ASCI founder Claes Fornell has a theory. Fornell’s theory is that when unsatisfied PC users move to Apple and other tablet makers, only the most loyal and happy users are left using traditional PCs, such as Dell, HP and Acer computers. That actually makes a lot of sense. If all the unsatisfied people switch to tablets, then only the happy and satisfied customers are left to take the surveys.

There may be an additional reason that tablet growth has increased PC customer satisfaction. Tablets typically server as an ancillary device, meaning they are viewed as second in importance to a PC. If this is true then tablets, instead of taking the place of a PC, are used solely for the tasks that they are best at, like surfing the internet, watching movies or checking Facebook. This leaves PC users fully aware of everything that their PC offers and everything that their tablet doesn’t, further increasing their satisfaction.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Illegal content on YouTube? Beware spammed-out malware attack

October 13th, 2012 by admin No comments »

Internet users are being warned about a malware attack that has been spammed out widely, posing as a communication from YouTube about copyrighted video content.

The emails, which have the subject line “Your video may have illegal content”, pretend to come from Google’s YouTube team.

Here’s an example:

Subject: Your video may have illegal content
Attached file: Content_ID755658_Matches.zip

Message body:
Your video may have content that is owned or licensed by Music Publishing Rights Collecting Society.

No action is required on your part; however, if you are interested in learning how this affects your video, please open attached file with Content ID Matches section of your account for more information.

Sincerely,
- The YouTube Team

The attached ZIP file, however, contains the Troj/Agent-XXC Trojan horse.

Sophos anti-virus products have been capable of detecting the malware since September 25th – but users of products from other vendors may not be as well protected.

Always be suspicious of unsolicited emails – and don’t rush to click on unexpected attachments.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Apple resumes User Tracking with iOS 6

October 15th, 2012 by admin No comments »

Apple got caught with its hand in the cookie jar when privacy experts protested the use of a universal device identifier, or UDID, to track the online preferences of iPhone and iPad users.

The problems with that model became all too apparent after hackers compromised systems belonging to digital media firm Bluetoad and made.

Enough is enough, right? Well, maybe not.

It looks like device tracking is back with iOS 6, courtesy of a new tracking technology: IDFA, or identifier for advertisers.

Like the UDID, the IDFA uniquely identifies your Apple device.

Websites that you browse with your iPhone or iPad device can request the IDFA. Unlike UDID, however, the IDFA can’t be traced back to individuals; it merely links a pattern of online behavior with a specific device.

Also unlike the UDID, IDFA can be disabled from within iOS, though Apple leaves it enabled, by default.

Image representing Apple as depicted in CrunchBase

Image via CrunchBase

The Cupertino Company has said little about IDFA since releasing the latest version of iOS last month. According to published reports, however, the IDFA acts like a persistent cookie on the phone: allowing advertisers to track user surfing behavior on their phone and record interactions up to and including “conversion” – a purchase or download.

Writing on his company’s blog in June, prior to the release, Michael Oiknine, the CEO of mobile application analytics firm Apsalar said that IDFA offered many advantages over the discredited UDID.

Among other things: the IDFA is reset when the device, itself, is reset. That will prevent user data from being corrupted when they sell or transfer their phone to a new owner, Oiknine said.

Giving users the ability to opt-out of tracking will satisfy privacy concerns.

And, because Apple is the 600 pound gorilla of the mobile space, IDFA stands a good chance of being adopted universally, clearing up confusion created by competing standards like OpenUDID and ODIN, he said.

But others expressed skepticism about the privacy protections included with IDFA.

Among other things, critics have noted that the IDFA is enabled by default, and that Apple opted to put the feature for disabling tracking in the mostly-ignored “About” section under the General settings – which mostly lists technical information about the phone.

Critics argued that it more properly belongs under the iPhone Privacy settings.

Furthermore, the company asks users to disable tracking by enabling the “Limit Ad Tracking” option – a tricky bit of mental misdirection that may leave users who manage to track down the opt-out option believing that they’re already opted out.

If you want to turn off device tracking using the IDFA on your iOS6 device, do the following:

1) Click on Settings.

2) Click on General to access the General Settings.

3) Click About

4) Scroll down and click on Advertising.

5) Set Limit Ad Tracking to “ON”.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

25 worst passwords of 2012

October 17th, 2012 by admin No comments »

Leading the way are “password” and “123456,” but “ninja” and “Jesus” are gaining ground

You probably don’t think about your passwords much — and that’s not a good thing. After all, it’s the key that unlocks your email, your online bank account, your Facebook, your photo albums, and loads more. It may behoove you to examine your passwords and make sure they aren’t on the latest list of the 25 worst passwords by business software firm Splash Data, which is compiled once a year. The top three most common offenders — “password,” “123456,” and “12345678″ — are unchanged from previous years, but there are a few dubious newcomers, including catchy terms like “ninja,” “welcome,” and “jesus.”

To keep intruders out of your online life — so you don’t become a victim like tech blogger Mat Honan — your best bet is to choose a password that’s “longer than eight characters and includes letters, numbers, and characters,” says Kim Zetter at Wired. An easy way to do this is to use a memorable phrase and intersperse it with characters: “TheQuickBrownFox” for example could be “The&Quick&Brown&Fox2,” which is unquestionably stronger.

Here’s this year’s list of offenders, complete with ranking changes from last year:

Password Strength

Password Strength (Photo credit: wmharshana)

1. Password (Unchanged)

2. 123456 (Unchanged)

3. 12345678 (Unchanged)

4. abc123 (Up 1)

5. qwerty (Down 1)

6. monkey (Unchanged)

7. letmein (Up 1)

8. dragon (Up 2)

9. 111111 (Up 3)

10. baseball (Up 1)

11. iloveyou (Up 2)

12. trustno1 (Down 3)

13. 1234567 (Down 6)

14. sunshine (Up 1)

15. master (Down 1)

16. 123123 (Up 4)

17. welcome (New)

18. shadow (Up 1)

19. ashley (Down 3)

20. football (Up 5)

21. jesus (New)

22. michael (Up 2)

23. ninja (New)

24. mustang (New)

25. password1 (New)

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Sony’s PlayStation 3 experiences its biggest hack yet

October 19th, 2012 by admin No comments »

Hackers have found a way to break down one of the toughest defensive walls in Sony’s PlayStation 3 software securities, ensuring that those who use custom firmware can run homebrew software and pirated games forever.

A group calling itself “The Three Musketeers” on Monday released a secret set of LV0 codes that can decrypt the PlayStation 3’s Level 0 (LV0) security layer used by the primary boot loader. This means that hackers should always have the ability to release custom firmware for the device any time Sony updates the console’s software. Custom firmware gives PS3 owners the ability to run pirated games, homebrew software (such as retro game emulators), and even Linux.

English: The 120GB PS3 "Slim" model....

English: The 120GB PS3 "Slim" model. Shown with Dualshock 3 controller. (Photo credit: Wikipedia)

“This means that all future firmware’s and all future games are decryptable, and this time around they [Sony] really can’t do anything about it,” Marcan, one of the players in the fail0verflow exploit, wrote in a related Slashdot thread. “By extension, this means that given the usual cat-and-mouse game of analyzing and patching firmware, every current user of vulnerable or hacked firmware should be able to maintain that state through all future updates, as all future firmware’s can be decrypted and patched and resigned for old PS3s.”

Unfortunately, unless your PS3 runs custom firmware, or can downgrade to a custom firmware, the exploit means relatively nothing — for now. Check out a very informative FAQ — which derives from Marcan’s observations of the breakthrough — that describes the implications of the PS3 hack in plain english at the Wololo forums.

The group responsible for releasing the PS3 LV0 codes to the public only did so because a rival group had supposedly stolen the information, and planned to sell custom firmware based on it for profit.

Image representing Sony as depicted in CrunchBase

Image via CrunchBase

“You can be sure that if it wouldn’t have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now,” wrote the Musketeers in a note attached to the LV0 reveal.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Google, Microsoft and Yahoo fix serious email weakness

October 21st, 2012 by admin No comments »

Google, Microsoft and Yahoo have remedied a cryptographic weakness in their email systems that could allow an attacker to create a spoofed message that passes a mathematical security verification.

Image representing Google as depicted in Crunc...

Image via CrunchBase

The weakness affects DKIM, or Domain Keys Identified Mail, a security system used by major email senders. DKIM wraps a cryptographic signature around an email that verifies the domain name through which the message was sent, which helps more easily filter out spoofed messages from legitimate ones.

The problem lies with signing keys that are less than 1,024 bits, which can be factored due to increasing computer power. US-CERT said advisory issued Wednesday that signing keys less than 1,024 bits are weak, and that keys up to RSA-768 bits have been factored.

The issue came to light after Florida-based mathematician Zachary Harris was sent an email from a Google recruiter that used only a 512-bit key, according to a report published Wednesday by Wired magazine.

Thinking it might be some clever test by Google; he factored the key, then used it to send a spoofed message from Sergey Brin to Larry Page, Google’s founders.

It wasn’t a test but in fact a serious problem, one in which emails that could be bogus would be trusted. According to the DKIM standard, email messages that have keys shorter that 1,024 bits are not necessarily rejected.

Image representing Yahoo! as depicted in Crunc...

Image via CrunchBase

Harris found the problem wasn’t limited to Google, but also Microsoft and Yahoo, all of whom appeared to have fixed the issue as of two days ago, according to US-CERT. Harris told Wired he found either 512-bit or 768-bit keys in use at PayPal, Yahoo, Amazon, eBay, Apple, Dell, LinkedIn, Twitter, SBCGlobal, US Bank, HP, Match.com and HSBC.

Weak signing keys are a boon for cybercriminals. They selectively target people with emails containing malicious links in an attempt to exploit a computer’s software and install malware, a style of attack known as spear phishing. If an email contains the correct DKIM signature, it’s more likely to end up in a recipient’s inbox.

The former MSN logo used from 1999-2010. It is...

The former MSN logo used from 1999-2010. It is now used as a secondary logo. (Photo credit: Wikipedia)

US-CERT also warned of another problem. The DKIM specification allows a sender to flag that it is testing DKIM in messages. Some recipients will “accept DKIM messages in testing mode when the messages should be treated as if they were not DKIM signed,” US-CERT said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Why Google’s moving to a phone-like UI for Android tablets

October 29th, 2012 by admin No comments »
The official online color is: #A4C639 . 한국어: 공...

The official online color is: #A4C639 . 한국어: 공식 온라인 색은: #A4C639 . (Photo credit: Wikipedia)

Google’s new Android 4.2 Jelly Bean release is full of interesting new features, but one of the most noticeable changes is the way the platform looks on large-sized tablets.

In short, Google’s saying so long to the tablet UI introduced with Android 3.0 Honeycomb and carried over to Android 4.0 Ice Cream Sandwich — the one with tile-style notifications in the lower-right corner and the app drawer in the upper-right — and instead moving all large-screen devices to a setup similar to what’s on the Nexus 7, with a notifications pulldown at the top of the screen and a Favorites Tray at the bottom.

So what’s the reason for the change? It’s a question I’ve heard a lot lately, and one that’s prompted plenty of debate in the Android blogosphere, too. Today, we have some answers straight from the source.

Not surprisingly, much of it comes down to the goal of a consistent user experience. In a post on Google+ this afternoon, Android User Experience Director Matias Duarte cited “consistency and usability” as some of the biggest factors driving his team’s design decisions, going on to explain:

This new configuration is based on usability research we did on all of the different form factors and screen sizes that Android runs on. What mattered most of all was muscle memory — keeping the buttons where you expect them, no matter how you hold the device.

Phones are almost always used in portrait mode, flip sideways occasionally, and never go upside down. As screen sizes get larger, though, any which way goes. Imagine the frustration you’d feel if every time you picked up a tablet off the table “the wrong way up” you found yourself reaching for a home button that wasn’t where you expect it to be? That irritation adds up and over time like a tiny grain of sand in your shoe and undermines the rest of your experience.

The Jelly Bean system bar always keeps the same three buttons where you expect them. This happens dynamically for every screen size, up until you get to small handheld screens where stacking the bars in landscape mode would leave too little vertical space.

Duarte also pointed out that the new interface is designed to work equally well for left-handers and right-handers rather than favoring one positioning over the other.

So there you have it: the official explanation for Android’s revised approach to tablet UI. And hey, if you aren’t thrilled with the change, don’t fret: There’ll undoubtedly be plenty of third-party launchers and ROMs that’ll let you opt to stick with the Honeycomb-style UI if you want.

That’s the real beauty of this platform: Ultimately, you can decide what works for you. You’re practically never stuck with something just because that’s the way it ships — and that’s what we call Android power.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Windows 8 Released to the World, But is it Good?

November 1st, 2012 by admin No comments »

The wait is finally over; Microsoft Windows 8 is officially here. The newest iteration of the world’s most popular computer operating system was released today after months of demos and commercials showcasing it. Microsoft has said that over 1.24 billion hours of testing went into the new operating system and is in many ways hedging the future of the company on the new release. Because of the increased pressure from Apple and Google, Microsoft wants to assure consumers that they are still relevant in today’s world.

Image representing Microsoft as depicted in Cr...

Image via CrunchBase

Windows 8 marks a radical change for Microsoft in terms of the layout of their operating system. Gone is the traditional start menu, replaced by an entirely new start interface with “live tiles” and an array of downloadable applications from the all new Windows Store. Current windows users will notice a drastic change from Windows 7 to Windows 8. While the traditional “desktop” is still there, it is no longer the center of the computer’s processes, and more of a “background application”. Part of Microsoft’s reason for making such drastic changes to the interface is to make their operating system compatible across more devices. Microsoft is trying to not only keep hold of the traditional PC market, but also branch into tablets and smartphones. Windows 8 is truly built more for new hybrid, touch-based computers and tablets more so than traditional desktops, though it is built to run on those as well.

Having already downloaded Windows 8 to my laptop early this morning, I have only had a short time to interact with it. That being said, I noticed one thing right away, there is a steep learning curve. The interface, short of the traditional desktop which is now essentially an “app”, is completely different. Even for someone that is very familiar with the way Windows computers work, navigating Windows 8 is in many ways a whole new experience. That is not to say that all is bad. I do like the modern interface that Microsoft has introduced, and I like many of the new, full screen applications that are available from the Windows Store. I also like the deep integration with all Microsoft services, if you have an email account, that allows many settings and files to be synced over the cloud.

NEW YORK, NY - OCTOBER 25:  People walk past a...

NEW YORK, NY - OCTOBER 25: People walk past a display at a press conference unveiling the Microsoft Windows 8 operating system on October 25, 2012 in New York City. Windows 8 will offer a touch interface in an effort to bridge the gap between tablets, smartphones and personal computers. Microsoft will also be selling a tablet called Surface to compete in the competitive tablet market. (Image credit: Getty Images via @daylife)

There are, however, plenty of drawbacks, at least currently, to Windows 8. For starters, nothing is where it used to be. Just trying to turn the computer off takes multiple steps that may take users a while to figure out. Also while Windows 8 is “easy” to navigate, it is more so for a touch screen rather than a traditional computer. A traditional keyboard and mouse feel “out of place” in this new user interface, save for when working with the traditional desktop. I understand Microsoft wanting to make Windows 8 touch friendly for tablets and new touch-enabled computers, but traditional computers upgraded to the new OS feel a bit neglected. In addition, the current offering of applications in the Windows store is very limited, and until more popular applications are added, it will suffer.

Overall, my opinion of Windows 8 is still up in the air. While I think it is a must have if you are looking for a new, touch enabled PC, it is not yet a necessary upgrade for existing computers. If Microsoft continues to add new, relevant applications to its Windows Store and allows easier ways to interact with the traditional desktop, then I think it will truly be useful to everyone. It remains to be seen how the radical change in design will impact sales of the operating system, but one thing is certain right now, it is a new age for Microsoft and for the future of personal computers.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Windows 8 – 5 Security issues to watch out for

November 3rd, 2012 by admin No comments »

While Windows 8 has been touted as Microsoft’s most secure operating system featuring strong security enhancements, some issues remain which organizations must be aware of.

Michael Sentonas, CTO of McAfee Asia-Pacific, said a number of promising features seem to provide improved security within Windows 8.

Citing Microsoft which said Windows 8 will include “mitigation enhancements that further reduce the likelihood of common attacks”, Sentonas explained this meant changes it made to various core system components were focused on mitigating some of today’s most common exploits, making it harder for malware writers to develop new ones.

English: M in blue square (similar to seen on )

English: M in blue square (similar to seen on ) (Photo credit: Wikipedia)

However, David Hall, Asia-Pacific regional consumer product marketing manager at Symantec’s Norton, noted while new features such as file scanning with Microsoft Defender and Early Launch Anti-Malware (ELAM) do raise the bar, malware is like “water flowing down a hill”. It follows the path of least resistance and if one path is blocked off, it simply finds its way to the next easiest path, Hall said.

ZDNet Asia spoke to security advisors to identify five potential loopholes on the Windows 8 platform organizations should be mindful of.

1. Threats on Win 7 will work across Win 8
Windows 8 maintains backward compatibility with Windows 7, so the vast majority of both legitimate and malicious programs will also run unaltered on Windows 8 devices, Hall warned.

Luis Corrons, technical director of Panda Security’s Panda Labs, agreed. To target the biggest number of users possible, hackers typically work on malware which runs not only on Windows 8 but also previous versions of the OS, from Windows XP to Windows 7, he added.

Since the number of PCs currently running Windows 8 is still small, there will not be a surge of malware designed for the operating system yet, Spain-based Corrons said, but warned cybercriminals will start testing Windows 8 as users slowly migrate to the OS.

2. New cyberattacks already surfacing
In fact, since the release of Windows 8 platform, fake antivirus and phishing attacks aimed at the operating system have already been discovered, Sentonas pointed out.

Trend Micro last week discovered a fake antivirus named TROJ_FAKEAV.EHM, which displays fake scanning results to intimidate users to purchase its fake antivirus program packaged as a security tool made for Windows 8.

Sophos last week also said it intercepted a phishing attack which pretended to originate from the “Microsoft Windows 8 team”, offering free software through a Web link. When users click on the link, they will be taken to a Web page on a Slovakian Web server asking them to enter their username, password, e-mail address, and server domain name.

3. Social engineering not addressed
According to Hall, no steps were taken to mitigate social engineering in prior versions of Windows and these are still not addressed in Windows 8. Social engineering is one of the biggest security threats today as the user is often an “easy and successful target”, unable to distinguish between scams and legitimate items, he explained.

Corrons agreed, noting phishing e-mail attacks that leverage social engineering have already surfaced since the launch of Windows 8. “We see little [that's] new in Windows 8 to prevent this type of attacks and as such, this remains one of the biggest security holes,” Hall said.

4. Security additions still perimeter-based
Many of the added features in Windows 8 such as the ELAM and scanning of files with Defender are still based on signature-based technologies, observed Abhishek Singh, senior security research engineer at FireEye.

In an age where signature-based technologies will not be useful in protecting against these cyberattacks, Abhishek remarked.

As such, other security technologies which go beyond perimeter defense must be used along with Windows 8, he advised. For example, having a security tool which can catch an attack in real-time, based on behavior, will complement the security offerings in Windows 8, he suggested.

5. Vulnerabilities exist on Win 8
Sentonas pointed out vulnerabilities were discovered in the Windows 8 preview release. Even though some of these were also present in older operating systems and applications, the fact remains there will be vulnerabilities in the new OS and attackers will try to exploit them, he cautioned.

NEW YORK, NY - OCTOBER 25:  The Microsoft Wind...

NEW YORK, NY - OCTOBER 25: The Microsoft Windows 8 logo is displayed following a press conference unveiling the Microsoft Windows 8 operating system on October 25, 2012 in New York City. Windows 8 offers a touch interface in an effort to bridge the gap between tablets and personal computers. (Image credit: Getty Images via @daylife)

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Crippling Stuxnet virus infected Chevron’s network too

November 5th, 2012 by admin No comments »

Stuxnet, the sophisticated computer virus that attacked a nuclear enrichment facility in Iran two years ago, also inadvertently infected Chevron’s network.

Reportedly created by the U.S. and Israel, the highly destructive worm was designed to infect Iran’s Natanz nuclear facility. Rather than steal data, Stuxnet left a back door meant to be accessed remotely to allow outsiders to stealthily knock the facility offline and at least temporarily cripple Iran’s nuclear program.

The Sportsmanship of Cyber-warfare ...item 2.....

The Sportsmanship of Cyber-warfare ...item 2.. Gauss, a new "cyber-espionage toolkit" (August 9, 2012 11:08 AM PDT) ...item 3.. New U.S. intelligence report raises urgency over Iran's nuclear program (Aug.09, 2012) (Photo credit: marsmet545)

The oil giant discovered the malware in July 2010 after the virus escaped from its intended target, Mark Koelmel, Chevron’s general manager of the earth sciences department, told The Wall Street Journal.

“I don’t think the U.S. government even realized how far it had spread,” he said. “I think the downside of what they did is going to be far worse than what they actually accomplished.” A Chevron spokesperson told CNET that the company’s network was not adversely affected by the virus. ”Two years ago, our security systems identified the Stuxnet virus. We immediately addressed the issue without incident,” a Chevron representative said.

The payload was reportedly delivered to the facility on a standard thumb drive by an Iranian double agent working for Israel. Even though Stuxnet targeted industrial facilities, it also infected regular PCs and as a result was discovered in June 2010, about a year after the earliest known version was believed to be created. In September 2011 came Duqu, which has identical code to Stuxnet but which appeared designed for cyber espionage instead of sabotage.

In June, The New York Times confirmed long-held suspicions that the U.S. was behind Stuxnet. Citing unnamed U.S. government sources, The Times reported that Stuxnet was developed by the U.S., possibly with help from Israel, as a way to preempt a military strike against Iran over its nuclear program. Israel has denied involvement in both Stuxnet and Flame, another complex targeted virus discovered stealing datain the Middle East, while the U.S. has not outright distanced itself from either.

U.S. officials have blamed Iran for creating the Shamoon virus, which was responsible for a cyberattack that infected more than 30,000 computers at Saudi Arabian oil company Saudi Aramco and Qatar’s natural gas firm Rasgas in mid-August.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Infamous Hacker Heading Chinese Antivirus Firm!

November 7th, 2012 by admin No comments »

What does a young Chinese hacker do once he’s achieved legendary status for developing Microsoft Office zero-day exploits and using them to hoover up piles of sensitive data from U.S. Defense Department contractors? Would you believe: Start an antivirus firm?

That appears to be what’s happened at Anvisoft, a Chinese antivirus startup that is being somewhat cagey about its origins and leadership. I stumbled across a discussion on the informativeMalwarebytes user forum, in which forum regulars were scratching their heads over whether this was a legitimate antivirus vendor. Anvisoft had already been whitelisted by several other antivirus and security products (including Comodo), but the discussion thread on Malwarebytes about who was running this company was inconclusive, prompting me to dig deeper.

I turned to Anvisoft’s own user forum, and found that I wasn’t the only one hungry for answers. This guy asked a similar question back in April 2012, and was answered by an Anvisoft staff member named “Ivy,” who said Anvisoft was “a new company with no past records, and we located in Canada.” Follow-up questions to the Anvisoft forum admins about the names of company executives produced this response, again from Ivy:

“The person who runs anvisoft company is not worth mentioning because he is unknown to you.  Yes, the company is located at Canada. 5334 Yonge Street, Suite 141, Toronto, Ontario M2N 6V1, Canada.”

A quick review of the Web site registration records for anvisoft.com indicated the company was located in Freemont, Calif. And a search on the company’s brand name turned uptrademark registration records that put Anvisoft in the high-tech zone of Chengdu, a city in the Sichuan Province of China.

Urged on by these apparent inconsistencies, I decided to take a look back at the site’s original WHOIS records, using the historical WHOIS database maintained by domaintools.com. For many months, the domain’s registration records were hidden behind paid WHOIS record privacy protection services. But in late November 2011 — just prior to Anvisoft’s official launch — that WHOIS privacy veil was briefly lowered, revealing this record:

Registrant:

wth rose

Moor Building  ST Fremont. U.S.A

Fremont, California 94538

United States

Administrative Contact:

rose, wth  wthrose@gmail.com

Moor Building  ST Fremont. U.S.A

Fremont, California 94538

United States

(510) 783-9288

A few days later, the “wth rose” registrant name was replaced with “Anvisoft Technology,” and the wthrose@gmail.com address usurped by “anvisoftceo@gmail.com” (emails to both addresses went unanswered). But this only made me more curious, so I had a look at the Web server where anvisoft.com is hosted.

The current Internet address of anvisoft.com is 184.173.181.194, and a reverse DNS lookupon this IP address tells me that there are at least three other domain names hosted at this address: nxee.comoyeah.com, and coversite.com. The latter forwards to a domain parking service and its WHOIS information is shielded.

But both oyeah.com and nxee.com also were originally registered to wth rose and wthrose@gmail.com. And their WHOIS records history went back even further, revealing a more fascinating detail: Prior to being updated with Anvisoft’s corporate information, they also were registered to a user named “tandailin” in Gaoxingu, China, with the email addresstandailin@163.com.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Google Chrome is Getting faster!

November 9th, 2012 by admin No comments »

It’s not just your imagination — Chrome really is getting faster.

Google said today that its JavaScript benchmark tool shows Chrome is 26 percent fa

google chrome

google chrome (Photo credit: toprankonlinemarketing)

ster than it was last year.

“Stability sometimes takes higher priority, but we’re still manic about improving Chrome’s speed,” Google’s Toon Verwaest said in a blog post.

One way Google avoids the bloat that has crippled other browsers over the years — the company set up automated tests to notify engineers whenever a change in the code makes the browser slower, Verwaest said.

The company’s efforts aren’t limited to JavaScript improvements — it also made recent moves to reduce the browser’s startup time.

Chrome has slowly but steadily improved its market share since its debut four years ago; its focus on speed is surely a top reason why.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

MoneyGram Fined $100 Million for Wire Fraud

November 11th, 2012 by admin No comments »

A week ago Friday, the U.S. Justice Department announced that MoneyGram International had agreed to pay a $100 million fine and admit to criminally aiding and abetting wire fraud and failing to maintain an effective anti-money laundering program. Loyal readers of this blog no doubt recognize the crucial role that MoneyGram and its competitors play in the siphoning of millions of dollars annually from hacked small- to mid-sized business, but incredibly this settlement appears to be unrelated to these cyber heists.

According to the DOJ, the scams – which generally targeted the elderly and other vulnerable groups – included posing as victims’ relatives in urgent need of money and falsely promising victims large cash prizes, various high-ticket items for sale over the Internet at deeply discounted prices or employment opportunities as ‘secret shoppers.’  In each case, the perpetrators required the victims to send them funds through MoneyGram’s money transfer system.”

The government found that the heart of the problems at MoneyGram stemmed from the age-old conflict between the security staff and the folks in sales & marketing (oh, and willful neglect of employee fraud).

“Despite thousands of complaints by customers who were victims of fraud, MoneyGram failed to terminate agents that it knew were involved in scams.  As early as 2003, MoneyGram’s fraud department would identify specific MoneyGram agents believed to be involved in fraud schemes and recommended termination of those agents to senior management.  These termination recommendations were rarely accepted because they were not approved by executives in the sales department and, as a result, fraudulent activity grew from 1,575 reported instances of fraud by customers in the United States and Canada in 2004 to 19,614 reported instances in 2008.  Cumulatively, from 2004 through 2009, MoneyGram customers reported instances of fraud totaling at least $100 million…To date, the U.S. Attorney’s Office for the Middle District of Pennsylvania has brought conspiracy, fraud and money laundering charges against 28 former MoneyGram agents.”

$100 million may seem like a painful fine, unless you take a look at MoneyGram’s company facts page, which states some fairly staggering figures: “MoneyGram has 293,000 agent locations in 197 countries and territories,” or, to put it another way, “more than twice the locations of McDonald’s, Starbucks, Subway and Wal-Mart combined.”

The company doesn’t say how much money it moved last year, but an older version of that page said that in 2010, approximately $19 billion was sent around the world using MoneyGram transfer services. The same page notes that MoneyGram is the second-largest money transfer company in the world. Second only to Western Union, no doubt, which has long struggled with many of the same anti-money laundering problems.

Each week, I reach out to or am contacted by organizations that are losing hundreds of thousands of dollars via cyber heists. In nearly every case, the sequence of events is virtually the same: The organization’s controller opens a malware-laced email attachment, and infects his or her PC with a Trojan that lets the attackers control the system from afar. The attackers then log in to the victim’s bank accounts, check the account balances – and assuming there are funds to be plundered — add dozens of money mules to the victim organization’s payroll. The money mules are then instructed to visit their banks and withdraw the fraudulent transfers in cash, and wire the money in smaller chunks via a combination of nearby MoneyGram and Western Union locations.

The latest example: On Nov. 16, 2012, attackers logged into accounts at Performance Autoplex II Ltd., a Honda dealer based in Midland, Texas, and began adding money mulesto the company’s payroll. The thieves added at least nine mules, sending each a little more than $9,000. One of the mules used in this attack — a Louisa Lies (no kidding, that’s her real last name) — got two transfers totaling $9,220.58. She was instructed to visit two different Western Union locations, sending a total of $3,844 to two different recipients (one in Russia, the other Ukraine); Lies sent another pair of transfers (again, to two different people in Russia and Ukraine) totaling just over $5,000, via two separate MoneyGram locations. Lies said she paid $155 in fees to Western Union, and $136 in MoneyGram charges.
It appears that there were at least eight other money mules who were sent and forwarded on similar sized transactions drawn on the hacked Honda dealer’s accounts. If we assume that the average transfer fee that MoneyGram charged for those transactions was about $150, that means MoneyGram received about $1,350 of the money stolen from the Honda dealership. Now imagine that there are dozens of U.S. small businesses each week that find themselves in a similar situation, and you begin to get an idea of MoneyGram’s (and Western Union’s) role in this type of fraud.

Saying that MoneyGram has a problem combating money laundering is a bit like observing that the American people havetruthiness and trust issues with Wall Street.

Saying that MoneyGram has a problem combating money laundering is a bit like observing that the American people have truthiness and trust issues with Wall Street. Perhaps fittingly, MoneyGram was one of the first publicly traded U.S. companies to face serious financial trouble after the housing and credit markets began weakening in 2007, and in 2008 Goldman Sachs owned a 79 percent stake in the firm. MoneyGram ended up paying $80 million to settle a securities fraud lawsuit stemming from losses on subprime loan investments at the time.

Between now and then, the company has settled a bevy of other fraud-related lawsuits, including a case in 2008 with 43 U.S. states, and an $18 million fraud case brought in 2009 by the Federal Trade Commission.

According to the DOJ, MoneyGram has agreed to enhance compliance obligations and structural changes to prevent a repeat of the charged conduct, including:

-Creation of an independent compliance and ethics committee of the board of directors with direct oversight of the chief compliance officer and the compliance program;

-Adoption of a worldwide anti-fraud and anti-money laundering standard to ensure all MoneyGram agents throughout the world will, at a minimum, be required to adhere to U.S. anti-fraud and anti-money laundering standards;

-Adoption of a bonus system which rates all executives on success in meeting compliance obligations, with failure making the executive ineligible for any bonus for that year; and

-Adoption of enhanced due diligence for agents deemed to be high risk or operating in a high-risk area.

The DOJ further said that to oversee implementation and maintenance of these terms, and to evaluate the overall effectiveness of its anti-fraud and anti-money laundering programs, MoneyGram has agreed to retain an independent corporate monitor who will report regularly to the Justice Department.

I don’t claim to have the answers about what MoneyGram could be doing better to fight fraudulent uses of its network, but here’s hoping the newly agreed-upon anti-fraud measures don’t overlook the rampant use of MoneyGram’s services in costly and disruptive cyberheists against America’s small businesses.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Anonymous Attacks ‘cost PayPal GBP 3.5m’

November 13th, 2012 by admin No comments »

The Anonymous hacking group cost PayPal £3.5 million when it carried out an attack on its websites, it was alleged in court this week.

The court in London heard that student Christopher Weatherhead, 22, was studying at Northampton University when he

Image representing PayPal as depicted in Crunc...

Image via CrunchBase

purportedly took part in a distributed denial of service (DDoS) campaign against PayPal.

It was said that Weatherhead was part of the Anonymous hacking group, which targeted companies who opposed internet piracy, but who later attacked PayPal after it refused to process Wikileaks payments.

Weatherhead denies a charge of conspiracy. He has pleaded not guilty to conspiring to impair the operation of computers between 1 August 2010 and 22 January 2011. Three other men have already pleaded guilty to the charge.

As well as PayPal, MasterCard, Visa, the Ministry of Sound, the British Recorded Music Industry and the International Federation of the Phonographic Industry were also targeted by the Anonymous group.

Prosecutor Sandip Patel said PayPal was chosen after it refused in December 2010 to process payments for the Wau Holland Foundation, which was raising money to keep Wikileaks going.

Weatherhead is said to have used the online name Nerdo, when posting plans for the attacks on an internet relay chat (IRC) channel hosted in Russia.

Patel said PayPal was the victim of a series of attacks “which caused considerable damage to its reputation and loss of trade”.

He said more than 100 workers from PayPal’s parent company eBay spent three weeks working on issues related to the attacks. PayPal, it was heard, also had to pay for more software and hardware to defend against similar attacks in the future. Patel said the total cost to the firm was “estimated at £3.5 million”.

The prosecution said the BPI, which was the subject of an attack in September 2010, had paid out £3,996 for improved online security, whilst the Ministry of Sound had spent an extra £9,000 on security after its four websites were attacked in October 2010.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Windows 8 Apps Store Cracks 20,000, Most of Them Free

November 15th, 2012 by admin No comments »

While 20,000 apps in an online store may seem paltry compared to the more than 700,000 apps in Apple’s store and more than 600,000 apps in Google Play, for an upstart in the app trade like Microsoft, the milestone is significant.

Microsoft Windows wordmark

Microsoft Windows wordmark (Photo credit: Wikipedia)

Microsoft broke the 20,000 mark on Tuesday, according to Directions on Microsoft Windows app store watcher Wes Miller. Nearly 18,000, or 87 percent, of those apps are free, according to Miller.

Those are worldwide numbers. The total number of apps available within regions varies. For example, the Canadian Windows 8 app store has some 14,000 programs, while the U.S. has 12,675; and the U.K., some 11,000.

What must be heartening for Microsoft is the velocity at which apps are being added to its online market: some 500 new apps appear each day, according to The Next Web.

At that rate, the store could reach 40,000 apps by the end of the year. Moreover, that climb should remain steep as buyers of new Windows PCs during the holiday season hunt for apps for their new computers for weeks to come, and developers feverishly seek to meet that demand.

Nevertheless, app uploads must accelerate even more for Microsoft to meet its goal of 100,000 apps in the store within 90 days from the launch of Windows 8 on October 26.

Comparing the number of apps in the Windows 8 store to the Apple App Store and Google Play can be misleading, though, since those outlets service mobile devices. A more suitable comparison might be made between the Windows store and Apple’s Mac App Store. From January 2011 to April 2012, only 10,000 apps were added to that Apple outlet.

Uploads at the Windows 8 app store have been a source of controversy for Microsoft in recent days. The sudden departure of the top dog in Microsoft’s Windows division, Steven Sinofsky, was attributed by some Redmond watchers to Sinofsky’s conflicts with CEO Steve Ballmer over the pace of growth at the app outlet.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Goodbye pseudonyms! Android app store reviews will now show your Google+ name and picture

November 17th, 2012 by admin No comments »

In Google’s relentless drive to encourage the world to give a damn about its Google+ social network, the software giant has decided to force users who want to leave reviews of Android apps to do so using their Google+ name and picture.

In short, there will be no more pseudonymous reviews on Google Play – from now on, any feedback you leave on Android apps will be accompanied by your name and photograph.

Image representing Android as depicted in Crun...

Image via CrunchBase

Earlier this year, Google began encouraging YouTube users to also start using their Google+ name and profile picture on the video-sharing site. Google is not yet enforcing the use of real names on YouTube, but if they did it might help clean up the cesspool of commentary that is frequently found up there.

Google Plus’s real-name policy has been the subject of controversy in the past, as there are legitimate and understandable reasons why people sometimes want to be anonymous on the net.

Image representing Google as depicted in Crunc...

Image via CrunchBase

Yes, even when leaving app reviews. For instance, you can understand why some folks may not want others to know what Android apps they have installed, or to have crazy-ass app developers know exactly who it was who slagged off their rubbish fart app.

Meanwhile, there are no such problems over in the rival iTunes app store for iPhone and iPad owners, who Apple allows to use a pseudonym when leaving reviews.

If you have an Android device, and these are issues that concern you, then the answer is simple – either stop leaving reviews of Android apps, or create a bogus Google+ account using a pseudonym and hope that Google doesn’t notice you’ve broken their rules.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

How to Prevent Spear Phishing Attacks

November 19th, 2012 by admin No comments »

An unsuspecting secretary receives an email about a package due for delivery, and clicks on a link or an attachment in the message to track its progress. In that split second, she unknowingly compromises her company’s network security and starts a chain of events that will bring the company to its knees.

Image representing iPad as depicted in CrunchBase

Image via CrunchBase

It may sound far-fetched, but scenarios like this play out every day as companies fall victim to “spear phishing” or targeted malicious email attacks. It was just a spear phishing attack that led to the 2011 breach at security firm RSA.

These attacks differ from more common general phishing attacks which are usually carried out by fraudsters and petty criminals. Spear phishing attacks are perpetrated by more sophisticated criminals as well as industrial competitors, industrial spies and even nation states. While phishers are usually attempting to steal from the victim, spear phishers attempt to compromise the victim’s company’s network and systems to steal corporate secrets, intellectual property and other valuable information.

It’s not uncommon for some element of research to be carried out before potential victims are identified, and emails are specially crafted using social engineering techniques to entice the recipient to open a weaponized attachment, click on a link to a malicious site, or simply enter confidential information such as log-in credentials into a spoofed site.

Email and Emotion

“Spear phishers play on people’s emotions, and often use curiosity, fear or the offer of a reward to arouse interest,” says Scott Greaux, a VP at anti-spear phishing training firm Phishme. “They will often pique your curiosity by saying you have missed a package — and who doesn’t love to receive a package? — or warn that an account is about to be closed. Or they will offer a reward; perhaps the email will say that you have won an iPad in recognition for outstanding work for your company.”

The simplest way for a spear phisher to carry out an attack is to get the victim to click on a malicious attachment.Research by security firm FireEye found that in the first half of this year the names of 23 percent of malicious attachments included the words “DHL” or “notification” and 12 percent included the word “delivery.” Typical attachment names included “DHL document.zip,” “Fedex_Invoice.zip” and “Label_Parcel_IS741-1345US.zip.” The malicious attachment that led to the RSA security breach was called “2011 Recruitment plan.xls.”

Email gateways and anti-virus scanners can detect many of these email attachments, and for this reason Greaux says this type of spear phishing attack is becoming less common. “Malicious attachments are still viable, but there is a shift toward emails that entice you to click on a link that takes you to a website that then attempts to exploit multiple vulnerabilities in your system.”

Security gateways may also filter out emails with malicious links, but the difficulty is that the websites that the links point to may not be malicious at the time that the emails are scanned and delivered. If malicious code is added to the websites after delivery, but before an employee clicks on the link, any attack could be successful.

Security firm Proofpoint has come up with an unusual way to counter this problem. Its Targeted Attack Protectionservice  examines every email that comes in to an organization and rewrites any URLs so the links point first to Proofpoint’s servers. If a user clicks on a rewritten link in an email — perhaps a week or so later — a Proofpoint server goes to the original link and opens the resulting Web page in a sandboxed environment and checks to see if any malicious activity results. If not, the user’s browser is redirected to the page as if nothing had happened, but if the link is malicious then the attack is blocked.

“Traditional security systems will block 98 or 99 percent of malicious emails, but some low volume targeted attacks will get through. We deal with that last 1 or 2 percent, and are 99 percent effective with that,” says David Knight, a Proofpoint marketing vice president. “So if we see 10,000 malicious URLs per day, we stop all but a hundred getting through. And if employee click rates are about 1 to 4 percent, then only about one to four potentially successful attacks are received per day.”

Fool Me Once, Won’t Fool Me Twice

To counter the threat of spear phishing, many companies provide staff training to help employees detect malicious emails before they respond to them. Trainers warn users against clicking on attachments or links in emails even if they appear to come from a trusted source unless they are expected, and recommend  typing URLs into a browser by hand rather than clicking on a link in an email.

But Phishme’s Scott Greaux says that even after a training session, typical users still fall for many spear phishing attacks. To make things worse, the percentage they fall for increases over time.

One way to increase the effectiveness of training is to send out realistic simulated spear phishing emails to employees after they have received training, Greaux says. Phishme’s cloud-based spear phishing simulator enables security staff to import corporate email addresses into the Phishme system. Simulated spear phishing emails can then be crafted from templates based on real spear phishing emails and sent out to employees.

Those that “fall” for the email by clicking on an attachment or link are immediately presented with information telling them that the email was part of a security exercise — either within the attachment they clicked on, or on the Web page that the link points to. They are also reminded about how they might have detected that it was a spear phishing email, how they can report spear phishing emails, and what they should do if they think that they have responded to a real one.

“The education is immediate, and delivered when employees are likely to respond to it,” says Greaux. Phishme’s system also provides administrators with statistics that show how many users respond to each simulated phishing email, the responses of individual users or groups of users, and how these vary over time. This information can be used to plan future training sessions, if necessary.

Phishme’s service is used by large organizations such as Lilly, an international pharmaceutical company with over 40,000 employees around the world. “We get so much garbage malicious email coming in that it is appropriate to combat people’s propensity to click on malicious links,” explains Robert Pyburn, a Lilly security consultant. He uses Phishme’s system to send out one email per month to a large group of employees – each one designed to be harder to detect than previous ones.

“If you came up with a difficult message to begin with, everyone would fail,” explains Pyburn. “Ultimately the goal is to raise the educational level. We are quite early on in the process, but the signs are that people are beginning to learn and starting to think before they click.”

For the system to be effective, Phishme recommends sending simulated spear phishing emails at least once a quarter. Greaux claims that one customer which carried out five exercises in six months experienced a drop in the proportion of staff responding to spear phishing emails from 52 percent to just over 3 percent. Another customer reduced its staff’s response rate from 70 percent to 5 percent, but the number drifted back to 20 percent when no further exercises were carried out for a period of eight months.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

5 Ways to Make Your Browser More Secure

November 21st, 2012 by admin No comments »
English: This is a icon for Firefox Web Browser.

English: This is a icon for Firefox Web Browser. (Photo credit: Wikipedia)

While installing antivirus software is a good start to safe Internet browsing, it’s only a start. There is much more you can do to help protect yourself when browsing the Web than merely installing antivirus.

Here I’ll share a couple ways. In this article you’ll discover extra security features in Firefox and Chrome, sandboxing to secure any browser, third-party DNS service for content filtering, and VPNs for securing your browsing while on Wi-Fi hotspots and other public networks.

Create a master password in Firefox

In Firefox you (or anyone on your Windows account) can bring up the list of passwords that have been saved by the browser when logging on websites. Simply click FirefoxOptionsSecuritySaved Passwords

Image representing Google Chrome as depicted i...

Image via CrunchBase

By default the actual passwords don’t show until you click the Show Passwords button, and then a Password column is added showing the passwords for all sites.

Obviously, this can be an issue if you let someone you don’t trust use or borrow your computer. Additionally, third-party utilities and malware can potentially retrieve this list as well. Though you may not find passwords saved for highly sensitive sites like your bank or other financial institutions (as they usually prevent saving), someone might be able to guess the passwords for those if you use the same or similar passwords on other sites.

Fortunately, unlike other browsers like Chrome, Firefox allows you to set a master password to encrypt and password-protect your saved website passwords. Therefore the first time for each Firefox session that you access a site that has a password saved by Firefox, you must enter the master password in order to load the saved password. Additionally, it must be entered every time someone tries to view the list of passwords via the settings. Furthermore, the encryption also prevents third-party utilities and malware from accessing the saved passwords as well.

To set a master password click FirefoxOptionsSecurity and select Use a master password.

Change encryption settings for Chrome syncing

The Google Chrome browser has a syncing feature like Firefox does to sync your saved passwords and other browser data/settings with other computers and devices. But by default, Chrome only encrypts your saved passwords when syncing your browsing data across the Internet to your other synced computers and devices. Additionally, the only password needed to sync new computers and devices is your Google password. So if someone else knows your Google password or your account becomes hacked, they can sync with your browser data and gain access to your saved passwords—potentially very dangerous.

Google Chrome, however, does provide additional safety measures you can utilize to make syncing more secure. You can choose to encrypt all synced data and/or you can create your own encryption passphrase for double password protection.

When you create a passphrase, it’s used to encrypt and decrypt your synced browsing data instead of your Google account password. Thus when you setup a new computer or device to sync with your browsing data, you must login to your Google account and then also enter your passphrase.

To change your syncing settings for Chrome, click the Wrench iconSettingsAdvanced sync settings.

Run your browser in a sandbox

Sandboxing is a term loosely used to describe the process of running a Web browser or any program in a virtual, separate and/or limited environment. You can “play” in the sandbox (visiting questionable sites and even downloading viruses) and your main hard drive, OS and system shouldn’t be affected by any changes or infections made inside the sandbox. Or vice-versa: You could use a sandbox to protect your Web browser (like when doing online banking) or a program from any malware you might have on your main system.

Some antivirus suites have a sandbox feature, but the functionality differs. Some are designed for only running the Web browser and may be marketed toward questionable browsing and/or safe browsing scenarios. Others may be designed to launch any program in the sandbox as well, which may be done automatically for suspicious programs you download.

If your antivirus suite doesn’t include a sandboxing feature, or lacks the functionality you desire, consider using the freeware Sandboxie utility.

It allows you to create multiple custom sandbox environments — but remember, by default it comes with only one sandbox setup. So if you plan to do both questionable and safe browsing, create a second sandbox so you can use one for questionable browsing and another for safe browsing (like online banking).

Use OpenDNS for network’s DNS service

OpenDNS provides free and commercial Domain Name System (DNS) services for residential, business and enterprise networks. In addition to offering potentially faster, more reliable and secure DNS service than your ISP, it can help secure your overall Web browsing as well.

Its DNS-based content filter can be applied to your entire network, without having to install software on each computer or device. You can block site types like pornography, illegal, social networking or specific websites. Plus it can help block known malware-spreading sites and protect against some DNS-based browsing attacks.

Use VPNs when on public networks or Wi-Fi hotspots

When you’re on public networks—plugged into a port or connected to a Wi-Fi hotspot—remember most don’t encrypt the connection and anyone can intercept your Internet traffic. Others seeing what websites you’re visiting might not be a big deal, but they could potentially intercept your emails and passwords, and even hijack your accounts for sites that aren’t encrypted with HTTPS/SSL. Therefore, it’s best to connect to a Virtual Private Network (VPN) at least before accessing your email or other sites that might not be encrypted.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Hackers steal and publish e-mails from U.N. nuclear agency

November 23rd, 2012 by admin No comments »

Hackers have made their way into one of the servers of the United Nation’s International Atomic Energy Agency, according to Reuters. The agency confirmed that the hackers stole information and published it online.

English: Flag of the International Atomic Ener...

English: Flag of the International Atomic Energy Agency (IAEA), an organization of the United Nations Deutsch: Flagge der Internationalen Atomenergieorganisation (IAEO), eine Organisation der Vereinten Nationen (Photo credit: Wikipedia)

“The IAEA deeply regrets this publication of information stolen from an old server that was shut down some time ago,” agency spokesperson Gill Tudor told Reuters. “The IAEA’s technical and security teams are continuing to analyze the situation and do everything possible to help ensure that no further information is vulnerable.”

A group that calls itself “Parastoo” claimed responsibility and posted the information online in a Pastebin document, which features a list of more than 100 e-mail addresses. According to Parastoo, the e-mails belong to people who “help” IAEA and should sign a petition “demanding an open IAEA investigation into activities at Dimona.”

The IAEA confirmed that the e-mail addresses belonged to experts working with the agency, which an international organization is charged with ending the proliferation of nuclear weapons around the world. It also works on advancing the use of nuclear energy as an alternative means of fuel.

There are only five countries in the world permitted to have nuclear weapons, and Parastoo claims that Israel — which is not allowed to amass such weapons — is building them at its Negev Nuclear Research Center near the city of Dimona.

This security breach comes on the heels of Anonymous against Israel in protest of attacks against Gaza. Anonymous dubbed its campaign OpIsrael and attempted to take more than 600 Israeli Web sites offline or deface them. The group also released a list of thousands of individuals who supposedly donated to a pro-Israel organization.

Parastoo does not claim to be associated with Anonymous. It has threatened, however, to publish the whereabouts and personal and professional details of all the people on its email list.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Java Zero-Day Exploit on Sale for ‘Five Digits’

December 1st, 2012 by admin No comments »

Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracle’s Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned.

Java (programming language)

Java (programming language) (Photo credit: Wikipedia)

The flaw, currently being sold by an established member of an invite-only Underweb forum, targets an unpatched vulnerability in Java JRE 7 Update 9, the most recent version of Java (the seller says this flaw does not exist in Java 6 or earlier versions).

According to the vendor, the weakness resides within the Java class “MidiDevice.Info,” a component of Java that handles audio input and output. “Code execution is very reliable, worked on all 7 version I tested with Firefox andMSIE on Windows 7,” the seller explained in a sales thread on his exploit. It is not clear whether Chrome also is affected. “I will only sell this ONE TIME and I leave no guarantee that it will not be patched so use it quickly.”

The seller was not terribly specific on the price he is asking for this exploit, but set the expected offer at “five digits.” The price of any exploit is ultimately whatever the market will bear, but this is roughly in line with the last Java zero-day exploit that was being traded and sold on the underground. In August, I wrote about a newly discovered Java exploit being folded into the BlackHole exploit kit, quoting the author of that crimeware tool as saying that “the price of such an exploit if it were sold privately would be about $100,000.”

I have repeatedly urged readers who have no use for Java to remove it from their systems entirely. This is a very complex  program that is widely installed (Oracle claims that some 3 billion devices run Java), and those two qualities make it a favorite target for attackers. What’s more, Java is a cross-platform technology, meaning that applications written to run in Java can run seamlessly across multiple operating systems. Indeed, some 650,000 Mac users discovered this the hard way earlier this year, when the Flashback worm took advantage of an unpatched vulnerability that was present in Apple’s version of Java.

Apple has since taken steps to unplug Java from the browser in OS X, and this is the very approach I’ve recommended for users who need Java for specific Web sites or applications (see: How to Unplug Java from the Browser).  If you need Java for specific Web sites, I would suggest a two-browser approach. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (ChromeIE9Safari, etc.) with Java enabled to browse only the site that requires it.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

How to Avoid Rogue Security Software

December 3rd, 2012 by admin No comments »

What can you do to help prevent the spread of rogues and make sure that rogue software vendors stop profiting from their unscrupulous business? Follow these tips below to tell what’s real and what’s not when it comes to security software – and share them with friends and family who may be vulnerable to rogue threats.

Avoid Area, Central London, 25 October 2009

Avoid Area, Central London, 25 October 2009 (Photo credit: ed_needs_a_bicycle)

  1. Do not fall for scare tactics. While browsing sites, be cautious of pop-ups warning you that your system is infected and offering a product to clean it up. Never pay for a program that installed itself to your computer. This is a hallmark of rogue software.
  2. Use security software with real-time protection and keep it up-to-date. If you know that you have anti-virus, anti-spyware, and a firewall on your PC, you can safely ignore security alerts you receive that do not come from your chosen security software provider. (Rogue security software will often try to lure computer uses by using legitimate looking pop-up messages that appear to be security alerts.) Also, most anti-malware programs, like Lavasoft’s Ad-Aware, will help keep you protected from rogues because they can detect and remove these programs.
  3. Access experts at the Lavasoft Support Forums or other security forums and ask about the software you are considering before you decide to purchase it.
  4. Read the software reviews at reputable sites like Download.com. Do not blindly trust individual sites offering security products. You can also refer to Lavasoft’s Rogue Gallery to check to see if a program in question is listed as a rogue.
  5. Ask knowledgeable friends and family members about quality software they use. Keep in mind that when you search for trustworthy security software online, rogue products can, and often do, appear in the search results list.
  6. Practice online skepticism. Be aware that rogue security software does exist on the Web, and be vigilant about avoiding it. These programs are designed to appear genuine – meaning they may mimic legitimate programs, use false awards and reviews to rope you in, or employ other deceptive tactics. It’s also a good idea to familiarize yourself with common phishing scams, and to be cautious of links in e-mail messages and on social networking sites.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Skype’s gaping security hole – and how you could have been safe

December 5th, 2012 by admin No comments »
Image representing Skype as depicted in CrunchBase

Image via CrunchBase

It’s one of the most glaring security holes I’ve ever seen from a major online service provider: Anyone could have hijacked your Skype account if they knew the email address you used to set up your account.

Just your email address. That’s it.

No last four digits of your credit card. No password. No associated Microsoft ID. No actual access to your email account.

All they needed to know is your email address.

How scary is that? Especially for people who have purchased Skype credits or other services and have auto-recharge enabled? Someone could have made thousands of dollars of calls from a hijacked account.

Even more alarming, this may have been a problem for at least 2 months, yet it was just addressed today.

Yet if you think there’s nothing you could have done to protect yourself from this kind of unanticipated security lapse by a provider many expect should be trustworthy, you’re wrong. Sorry to say I told you so (OK, maybe not all that sorry), but Kaspersky’s suggested workaround is something I advised in my60-minute security makeover: Don’t use a publicly known email address for account login and password-reset contact info on other accounts.

Instead, use one or more separate addresses that you reserve only for this use and not for any other type of communication. This makes it harder for someone who knows your personal or business email address to use that information to gain access to other accounts.

Kaspersky advised this morning: “To protect yourself against this exploit, we recommend changing the e-mail address associated with the Skype account to a new, never-before-used address. This should prevent hackers from guessing your e-mail associated with Skype and hijacking it.”

Heeding that advice for all your accounts — or at least the ones without two-factor authentication enabled — seems a lot less like security paranoia and a lot more like a sensible approach today.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

LogMeIn, DocuSign Investigate Breach Claims

December 7th, 2012 by admin No comments »

Customers of remote PC administration service Logmein.com and electronic signature provider Docusign.com are complaining of a possible breach of customer information after receiving malware-laced emails to accounts they registered exclusively for use with those companies. Both companies say they are investigating the incidents, but so far have found no evidence of a security breach.

LogMeIn

LogMeIn (Photo credit: Wikipedia)

Some LogMeIn users began complaining of receiving malware spam to LogMeIn-specific email addresses on Dec. 3, 2012. The messages matched spam campaigns that spoofed the U.S. Internal Revenue Service (IRS) and other organizations in a bid to trick recipients into opening a malicious attachment.  Multiple LogMeIn users reported receiving similar spam to addresses they had created specifically for their LogMeIn accounts and that had not been used for other purposes. The first LogMeIn user to report the suspicious activity said he received a malicious email made to look like it came from DocuSign but was sent to an address that was created exclusively for use with LogMeIn (hat tip to @PogoWasRight).

“I have an email account that allows me to put anything in front of the @ (at), which helps keep track of what/who I sign up to,” wrote LogMeIn user “Droolio” in a thread on the company’s support forum. “This way, not only do I know who leaks my email addresses (as did happen with Dropbox a few months back), spammers can be blocked after they get ahold of it. My PC is malware-free and I hardly use LogMeIn (although it is installed albeit disabled) and the last time it was used was months ago.” [link added].

LogMeIn user Justin McMurtry, a realtor in Houston, Texas, said he received a Trojan-spam message to his LogMeIn-specific email address at the same time he received the same message at an address he used exclusively for DocuSign.

“It is especially worrisome to consider the possibility that LogMeIn and/or Docusign account passwords could have been leaked as well,” McMurtry wrote on LogMeIn’s support forum. “Attackers able to actually log in using someone’s LogMeIn credentials could conceivably have full interactive access to any number of computers and mobile devices.”

LogMeIn spokesman Craig VerColen, said that while the investigation remains open, the company has so far found no signs of any compromises to its users’ information.

“It is worth noting, as part of the investigation, we did find some commonality with the naming conventions of the emails associated with the reports,” VerColen wrote in an email to KrebsOnSecurity. “Many (nearly 30%) of the reports – and this includes all reports, not just the handful of people reporting the unique email claim – included variations of LogMeIn in the name, e.g. logmein@acme.com, LMI@acme.com, logmeinrescue@acme.com.  The majority of the others used either common prefixes, e.g. info@acme.com, sales@acme.com,tech@acme.com, or common first names, e.g. joe@acme.com.  While this is not the case with all of the email addresses, the commonality would seem to suggest a pattern.”

For its part, DocuSign released a statement saying that it is investigating the incident and is working with law enforcement agencies to take further action. But it chalked the incident up to aggressive phishing attacks, noting that “antivirus vendors report malicious code incidents have been increasing by as much as 3600% in recent weeks.”

“The investigation is still underway, but we have not seen any kind of indication of a data breach,” said Dustin Grosse, DocuSign’s chief marketing officer.

In July, users of file syncing and sharing service DropBox.com began complaining of receiving spam emails to addresses they’d registered for exclusive use with the service. DropBox initially said its investigation turned up no internal breach, but two weeks later the company disclosed that an employee misstep caused the inadvertent leak.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Critical Updates for Flash Player, Microsoft Windows

December 9th, 2012 by admin No comments »

Adobe and Microsoft have each released security updates to fix critical security flaws in their software. Microsoft issued seven update bundles to fix at least 10 vulnerabilities in Windows and other software. Separately, Adobe pushed out a fix for its Flash Player and AIR software that address at least three critical vulnerabilities in these programs.

Image representing Adobe Systems as depicted i...

Image via CrunchBase

A majority of the bugs quashed in Microsoft’s patch batch are critical security holes, meaning that malware or miscreants could exploit them to seize control over vulnerable systems with little or no help from users. Among the critical patches is an update for Internet Explorer versions 9 and 10 (Redmond says these flaws are not present in earlier versions of IE).

Other critical patches address issues with the kernel, Microsoft, and Microsoft Exchange Server. The final critical bug is a file handling vulnerability in Windows XPVista and 7 that Microsoft said could allow remote code execution if a user browses to a folder that contains a file or subfolder with a specially crafted name. Yikes. Updates are available through Windows Update or via Automatic Updates.

Image representing Microsoft as depicted in Cr...

Image via CrunchBase

Adobe shipped a Flash Player update for Windows, MacLinux and Android installations of the software. The appropriate new version number is listed by operating system in the chart below. Adobe says that Flash Player installed with Internet Explorer 10 for Windows 8 and Google Chrome should be updated automatically; on Windows the latest version should be11.5.502.135, and Chrome users on Windows, Mac or Linux who have the latest version of Chrome (v. 23.0.1271.97) should have version 11.5.31.5 installed.

Most users can find out what version of Flash they have installed by visiting this link. Adobe urges users to grab the latest updates from its Flash Player Download Center, but that option pushes junk add-ons like McAfee Virus Scan. Instead, download the appropriate version for your system from Adobe’s Flash Player Distribution page.

If all of this updating nonsense has your head spinning, or if you are the unofficial or de facto tech support person for your friends and family, consider installing a free update management product like Secunia’s Personal Software Inspector (I prefer the 2.x version) or FileHippo’s Update Checker, either of which can make it far easier to stay on top of the latest security patches for important software.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

LogMeIn, DocuSign Investigate Breach Claims

December 11th, 2012 by admin No comments »

Customers of remote PC administration service Logmein.com and electronic signature provider Docusign.com are complaining of a possible breach of customer information after receiving malware-laced emails to accounts they registered exclusively for use with those companies. Both companies say they are investigating the incidents, but so far have found no evidence of a security breach.

Image representing DocuSign as depicted in Cru...

Image via CrunchBase

Some LogMeIn users began complaining of receiving malware spam to LogMeIn-specific email addresses on Dec. 3, 2012. The messages matched spam campaigns that spoofed the U.S. Internal Revenue Service (IRS) and other organizations in a bid to trick recipients into opening a malicious attachment.  Multiple LogMeIn users reported receiving similar spam to addresses they had created specifically for their LogMeIn accounts and that had not been used for other purposes. The first LogMeIn user to report the suspicious activity said he received a malicious email made to look like it came from DocuSign but was sent to an address that was created exclusively for use with LogMeIn (hat tip to @PogoWasRight).

“I have an email account that allows me to put anything in front of the @ (at), which helps keep track of what/who I sign up to,” wrote LogMeIn user “Droolio” in a thread on the company’s support forum. “This way, not only do I know who leaks my email addresses (as did happen with Dropbox a few months back), spammers can be blocked after they get ahold of it. My PC is malware-free and I hardly use LogMeIn (although it is installed albeit disabled) and the last time it was used was months ago.” [link added].

LogMeIn user Justin McMurtry, a realtor in Houston, Texas, said he received a Trojan-spam message to his LogMeIn-specific email address at the same time he received the same message at an address he used exclusively for DocuSign.

“It is especially worrisome to consider the possibility that LogMeIn and/or Docusign account passwords could have been leaked as well,” McMurtry wrote on LogMeIn’s support forum. “Attackers able to actually log in using someone’s LogMeIn credentials could conceivably have full interactive access to any number of computers and mobile devices.”

LogMeIn

LogMeIn (Photo credit: Wikipedia)

LogMeIn spokesman Craig VerColen, said that while the investigation remains open, the company has so far found no signs of any compromises to its users’ information.

“It is worth noting, as part of the investigation, we did find some commonality with the naming conventions of the emails associated with the reports,” VerColen wrote in an email to KrebsOnSecurity. “Many (nearly 30%) of the reports – and this includes all reports, not just the handful of people reporting the unique email claim – included variations of LogMeIn in the name, e.g. logmein@acme.com, LMI@acme.com, logmeinrescue@acme.com.  The majority of the others used either common prefixes, e.g. info@acme.com, sales@acme.com,tech@acme.com, or common first names, e.g. joe@acme.com.  While this is not the case with all of the email addresses, the commonality would seem to suggest a pattern.”

For its part, DocuSign released a statement saying that it is investigating the incident and is working with law enforcement agencies to take further action. But it chalked the incident up to aggressive phishing attacks, noting that “antivirus vendors report malicious code incidents have been increasing by as much as 3600% in recent weeks.”

“The investigation is still underway, but we have not seen any kind of indication of a data breach,” said Dustin Grosse, DocuSign’s chief marketing officer.

In July, users of file syncing and sharing service DropBox.com began complaining of receiving spam emails to addresses they’d registered for exclusive use with the service. DropBox initially said its investigation turned up no internal breach, but two weeks later the company disclosed that an employee misstep caused the inadvertent leak.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Shocking Delay in Fixing Adobe Shockwave Bug

December 13th, 2012 by admin No comments »

The Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT) is warning about a dangerous security hole in Adobe’s Shockwave Player that could be used to silently install malicious code. The truly shocking aspect of this bug? U.S. CERT first warned Adobe about the vulnerability in October 2010, and Adobe says it won’t be fixing it until February 2013.

Adobe Shockwave Player Logo

Adobe Shockwave Player Logo (Photo credit: Wikipedia)

Shockwave is a browser plug-in that some sites require. At issue is a feature of Adobe Shockwave that allows the installation of “Xtras,” downloadable components meant to interact with the media player. According to an advisory from US-CERT the problem is that Shockwave installs Xtras that are signed by Adobe or Macromedia without prompting, which can allow an attacker to target vulnerabilities in older Xtras.

From the advisory:

When a Shockwave movie attempts to use an Xtra, it will download and install it as necessary. If the Xtra is signed by Adobe or Macromedia, it will be installed automatically without any user interaction. Because the location from which Shockwave downloads the Xtra is stored in the Shockwave movie itself, this can allow an attacker to host old, vulnerable Xtras that can be installed and exploited automatically when a Shockwave movie is played.

US-CERT warned that by convincing a user to view a specially crafted Shockwave content (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.

Reached via email, an Adobe spokeswoman confirmed that US-CERT had alerted the company about the flaw in October 2010, but said Adobe is not aware of any active exploits or attacks in the wild using this vulnerability.

English: Adobe flash cs3 logo self made

English: Adobe flash cs3 logo self made (Photo credit: Wikipedia)

“Adobe has been working on addressing this issue in the next major release of Adobe Shockwave Player, which is currently scheduled to be released in February 2013,” Adobe’sWiebke Lips wrote.

Shockwave is one of those programs that I’ve urged readers to remove or avoid installing. Like Java, it is powerful and very often buggy software that many people have installed but do not really need for everyday Web browsing. Securing your system means not only making sure things are locked down, but removing unneeded programs, and Shockwave is near the top of my list on that front.

If you visit this link and see a short animation, it should tell you which version of Shockwave you have installed. If it prompts you to download Shockwave, then you don’t have Shockwave installed and in all likelihood don’t need it. Firefox users should note that the presence of the Shockwave Flash plugin listed in the Firefox Add-ons section denotes an installation of Adobe Flash Player plugin — not Adobe Shockwave.

Speaking of Java, Oracle shipped an update to its Java software, which brings the program toJava 7 Update 10 or Java 6 Update 38. There are bug fixes with these releases, but no official security updates. However, the Java 7 update does include some new functionality designed to make it easier to disable Java in the browser. Oracle is expected to stop shipping updates for Java 6 in February 2013.

Thomas Kristensen, chief security officer of security firm Secunia said he believes “these features do not make Java more secure in itself, however, it will likely make it easier for users to make their PCs more secure as it becomes easier to manage certain restrictions.” Readers who want more information about how to disable Java in the browser, and adopt my recommendation for a two-browser approach to using Java, can consult this blog post. Bottom line: If you don’t need Java, get rid of it.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Exploring the Market for Stolen Passwords

December 15th, 2012 by admin No comments »

Not long ago, PCs compromised by malware were put to a limited number of fraudulent uses, including spam; click fraud and denial-of-service attacks. These days, computer crooks are extracting and selling a much broader array of data stolen from hacked systems, including passwords and associated email credentials tied to a variety of online retailers.

At the forefront of this trend are the botnet creation kits like Citadel, ZeuS andSpyEye, which make it simple for miscreants to assemble collections of compromised machines. By default, most bot malware will extract any passwords stored in the victim PC’s browser, and will intercept and record any credentials submitted in Web forms, such as when a user enters his credit card number, address, etc. at an online retail shop.

Some of the most valuable data extracted from hacked PCs is bank login information. But non-financial logins also have value, particularly for shady online shops that collect and resell this information.

Logins for everything from Amazon.com to Walmart.com often are resold — either in bulk, or separately by retailer name — on underground crime forums. A miscreant who operates a Citadel botnet of respectable size (a few thousand bots, e.g.) can expect to quickly accumulate huge volumes of “logs,” records of user credentials and browsing history from victim PCs. Without even looking that hard, I found several individuals on Underweb forums selling bulk access to their botnet logs; for example, one Andromeda bot user was selling access to 6 gigabytes of bot logs for a flat rate of $150.

Increasingly, miscreants are setting up their own storefronts to sell stolen credentials for an entire shopping mall of online retail establishments. Freshtools, for example, sells purloined usernames and passwords for working accounts at overstock.com, dell.com, walmart.com, all for $2 each. The site also sells fedex.com and ups.comaccounts for $5 a pop, no doubt to enable fraudulent reshipping schemes. Accounts that come with credentials to the email addresses tied to each site can fetch a dollar or two more.

Another store widely advertised in the Underweb (see screenshot above) pimps credentials for a far broader array of retailers, most of which can be had for $2, including amazon.com,apple.com, autotrader.co.uk, bestbuy.com, bloomgingdales.com, bol.com,cdw.com, drugstore.com, ebay.co.uk, ebay.com, facebook.com, gamestop.com,gumtree.com, kohls.com, logmein.com, lowes.com, macys.com, mylikes.com,newegg.com, next.co.uk.com, okpay.com, paypal.com, payza.com,runescape.com, sephora.com, skype.com, target.com, toysrus.com, ukash.com,verizon.com, walmart.com, xoom.com and zappos.com. Accounts at these retailers that have credit cards or bank accounts tied to them command higher prices.

These shops are just one example of a concept that I have been trying to get across to readers about the many, many uses of a hacked PC. One of the ideas I attempted to communicate with that hacked PC graphic is that nearly every aspect of a hacked computer and a user’s online life can be and has been commoditized. If it has value and can be resold, you can be sure there is a service or product offered in the cybercriminal underground to monetize it. Once again, I haven’t yet found an exception to this rule.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Attackers Target Internet Explorer Zero-Day Flaw

December 17th, 2012 by admin No comments »

Attackers are breaking into Microsoft Windows computers using a newly discovered vulnerability in Internet Explorer, security experts warn. While the flaw appears to have been used mainly in targeted attacks so far, this vulnerability could become more widely exploited if incorporated into commercial crimeware kits sold in the underground.

Internet Explorer 7

Internet Explorer 7 (Photo credit: Wikipedia)

In a blog posting Friday evening, Milpitas, Calif. based security vendor FireEye said it found that the Web site for the Council on Foreign Relations was compromised and rigged to exploit a previously undocumented flaw in IE8 to install malicious software on vulnerable PCs used to browse the site.

According to FireEye, the attack uses Adobe Flash to exploit vulnerability in the latest (fully-patched) version of IE8. Dustin Childs, group manager for response communications at Microsoft, said the vulnerability appears to exist in previous versions of IE.

“We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,” Childs said in an emailed statement. “We will take appropriate action to help keep customers protected once our analysis is complete. People using Internet Explorer 9-10 are not impacted.”

As FireEye notes, this is another example of a “watering hole” attack, which involves the targeted compromise of legitimate websites thought to be of interest to or frequented by end users who belong to organizations that attackers wish to infiltrate. Earlier this year, I wrote about similar zero-day attacks against visitors to the Web sites of the National Democratic Institute, The Carter Center, and Radio Free Europe.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Understanding Web Site Certificates

December 19th, 2012 by admin No comments »

What are web site certificates?

If an organization wants to have a secure web site that uses encryption, it needs to obtain a site, or host, certificate. There are two elements that indicate that a site uses encryption :-

  • a closed padlock, which, depending on your browser, may be located in the status bar at the bottom of your browser window or at the top of the browser window between the address and search fields
  • a URL that begins with “https:” rather than “http:”

By making sure a web site encrypts your information and has a valid certificate, you can help protect yourself against attackers who create malicious sites to gather your information. You want to make sure you know where your information is going before you submit anything.

If a web site has a valid certificate, it means that a certificate authority has taken steps to verify that the web address actually belongs to that organization. When you type a URL or follow a link to a secure web site, your browser will check the certificate for the following characteristics:

1.     the web site address matches the address on the certificate

2.     the certificate is signed by a certificate authority that the browser recognizes as a “trusted” authority

If the browser senses a problem, it may present you with a dialog box that claims that there is an error with the site certificate. This may happen if the name the certificate is registered to does not match the site name, if you have chosen not to trust the company who issued the certificate, or if the certificate has expired. You will usually be presented with the option to examine the certificate, after which you can accept the certificate forever, accept it only for that particular visit, or choose not to accept it. The confusion is sometimes easy to resolve (perhaps the certificate was issued to a particular department within the organization rather than the name on file). If you are unsure whether the certificate is valid or question the security of the site, do not submit personal information. Even if the information is encrypted, make sure to read the organization’s privacy policy first so that you know what is being done with that information.

Can you trust a certificate?

The level of trust you put in a certificate is connected to how much you trust the organization and the certificate authority. If the web address matches the address on the certificate, the certificate is signed by a trusted certificate authority, and the date is valid, you can be more confident that the site you want to visit is actually the site that you are visiting. However, unless you personally verify that certificate’s unique fingerprint by calling the organization directly, there is no way to be absolutely sure.

When you trust a certificate, you are essentially trusting the certificate authority to verify the organization’s identity for you. However, it is important to realize that certificate authorities vary in how strict they are about validating all of the information in the requests and about making sure that their data is secure. By default, your browser contains a list of more than 100 trusted certificate authorities. That means that, by extension, you are trusting all of those certificate authorities to properly verify and validate the information. Before submitting any personal information, you may want to look at the certificate.

How do you check a certificate?

There are two ways to verify a web site’s certificate in Internet Explorer or Firefox. One option is to click on the padlock icon. However, your browser settings may not be configured to display the status bar that contains the icon. Also, attackers may be able to create malicious web sites that fake a padlock icon and display a false dialog window if you click that icon. A more secure way to find information about the certificate is to look for the certificate feature in the menu options. This information may be under the file properties or the security option within the page information. You will get a dialog box with information about the certificate, including the following:

  • Who issued the certificate - You should make sure that the issuer is a legitimate, trusted certificate authority (you may see names like VeriSign, thawte, or Entrust). Some organizations also have their own certificate authorities that they use to issue certificates to internal sites such as intranets.
  • Who the certificate is issued to - The certificate should be issued to the organization who owns the web site. Do not trust the certificate if the name on the certificate does not match the name of the organization or person you expect.
  • Expiration date - Most certificates are issued for one or two years. One exception is the certificate for the certificate authority itself, which, because of the amount of involvement necessary to distribute the information to all of the organizations who hold its certificates, may be ten years. Be wary of organizations with certificates that are valid for longer than two years or with certificates that have expired.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Evaluating Your Web Browser’s Security Settings

December 21st, 2012 by admin No comments »

Why are security settings for web browsers important?

Your web browser is your primary connection to the rest of the internet, and multiple applications may rely on your browser, or elements within your browser, to function. This makes the security settings within your browser even more important. Many web applications try to enhance your browsing experience by enabling different types of functionality, but this functionality might be unnecessary and may leave you susceptible to being attacked. The safest policy is to disable the majority of those features unless you decide they are necessary. If you determine that a site is trustworthy, you can choose to enable the functionality temporarily and then disable it once you are finished visiting the site.

Where can you find the settings?

Each web browser is different, so you may have to look around. For example, in Internet Explorer, you can find them by clicking Tools on your menu bar, selectingInternet Options…, choosing the Security tab, and clicking the Custom Level… button. However, in Firefox, you click Tools on the menu bar and selectOptions…. Click the Content, Privacy, and Security tabs to explore the basic security options. Browsers have different security options and configurations, so familiarize yourself with the menu options, check the help feature, or refer to the vendor’s web site.

While every application has settings that are selected by default, you may discover that your browser also has predefined security levels that you can select. For example, Internet Explorer offers custom settings that allow you to select a particular level of security; features are enabled or disabled based on your selection. Even with these guides, it is helpful to have an understanding of what the different terms mean so that you can evaluate the features to determine which settings are appropriate for you.

How do you know what your settings should be?

Ideally, you would set your security for the highest level possible. However, restricting certain features may limit some web pages from loading or functioning properly. The best approach is to adopt the highest level of security and only enable features when you require their functionality.

What do the different terms mean?

Different browsers use different terms, but here are some terms and options you may find:

  • Zones - Your browser may give you the option of putting web sites into different segments, or zones, and allow you to define different security restrictions for each zone.

For example, Internet Explorer identifies the following zones:

  • Internet - This is the general zone for all public web sites. When you browse the internet, the settings for this zone are automatically applied to the sites you visit. To give you the best protection as you browse, you should set the security to the highest level; at the very least, you should maintain a medium level.
  • Local intranet - If you are in an office setting that has its own intranet, this zone contains those internal pages. Because the web content is maintained on an internal web server, it is usually safe to have less restrictive settings for these pages. However, some viruses have tapped into this zone, so be aware of what sites are listed and what privileges they are being given.
  • Trusted sites - If you believe that certain sites are designed with security in mind, and you feel that content from the site can be trusted not to contain malicious materials, you can add them to your trusted sites and apply settings accordingly. You may also require that only sites that implement Secure Sockets Layer (SSL) can be active in this zone. This permits you to verify that the site you are visiting is the site that it claims to be. This is an optional zone but may be useful if you personally maintain multiple web sites or if your organization has multiple sites. Even if you trust them, avoid applying low security levels to external sites—if they are attacked, you might also become a victim.
  • Restricted sites - If there are particular sites you think might not be safe, you can identify them and define heightened security settings. Because the security settings may not be enough to protect you, the best precaution is to avoid navigating to any sites that make you question whether or not they’re safe.

You may also find options that allow you to take the following security measures:

  • Manage cookies - You can disable, restrict, or allow cookies as appropriate. Generally, it is
    best to disable cookies and then enable them if you visit a site you trust that requires them
  • Block pop-up windows - Although turning this feature on could restrict the functionality of
    certain web sites, it will also minimize the number of pop-up ads you receive, some of which
    may be malicious

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • Reddit
  • Slashdot
  • StumbleUpon
  • RSS

Detecting and Avoiding Fake Anti-Virus Software

December 23rd, 2012 by admin No comments »

You may be familiar with the Fake messages appearing on a website, urging you to take action purportedly designed to clean your allegedly infected computer. Unfortunately, these messages are often scams that attempt to install malicious software (malware) onto your computer. Such software is referred to as rogue (fake) anti-virus malware and the incidents are increasing

How can my system get infected?

These types of scams can be perpetrated in a number of ways, including via website pop-up messages, web banner advertisements, spam and posting on social networking sites. Scams are also appearing via the use of“tweeting.” The rogue software scam generally uses social engineering to make the user believe his or her machine is infected and that by taking action (clicking on the link provided) the machine will be cleaned. If you click on the malicious link, you may be downloading malware onto your machine. The names of the fake programs sound legitimate, and often, in a further attempt to make the malware appear legitimate, the programs may prompt you to pay for an annual subscription to the service. Some varieties of rogue anti-virus programs will also get installed on your machine without any interaction by you: your machine could be compromised just by you visiting a website with a malicious ad or code and you wouldn’t know.

What is the impact from rogue anti-virus software?

Rogue anti-virus software might perform many activities, including installing files to monitor your computer use, steal credentials, install backdoor programs, and add your computer to a botnet. The installation of malware could result in a high-jacked browser (i.e., the browser navigates to sites you did not intend), the appearance of new or unexpected toolbars or icons and sluggish system performance. Additionally, another concern related to rogue anti-virus software is the false sense of security you may have, erroneously believing your machine is protected by anti-virus software when in fact it is not.

What can I do to protect my computer?

Applying computer security best practices will help protect your machine and minimize any potential impacts.

1. Don’t click on pop-up ads that advertise anti-virus or anti-spyware programs. If you are interested in a security product, don’t try to access it through a pop-up ad; contact the retailer directly through its homepage, retail outlet or other legitimate contact methods.

2. Don’t download software from unknown sources. Some free software applications may come bundled with other programs, including malware.

3. Use and regularly update firewalls, anti-virus, and anti-spyware programs. Keep these programs     updated regularly. Use the auto-update feature if available.

4. Patch operating systems, browsers, and other software programs. Keep your system and programs

Updated and patched so that your computer will not be exposed to known vulnerabilities and attacks.

5. Regularly scan and clean your computer. Scan your computer with your anti-spyware once a week.

6. Back up your critical files. In the event that your machine becomes infected, having backups of your important files will facilitate recovery.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta
Share and Enjoy
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks