Archive for April, 2013

The Hacker Dutchman – Arrested in Spamhaus DDoS

April 29th, 2013

A 35-year-old Dutchman thought to be responsible for launching what’s been called “the largest publicly announced online attack in the history of the Internet” was arrested in Barcelona on Thursday by Spanish authorities. The man, identified by Dutch prosecutors only as “SK,” was being held after a European warrant was issued for his arrest in connection with a series of massive online attacks last month against Spamhaus, an anti-spam organization.

According to a press release issued by the Public Prosecutor Service in The Netherlands, the National Prosecutor in Barcelona ordered SK’s arrest and the seizure of computers and mobile phones from the accused’s residence there. The arrest is being billed as a collaboration of a unit called Eurojust, the European Union’s Judicial Cooperation Unit.

The dispute began late last year, when Spamhaus added to its blacklist several Internet address ranges in the Netherlands. Those addresses belong to a Dutch company called “Cyberbunker,” so named because the organization is housed in a five-story NATO bunker, and has advertised its services as a bulletproof hosting provider.

“A year ago, we started seeing pharma and botnet controllers at Cyberbunker’s address ranges, so we started to list them,” said a Spamhaus member who asked to remain anonymous. “”We got a rude reply back, and he made claims about being his own independent country in the Republic of Cyberbunker, and said he was not bound by any laws and whatnot. He also would sign his emails ‘Prince of Cyberbunker Republic.” On Facebook, he even claimed that he had diplomatic immunity.”

Cyberbunker’s IP ranges. Its WHOIS records put the organization in Antarctica.

Spamhaus took its complaint to the upstream Internet providers that connected Cyberbunker to the larger Internet. According to Spamhaus, those providers one by one severed their connections with Cyberbunker’s Internet addresses. Just hours after the last ISP dropped Cyberbunker, Spamhaus found itself the target of an enormous amount of attack traffic designed to knock its operations offline.

It is not clear who SK is, but according to multiple sources, the man identified as SK is likely one Sven Olaf Kamphuis. The attack on Spamhaus was the subject of a New York Times article on Mar. 26, 2013, which quoted Mr. Kamphuis as a representative of Cyberbunker and saying, “We are aware that this is one of the largest DDoS attacks the world had publicly seen.” Kamphuis also reportedly told The Times that Cyberbunker was retaliating against Spamhaus for “abusing their influence.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Bank Sues Cyber heist Victim to Recover Funds

April 27th, 2013

A bank that gave a business customer a short term loan to cover $336,000 stolen in a 2012 cyber heist is now suing that customer to recover the fronted funds, after the victim company refused to repay or even acknowledge the loan.

On May 9, 2012, cyber crooks hit Wallace & Pittman PLLC, a Charlotte, N.C. based law firm that specializes in handling escrow and other real-estate legal services. The firm had just finished a real estate closing that morning, initiating a wire of $386,600.61 to a bank in Virginia Beach, Virginia. Hours later, the thieves put through their own fraudulent wire transfer, for exactly $50,000 less.

At around 3 p.m. that day, the firm’s bank — Charlotte, N.C. based Park Sterling Bank (PSB) – received a wire transfer order from the law firm for $336,600.61. According to the bank, the request was sent using the firm’s legitimate user name, password, PIN code, and challenge/response questions. PSB processed the wire transfer, which was sent to an intermediary bank — JP Morgan Chase in New York City — before being forwarded on to a bank in Moscow.

Later that day, after the law firm received an electronic confirmation of the wire transfer, the firm called the bank to say the wire transfer was unauthorized, and that there had been an electronic intrusion into the firm’s computers that resulted in the installation of an unspecified strain of keystroke-logging malware. The law firm believes the malware was embedded in a phishing email made to look like it was sent by the National Automated Clearing House Association (NACHA), a legitimate network for a wide variety of financial transactions in the United States.

As some banks do in such cases, Park Sterling provided a provisional credit to the firm for the amount of the fraudulent transfer so that it would avoid an overdraft of its trust account (money that it was holding for a real estate client)  and to allow a period of time for the possible return of the wire transfer funds. PSB said it informed Wallace & Pittman that the credit would need to be repaid by the end of that month.

But on May 30, 2012 — the day before the bank was set to debit the loan amount against the firm’s trust account — Wallace & Pittman filed a complaint against the bank in court, and obtained a temporary restraining order that prevented the bank from debiting any money from its accounts. The next month, the law firm drained all funds from all three of its accounts at the bank, and the complaint against the bank was dismissed.

Park Sterling Bank is now suing its former client, seeking repayment of the loan, plus interest. Wallace & Pittman declined to comment on the ongoing litigation, but in their response to PSB’s claims, the defendants claim that at no time prior to the return of the funds did the bank specify that it was providing a provisional credit in the amount of the fraudulent transfer. Wallace & Pittman said the bank didn’t start calling it a provisional credit until nearly 10 days after it credited the law firm’s account; to backstop its claim, the firm produced an online ledger transaction that purports to show that the return of $336,600.61 to the firm’s accounts was initially classified as a “reverse previous wire entry.”

But beyond that, Wallace & Pittman argues that the bank’s claims are barred by its failure to maintain commercially reasonable security measures for its online banking services. The law firm says the fraudulent wire did not come from an IP address associated with the firm, and that it had never before initiated a wire transfer to Russia or to any other location outside the United States.

“The bank was aware or should have questioned the legitimacy of an international wire transfer,” and “was aware or should have been aware of various schemes involving fraudulent funds transfers, particularly those involving parties located in Russia,” the firm argued.

Wallace & Pittman claim that the bank’s authentication procedures amount to little more than a series of passwords. According to the law firm, the process of authenticating its account PSB involved merely entering an account username and password.  To move money via wire transfer, FSB customers must enter an online banking ID and static 4-digit “wire code.” After the wire transfer request is submitted, the system generates two “challenge questions.”  Wallace & Pittman said these two challenge questions never changed, and that the answers to both questions were pre-programmed by the bank to the same common and intuitive four-letter word.

Dan Mitchell,  an attorney with the law firm of Bernstein Shur in Portland, Me., said that if PSB indeed relied on just user IDs, static passwords and static challenge questions, it may be hard for them to argue that these were commercially reasonable security procedures at of the time of the theft in 2012. On the other hand, if as the bank alleges — that the law firm declined the bank’s suggestion of using “dual controls,” or requiring two people to verify and sign off on all money transfers — the bank may have a defense under the Uniform Commercial Code (UCC), Section 202(c) of Article 4A.

“This allows a bank to shift the risk of loss back to a customer if the customer was offered, but declined, a security procedure that would have been commercially reasonable (this presupposes that dual-control is a commercially reasonable procedure,” said Mitchell, an attorney who represented Maine construction firm Patco in its successful lawsuit against its bank following a $588,000 cyber heist in May 2009.

“The bank apparently knew this, yet it still planned to debit the customer’s account and leave the customer on the hook,” Mitchell said. “That was a pretty aggressive move by the bank, probably too aggressive given the facts.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Java Update Plugs 42 Security Holes

April 24th, 2013

Oracle Corp. today released an update for its Java SE software that fixes at least 42 security flaws in the widely-installed program and associated browser plug-in. The Java update also introduces new features designed to alert users about the security risks of running certain Java content.

Java 7 Update 21 contains 42 new security fixes for Oracle Java SE. A majority of these flaws are browse-to–a-hacked-site-and-get-infected vulnerabilities. According to Oracle, “39 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password”.

There does not appear to be any update for Java 6. Oracle was to stop shipping security fixes for Java 6 in February, but it broke from that schedule last month when it shipped an emergency update for Java 6 to fix a flaw that was being used in active attacks. When I updated a machine running the latest Java 6 version (Update 43) it prompted me to install Java 7 Update 21.

Java 7 Update 21 also introduces some new security warnings and message prompts for users who keep the program plugged into a Web browser (on installation and updating, Java adds itself as an active browser plug-in). Oracle said the messages that will be presented depend upon different risk factors, such as using old versions of Java or running applet code that is not signed from a trusted Certificate Authority.

Apps that present a lower risk display a simple informational message. This includes an option to prevent showing similar messages for apps from the same publisher in the future. Java applications considered to be higher risk — such as those that use an untrusted or expired certificate — will be accompanied by a prompt with a yellow exclamation point in a yellow warning triangle.

It’s a shortcoming that makes it easy for attackers to bypass the protection. That’s because it presents certificates as trustworthy even when they’ve been reported as stolen and added to publicly available revocation databases. The failure of Java to check certificate revocation lists came to light last month after Java gave the green light to a malicious app even though the digital certificate signing it had been revoked by the company that owned it.

I’ve long urged end users to uninstall Java unless they have a specific use for it (this advice does not scale for businesses, which often have complex custom applications that rely on Java). This widely installed and powerful program is riddled with security holes, and is a favorite target of malware writers and miscreants. Rather than ask users to discern the safety of applications using yellow triangles, blue shields, green clovers or orange stars, I’ll keep telling users to get rid of Java entirely.

If you do need it, unplug it from the browser unless and until you need it. Java 7 lets users disable Java content in web browsers through the Java control panel applet. Alternatively, consider a dual-browser approach, unplugging Java from the browser you use for everyday surfing, and leaving it plugged in to a second browser that you only use for sites that require Java.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Microsoft Holds Off Installing Update

April 23rd, 2013

Microsoft is urging users to who haven’t installed it yet to hold off on MS13-036, a security update that the company released earlier this week to fix a dangerous security bug in its Windows operating system. The advice comes in response to a spike in complaints from Windows users who found their machines unbootable after applying the update.

The MS13-036 update, first released on Tuesday, fixes four vulnerabilities in the Windows kernel-mode driver. In an advisory released April 9, the company said it had removed the download links to the patch while it investigates the source of the problem:

“Microsoft is investigating behavior wherein systems may fail to recover from a reboot or applications fail to load after security update 2823324 is applied. Microsoft recommends that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the 2823324 update while we investigate.”

The problems with the patch appear to be centered around Windows 7 and certain applications on Windows 7, such as Kaspersky Anti-Virus. Microsoft has issued instructions on how to uninstall this update in the “resolution” section of this advisory.

Update, Apr. 23: Microsoft has re-released the problematic security update to address the problems that some Windows users were experiencing with the MS13-036 patch. The new update, KB62840149, replaces the faulty one, which was KB2823324.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Passwords under threat at Linode

April 20th, 2013

One of the leading VPS hosting company Linode came under a vicious hack attack, that posed serious threats to its customers. Luckily for them, Linode had been proactive in safeguarding its customers’ credit card information. They had been successful in thwarting the attack. According to a blog post that was published soon after the incident, the company’s officials identified and blocked all suspicious activities on the networks.

“Credit card numbers in our database are stored in encrypted format, using public and private key encryption,” Read one of the blog posts on the company’s website. Linode maintains that a group named Hack The Planet (HTP) claimed   responsibility for accessing   Linode Manager web servers, by exploiting an obscure vulnerability in Adobe’s ColdFusion application server. These vulnerabilities tended to in Adobe’s APSB13-10 hotfix (CVE-2013-1387 and CVE-2013-1388) which was belted out last week.

This is not the first time hackers have tried to get inside Linode .A year ago, sometime in the March of ’12 servers it hosted were hacked and the hackers got their bank balances full with bitcoins.

The susceptibility resulted in the group getting exposure to a web server, parts of Linod’s source code and finally its database. The company is reported to have been bending over backwards to safeguard critical information of its customers.

A customary investigation done by the company revealed that HTP did not get access to any other section of the company.

However, HTP has asserted it has access to those keys, however, as it was stored on the same server it compromised

The company also divulged a little information on how they function. Their database contains credit card numbers in an encoded format, using both public and private encoding. Since the private key is protected and the complex password is not stored on the network, it becomes next to impossible for hackers to get all the information

The private key is itself encrypted with passphrase encryption and the complex passphrase is not stored electronically.

“There were occurrences of Lish passwords in clear text in our database. We have corrected this issue and have invalidated all affected Lish passwords effective immediately. If you need access to the Lish console, you can reset a new Lish password under the Remote Access sub-tab of your Linode,” one of the officials maintained.

It is advisable for the customers of Linode to change their passwords in case they have used their Linode passwords on any service other than Linode.

How Alertsec can be of help to customers in such murky waters

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Enhanced by Zemanta

Google five times safer than Bing

April 18th, 2013

As the World Wide Web becomes the choicest destination of an ever growing community, cyber criminals find newer ways of attacking them. They have now started targeting them through the search engines. They make websites, blogs and pages that are based on current issues and dump those malwares there.

In a recent research done by AV-TEST, that analyzed the search results of a number of search engines, found that Google was a safer search engine than Bing

Microsoft’s search engine Bing is nearly five times as likely as Google to link to malware, a study by independent research firm AV-TEST found. Out of every 10.9 million links generated by Google,272 directed towards malware according to thirty-six different anti-virus services.

Bing returned a tiny bit more results than Google for the same terms, less than half a percentage point more. But 1,285 of the Bing links contained malware, a nearly fivefold increase over Google.

AV-TEST, that is based in Germany, took eighteen months to analyze a host of search engines from the likes of Google,Bing,BaiduYandex etc.

Google beat all the other websites to emerge as the safest search engine.

“Although search engine operators such as Google and Bing make a lot of effort to avoid doing so, they sometimes deliver websites infected with Trojans and similar malware among their top search results,” AV-TEST’s Markus Selinger observed  in the report. “Other search engines do an even worse job.”

AV-TEST analyzed nearly forty million websites shown in the search results of the search engines.It tested a nearly equal number of results from Google and Bing, and found out that Bing has nearly five times as many malicious results as Google. However, Bing still fared as the second safest engine in the study since the other search engines were worse

The readers might think that the number of infected websites is small considering there are that many results your search engine churns out every second. But the scary part is that you are not the only one .There are billions of people who use these engines.Imagine the humungous numbers the malware results would catapult to if we consider putting all the results together!

The study also shows that around 110 million infected sites are currently active so online-goers aren’t all that safe from malware harm.

The study also threw light on the 110 million malicious sites still active online that could be threatening for the netizens who are not careful of what they are opening.

Microsoft tried salvaging their search engine’s reputation through this response

“We show results with warnings for about 0.04% of all searches, meaning about 1 in 2,500 search result pages will have a result with a malware warning on it.  Of those, only a small proportion of malicious links ever get clicked and the warning therefore triggered, so a user will see the warning only 1 in every 10,000 searches. In any case, the overall scale of the problem is very small.”

Alertsec safeguards you against those never ceasing malware attacks

Traditional antivirus approaches don’t work any more and a new approach to endpoint security is required to better protect your company from malicious threats.

The above threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe18 for your personal 30-day free trial

Alertsec further offers computer protection software from Check Point as a fully customizable and pre-packaged data encryption software solution. It can help you dramatically reduce your cost of ownership for encrypting your laptops.


Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

Enhanced by Zemanta

Drug arrest followed up Laptop theft

April 17th, 2013

There has been a robbery incident reported recently at a Magnolia pizza shop overnight has alerted a police investigation that has also led to an arrest involving steroids, heroin, and drug paraphernalia.

After Police learned something suspicious, they executed a warrant followed by Laptop theft to search the basement of a Fuller Lane residence where a person named Brook L. Faulkner, 27, lived and they found Toshiba laptop that had been stolen from Tony’s Magnolia House of Pizza, which lead to Faulkner’s arrest, according to police.

According to the police report, a window has been broken on the kitchen area of the pizza shop and he crawled inside to take out the computer, as told by Faulkner to Police. Later, he also admitted to having taken coins, which was brought to a Coin Star machine by him to to trade for cash.

It seems that Faulkner was behind the whole incident of Laptop theft. So, he’s under the store would have the Laptop encryption this theft would have been avoided by the store manager

Later on, Police recovered a metal can consistent with one which was taken from the shop, police said. During the search, they also found heroin, as well as “numerous” needle and syringes, including steroids, sodium chloride, a drug which is typically used to cure breast cancer in a very advanced stage but but also helps in aiding body building.

When the Laptop theft main convict Faulkner was taken under arrest, Police said that they found a “fresh cut” on his hand, in between his fingers which was a result of “consistent with being cut by a sharp object,” like a broken glass.

According to court’s order, the convict Faulkner faces a felony charge of breaking and entering at night with the intent to commit larceny of property and while committing malicious damage to property. He also faces new charges of heroin possession and steroid possession.

Faulkner was found accused of the criminal acts he has done by breaking into the outlet and entering at night with an intention to commit personal property theft as well as the charge of maliciously damaging the property. He is also charged with drugs possession like heroin and steroids.

Later, the stolen laptop was presented to the business owner by the Police and they identified the laptop as the stolen computer. Police also found a file photo of the pizza restaurant’s menu on the computer too and matched it with the desktop background to the background described in the initial police report. All these proves that the recovered laptop belonged to the business owner.

Faulkner, is a pro in these crimes, as he has a history record of drug charges, said police. Recently, he had been enrolled in a rehabilitation program, but according to a police report, he has been “slipped up and started using it again.”

7 years ago, in November 2006, Faulkner had pleaded guilty to heroin possession in front of the court and he was placed on a year’s probation. Later, in March of 2007, he was arrested again on a warrant and faced additional charges on possession of drugs, when arresting officers found a glass pipe with marijuana residue in his home.

According to the Times archives, most recently, in July of 2009, Faulkner was ordered to serve a year in Middleton Jail after he pleaded guilty for distributing the cocaine in downtown Gloucester.

Cyber-security with Alertsec

Alertsec Xpress is a very easy and convenient service which enables securing valuable information on laptops.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today.

Alertsec Xpress provides:

• Fully managed service for your convenience.

• Very cost effective service.

• Market leading laptop protection service.

• Quick and easy implementation.

• Easy to use protection.

• Transparent solution.

• Global 24/7 helpdesk.

• 100% secure and reliable encryption

Enhanced by Zemanta

Brute-Force Attack on WordPress blogs and Joomla Sites

April 15th, 2013

At present, Thousands of WordPress and Joomla sites are under brute-force passwords attacks by a large botnet. This calls for administrators to take the charge by making sure that they all have strong passwords and uncommon usernames for their installations on WordPress and Joomla.

According to reports from CloudFlare, HostGator, and several other company reports, the cyber criminals have been significantly stepping up on brute-force, dictionary-based login attempts, during the past few days against the WordPress blogs and Joomla sites. These kinds of cyber attacks looks for familiar account names, such as “admin,” and tries to systematically enter with common passwords on the site in order to break into the WordPress or Joomla accounts.

These kinds of cyber attacks warns the administrators, which in turn let them stop perpetrators from breaking in getting access to their sites, as that would lead attacker to mutilate the site or embed malicious codes to infect other people with malware. However, the highly organized nature of the cyber attacks, and its large-scale application implied even more menacing goals. It appears now, that the attackers are likely to make an attempt to get a foothold onto the server in order to figure out a way to take over the entire machine. Generally, web servers are more powerful and carry bigger bandwidth pipes than home computers, making them more attractive targets for the cyber criminals.

“The attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack,” informed Matthew Prince – CEO of CloudFlare, on his company blog.

According to researchers, they believe that “The Brobot botnet” are behind all the massive denial-of-service attacks or cyber attacks which were against the U.S. financial institutions, made up of compromised Web servers. Following this discussion, Prince said, “These larger machines can cause much more damage in DDoS attacks because the servers have large network connections and are capable of generating significant amounts of traffic.”

Accounts that are Brute-Forced

For the purpose of attacking the WordPress blogs and Joomla sites, the cyber criminals are using brute-force tactics to break into the user accounts of these sites. And the top five user names being targeted by the attackers were “admin,” “test,” “administrator,” “Admin,” and “root.” In order to brute-force attack a particular site, the perpetrators systematically tried  out all the possible combinations of passwords until they successfully logged in to the accounts and hacked it ultimately. For the attackers, it is easy for them to predict and figure out simple passwords which are in number sequences and dictionary words, also when a botnet automates the entire process. The top five passwords being attempted in this attack happen to be “admin,” “123456,” “111111,” “666666,” and “12345678.”

When a user creates an account on these sites with a common username and common password, they should immediately change it to something less obvious and familiar, to avoid any kind of cyber attacks.

“Do this and you’ll be ahead of 99 percent of sites out there and probably never have a problem,” Matt Mullenweg, creator of WordPress, wrote on his blog.

Surge in Cyber Attack Volume

As per Sucuri’s statistics, indicates that the attacks were still increasing. And the company had already blocked 678,519 login attempts in December, followed by 1,252,308 more login attempts blocked in the month of January, 1,034,323 login attempts in February, and 950,389 attempts in March, Daniel Cid, CTO of Sucuri, on the company blog. However, in the beginning 10 days of April, Sucuri has already blocked 774,104 login attempts, Cid said. That’s is quite a significant jump, going from 30 thousand to 40 thousand cyber attacks per day to about 77,000 per day on an average, and there have been days when these attacks even exceeded 100,000 per day, this month, Sucuri said.

“In these cases, by the sheer fact of having a non- admin / administrator / root usernames you are automatically out of the running,” Cid said, before adding, “Which is kind of nice actually.”

Hints of a Large Botnet

The cyber attacks volume is a hint at the size of a botnet. Sites like HostGator made an estimate of at least 90,000 computers involvement in these kinds of attacks, and CloudFlare believes “more than tens of thousands of unique IP addresses” are being used for the same.

What is a Botnet?

A botnet is basically, made up of several compromised computers receiving instructions from one or more than one centralized command-and-control-servers, and then executing those commands as per the requirements. For most of the times, these computers have been infected with some kind of malware and sometimes, the user is even unaware of the fact that the attackers are controlling the machines.

Updated Software and Strong Credentials

The actual thing to worry about all these attacks is that the cyber attacks against the popular content management systems are not new, but the sheer volume and sudden increment in them. At this situation, there is not much an administrator can do, apart from using a strong username and password combination making it more complex for the attackers and also by ensuring the CMS and associated plugins are up-to-date.

“If you still use ‘admin’ as a username on your blog, change it, use a strong password, if you’re on WP.com turn on two-factor authentication, and of course make sure you’re up-to-date on the latest version of WordPress,” Mullenweg said. An updated version of WordPress released three years ago, that was WordPress 3.0, which allowed its users to create a username which can be customised too, so there was no reason to use an “admin” or “Administrator” as a password.

Protect yourself with Alertsec

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

Enhanced by Zemanta

Decoding the Red Flags

April 12th, 2013

Investors can now heave a sigh of relief. The Securities and Exchange Commission and the Commodity Futures Trading Commission (CFTC) have formulated a new set of rules and guidelines that enable entities subject to their enforcement authorities to develop platforms which would protect investors from identity theft.

The rules that were tabled on April 10th are not very different from the present day rules put in place by the Fair Credit Reporting Act and federal banking regulators.

The rules, named, ‘Red Flags Rules’ can be looked at as an adopted pursuant to the Dodd-Frank Act. For the uninitiated, Dodd-Frank Act was an act to promote the financial stability of U.S.A; to save the tax payer’s money by improving accountability and transparency in the financial system; to protect the American taxpayer by ending bailouts; to protect consumers from abusive financial services practices and for other purposes.

It requires the businesses to implement a written identity theft prevention code to scrutinize the signs of theft termed as the red flags.

The new set of acts are meant for those “creditors” and “financial institutions” that have certain covered accounts .These rules necessitate such “creditors” and “investors”  to process and execute a theft identification and detection platform.

The program should identify and detect and find an answer to such activities that would indicate identity theft.

Entities such as broker dealers who create accounts for minors, investment companies permitting investor wire transfers and check writing, and investment advisers permitting payments out of transaction accounts are the ones who would fall in the ambit of the SEC. CFTC, on the other hand, would look after futures commission merchants, retail foreign exchange dealers, commodity trading advisers, commodity pool operators, introducing brokers, swap dealers and major swap participants.

It’s pertinent for an entity maintaining one or multiple covered accounts to determine whether the accounts meet the risk- assessment criteria. Since any account other than an account for personal, family or household purposes under the covered account contains foreseeable risk to customers this rule is particularly meted out for such kind of accounts. These types of consumer accounts include ‘‘a credit card account, mortgage loan, automobile loan, margin account, cell phone account, utility account, checking account, or savings account.’’

How to identify Red Flags?

The theft detection code of each business entity must carry out the following five functions.

  1. Identifying red flags : Identification of relevant patterns, practices  and specific forms in a periodic and sporadic manner would rule out any possible theft.
  2. Detecting them: Detecting the red flags so that suitable policies implemented.
  3. Finding a suitable response: Resolving those issues would come in this step.
  4. Periodic Review and Updating. There should also be a mechanism to evaluate and update the code for future threats.
  5. Administration of Program. The program must be approved by the board of directors of the company. Also, an experienced person must be responsible for administering the program.
  6. The program must initially be approved by the board of directors or, if the entity does not have a board, by a senior-level manager. It must specify who is responsible for implementing and administering the program.

The Red Flags Rules will become effective 30 days after publication in the Federal Register, and the compliance date will be six months after the effective date (around November 15).

The Red Flag Rules are deemed to be a breath of fresh air for the investors. Even though most of the entities are privy to similar rules doled out by FTC, this rule is deemed to be a novel one for many private fund advisers.
The results of the risk assessment would help to prioritize the risk areas (e.g., portable devices, offshore business associates, lack of encryption) that would be targeted for the implementation of controls (e.g., policies, processes, training) to manage identified risks.

Secure your Data with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need ofData encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Enhanced by Zemanta

Data Breach investigation widens to Justice Department

April 10th, 2013

An investigation for reviewing the federal government’s personal data loss took place on over 5,000 Canadians. This has lead to include the Justice Department as well.

There has been a loss of a portable data key which contained the data connected to Canada Pension Plan disability benefits. At first, it was thought to involve the program administered by only Human Resources and Development Canada.

Also, it was told to the victims of the data breach, who had filed their complaints to the privacy commissioner’s office that the incident may have included another department as well.

“I wish to advise you that it has come to our attention that an employee from the Department of Justice Canada may also have been involved in the incident which resulted in the loss of the USB device,” says the recovered letter.

It goes on to inform the recipients of a complaint that was filed against the Justice Department on Jan. 28.

“Our office is therefore investigating both HRSDC and Justice Canada regarding the incident,” says the letter, dated Feb. 14.

It was also found that the justice department too investigating the matter, said a spokeswoman in the department.

“Administrative investigations are underway to determine all the facts surrounding this matter,” Carole Saindon said in an email.

“The Department of Justice is part of the investigations. Justice Canada takes the protection of privacy seriously,” she said.

“It would be inappropriate to comment further while the investigations are ongoing.”

The same day as the letter was recovered; the senior officials at the Human Resources Department were present before a House of Commons committee vouching for the matters about the data breach.

The committee was told that the key of the USB went missing since last year, and two days later it was loaded with unencrypted data and information on 5,045 people, which included social security numbers such as social insurance number, medical conditions, level of education and jobs. To avoid such hazards it is important to enable encryption software in all the networked systems used in organizations.

This USB key was supposed to be handed to one of the employees working on a secure floor at Human Resources who used it the very next day, but later couldn’t find it back.

An employee working in different division at Human Resources also has misplaced an external hard drive earlier – and that the device was supposed to contain the student loan information on 583,000 Canadians which was very confidential. Therefore, the investigation about this incident is ongoing.

At this point, it was told by a spokesperson at the privacy commissioner’s office that the investigations remain aimed at Human Resources.

“We’ve opened a complaint against the Department of Justice in relation to the incident involving loss of the information stored on the USB key – not in relation to the other (student loan info) data breach,” Anne-Marie Hayden said in an email.

Initially, the idea was that the Justice officials were looking at people’s personal medical files which raised a host of many new questions and that what does the government officials do with such personal information, said by a lawyer involved in a class-action lawsuit against the government.

“Nothing good comes of having the Department of Justice look at your CPP disability pension application information,” said Ted Charney.

He also said, there might be a possibility of another department involvement, which could change the nature of the whole lawsuit.

“If it turns out that this personal information has been leaked to a department who shouldn’t have received it, it’s an additional breach of privacy,” he said.

“The motives and purpose for that employee getting access to that information is of very significant concern to us.”

Since the occurrence of these two incidents simultaneously, Human Resources has banned the usage of portable hard disk drives as well as unapproved USB sticks.

Also, they have attempted to install new data loss protection software, i.e., encryption software which is designed to keep better tabs on where and how data is being moved around the department.

The Justice department’s deputy minister Ian Shugart told the committee, “The incidents are unacceptable”, earlier this month.

“Sensitive personal information was stored on unencrypted portable storage devices and not properly secured. This should not have occurred.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta