Archive for May, 2013

Large Scale Botnet Brute Force WordPress

May 23rd, 2013

There have always been a lot of brute force attempts/bot scans and hacking attempts on WordPress hosted sites (due to flaws in the core and a multitude of insecure plugins) – this site being no exception (they’ve even done some minor damage before).

But things appear to have really ramped up recently with a large increase in brute force attacks on WordPress sites. It seems to be the work of a rather crude botnet, which hits up the normal admin username (along with a few others like test/root etc) with a bunch of common passwords. Once it gets in, it leaves a backdoor and adss itself to the botnet – and starts scanning for other victims.

Sucuri have confirmed that the number of brute force attacks in April is double than that of previous months in their blog post here – Mass WordPress Brute Force Attacks? – Myth or Reality

Hosting providers are reporting a major upsurge in attempts to hack into blogs and content management systems late last week, with WordPress installations bearing the brunt of the hackers’ offensive.

WordPress installations across the world were hit by a brute force botnet attack, featuring attempts to hack into installations using a combination of popular usernames (eg, “admin” and “user”) and an array of common passwords. Attacks of this type are commonplace; it is the sharp rise in volume late last week to around three times the normal volume rather than anything technically cunning or devious that has set alarm bells ringing.

The primary target appears to be WordPress installations but Joomla users also reportedly took a bit of a hammering.

Early suggestions are that hackers are looking to harvest “low-hanging fruit” as quickly as possible in order to gain access to a bank of compromised sites for follow-up malfeasance, which could be anything from hosting malware to publishing phishing pages or running some sort of denial of service attack. “It’s doorknob rattling, but on an industrial and international scale,” notes Paul Ducklin, Sophos’s head of technology for Asia Pacific.

This is a large scale attack though, well organized and very well distributed with over 90,000 IP addresses involved. So using something like the WordPress plugin Limit Login Attempts wouldn’t help much – as they are not sending many login requests from each IP address.

Cloudflare have already pushed out a block for this type of attack, both for paying and free customers – so if you’re using that you should be safe.

If you notice your admin login or blog in general is very sluggish, you might have already been hacked. The outgoing brute force attempts take a lot of server resources.

WordPress founder Matt Mullenweg said that the attack illustrates the need to use a distinct username and a hard-to-guess password, common-sense advice that applies to using web services in general, not just for blog administration.

Olli-Pekka Niemi, vulnerability expert at security biz Stonesoft, outlined the range of possible motives behind the attack.

“A concern of this attack is that by compromising WordPress blogs attackers may be able to upload malicious content and embed this into the blog,” Niemi said. “When readers visit the blogs in question they would be then be subject to attack, come under compromise and develop into botnets. The attacks against the word press blogs seem to be distributed, with automated attacks coming from multiple sources.”

Matt Middleton-Leal, UK & Ireland regional director of corporate security dashboard firm Cyber-Ark, said hacks on corporate blogs might be used as an access point to hack into other (more sensitive) enterprise systems. Weak passwords need to be changed pronto, he argues.

“Common usernames and weak passwords are extremely risky online, however, the dangers are compounded if users re-use the same login credentials for other sites. Once the bad guys have cracked a username and password, it’s extremely common that they’ll attempt to use the same combination for additional sites in the attempt to fraudulently use accounts, or access information such as credit card details or corporate data.

“If WordPress users have been targeted in this attack, they should immediately seek to change their username and password details for their WordPress account, but also for any other accounts for which they use the same credentials,” he added.

There’s not a lot of info going around on what happens after a site has been compromised, in technical terms anyway – so I can’t really comment on that. But if you have decent file permissions, a strong password, you have already deleted the admin user long ago you should be safe.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Most External Attacks From Foreign Lands

May 21st, 2013

One of the more interesting trends of data security has been the continued globalization of cybercriminal strategies targeting American firms.  The Verizon 2013 Data Breach Investigations Report showed that companies of all sizes should improve their security if they have yet to do so, and one critical area with which to start is the authentication process, as the report showed 67 percent of network intrusions resulted from weak or stolen credentials.

Knowing that these external threats are coming is key for businesses, as the report showed 92 percent of cyber attacks were by external parties while a mere 14 percent were from an insider. Companies could experience both, so it was noted that this number does not have to add up to 100 percent. Fifty-five percent of attacks were carried out by organized crime syndicates, where spam, identity theft, payment fraud and other strategies were employed.

“The two big reasons for the dominance of external actors are their numerical advantage and greater attack scalability,” the report stated. “An organization will always have more outsiders than insiders, and the Internet connects criminals to a virtually limitless host of potential victims.”

While most would think organized crime would factor in primarily with large companies, the Verizon report showed that 57 percent of attacks on small businesses fell into this category, distantly followed by 20 percent coming from state-sponsored hackers. For large companies, 49 percent of attacks came from organized crime with 24 percent government-affiliated. The primary incentive for these crime syndicates to attack is money, the report said, as there are now more economic and social activities online and a richer amount of data that can be stolen and converted into cash for these criminals.

Organized cybercrime targeting industries such as food, retail and finance tends to come from Eastern Europe and North America, according to Verizon analysts. Attacks can include malware used for spying, brute-force hacking and even physically tampering with databases, desktops and ATMs to get what they want. State-affiliated attacks are expanding as well, with the report saying these attackers are using espionage campaigns to target data to help military interests, find insider secrets and acquire source code. Only 2 percent of attacks come from hacktivists, even though many may think of this as a bigger issue now due to how much mainstream attention it receives.

Securing data for a better future
​Verizon executive vice president Randal S. Milch wrote in a guest post on The Hill that Congress must play a key role in helping to improve the nation’s cyber security posture. One suggestion he had was to start sharing threat information between federal agencies and communications companies which can help find threats earlier and prevent them before they really hurt companies or government bodies, which is essentially the basis of the CISPA bill.

“As we continue to work to find the best solutions to ensure the best cyber security in the middle of this fast‐moving technological war, we must avoid regulatory mandates that will quickly become obsolete and potentially hinder the ability of high tech companies and broadband providers to innovate and coordinate to defeat ever-evolving cyber threats,” he wrote. “These companies must maintain the flexibility to deploy new technologies in real-time to secure networks and to protect customers.”

Milch believes that having a strong partnership between the public and private sectors will bring forth a more secure era of online communication and data sharing, thereby helping the company grow economically. This brand of data security will take teamwork, he said, but he believes that as more realize how important securing the cyber world is, the easier it will get to come together and do as such.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Travnet Botnet Steals Huge Amount of Sensitive Data

May 19th, 2013

The Travnet bot not only steals sensitive information from a victim’s machine; it also steals document files. Generally speaking, we store most of our sensitive information in Office files, PDFs, etc. Using data compression and data-encoding methods allows Travnet to steal huge amount of data including large files.

The bot at first gathers sensitive information about victim’s machine. Then searches for document files (doc, docx, xls, xlsx, txt, rtf, pdf).

The preceding code includes computer name, IP address, and username, and operating system, list of running processes, IPconfig details, and information about different accounts present on the system. The malware creates the file system_t.dll to store this information in plain text. It also creates the file travelbackinfo-(System Time).dll, which will be used in an HTTP GET request.

The data stored in the file can be huge, depending upon running processes and IPconfig details. The bot will use data compression and encoding methods to send the sensitive data to a remote server.

The bot sends the stolen data with the parameter “&filetext,” which starts with “begin::.” But the compressed file can be too big to send over the HTTP, so the bot sends the compressed file in chunks of 1,024 bytes. To track this, it uses the parameter “&filestart.” The bot appends the string “:: end” to signal the end of the file.

Data compression and encoding techniques

The bot processes the original data in two passes:In the first pass, it uses a data compression method similar to LZSS (Lempel–Ziv–Storer–Szymanski) to compress the original data

In the second pass, it encodes the compressed data using custom Base64

First pass data compression

The bot’s data compression maintains a dictionary (a sliding window) of previously seen data that is similar to data compression with LZSS.

The bot uses a similar method to maintain a large sliding window size (to achieve a high compression ratio) but outputs variable-length “Length- Offset” pairs (the number of bits required to represent the number). We have not seen yet any references or implementation that outputs variable lengths and variable offsets, so for now we will call this method a variant of the LZSS data compression algorithm.

The bot starts compression by reading original data in chunks of 65,536 bytes (so it has to maintain sliding windows of this size). The final output of compression will be in chunks following this format:

Original Length (2 bytes) + Compressed Length (2 bytes) + Compressed Data

This method achieves a high compression ratio and reduces the size of the original data, allowing the bot to upload large files on the remote server. The decompression process is very easy to write because it does not need to search for the longest match but needs only to take care of variable-length values.

Second pass custom Base64 encoding

The Travnet bot uses custom Base64 encoding to encode the compressed binary data. The key and character set used in standard Base64 is “ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/” with “=” used for padding; the key used by the bot is “ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-/” with “*” used for padding.

Small tool to decompress the data stolen by Travnet.

As we look at the output, we see the size of the decompressed file (the original data) is much higher than that of the compressed file. Let’s now look the decompressed data:

The preceding is the original data stolen from the victim’s machine. Interestingly, the unreadable characters in the decompressed file are in Chinese. While writing the sensitive information in a DLL file, the bot writes some hardcoded strings that are in Chinese. If we convert those strings to English.

Stealing files

The bot doesn’t stop; it steals more data. Next we see the functions called by the bot:

The bot will send the following:

A file containing lists of all filenames on the system drives

All files that have doc, docx, xls, xlsx, txt, rtf, and pdf extensions

All files from victim’s desktop

Once it sends all the files to the remote server, the bot will go into sleep mode and wait for further commands.

Server commands

UNINSTALL

UPDATE

RESET

UPLOAD

Next we see a command from the server telling the bot to upload more data:

Although the botnet uses a simple mechanism to infect and steal information, a few elements make a Travnet botnet unique:

Using lossless data compression to steal large data files

Stealing documents files with extensions doc, docx, xls, xlsx, txt, rtf, and pdf

Stealing all files on the system drives

These unique features and the presence of Chinese strings lead us to conclude that the Travnet botnet may be a targeted attack for stealing sensitive data. We suspect the attackers are using the initial data–computer information, IP’s–to steal sensitive data from a particular group or identity. We also believe that the data uploaded to malicious servers is actively monitored by the attackers. We have found new domains registered to carry out the attack. We believe that huge amounts of data have been stolen from victims whose machines were infected with Travnet.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

USB Autorun Attack

May 17th, 2013

New malware emerged recently attacking Android and Windows platforms.
Main capabilities: Steals information and downloads files
File size: 330,984 bytes
File type: APK

This malware comes up being a system solution that assists with accelerating your system. Right after setup, it displays an image launcher. After the harmful application is launched, the user will discover its home screen. The application offers a number of different “clean options” for the user to select, however they really practically do nothing at all other than display an activity bar.

Concurrently, the malware begins a service that is harmful throughout the background.
It signs up a location listener to gather as well as upload location details via HTTP to a server.
It additionally gets instructions from a C&C server.
The protocol utilized by the malware to communicate to the C&C server is a unique one.

The malware executes a number of functionalities, for instance:
•Send and Delete SMS messages
•Steal contact information
•Track location via GPS device
•Make phone calls
•Execute commands

Why this malware is special is the control usb-autorun-attack. Following this control the malware will download a few files from its server and also save them within side the SD card. Among the files saved is a traditional Windows autorun malware thus when the user chooses the USB setting on the cellular device and attaches with a Windows platform, the autorun malware will operate instantly. This auto-run is made to record voice and report to the server. The application is a major threat to the security of the data stored on the computer that has it installed.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Japan gets ready for Zeus

May 15th, 2013

Zeus, called after the Greek deity, now establishing new point of interest: Japan Internet banking Consumers

Zeus along with other financial Trojans are already a huge headache to internet banking consumers around the globe for a long time.
Specific nations for instance the japanese have escaped assaults from financial Trojans, possibly as a result of language barrier and perhaps other unfamiliar cause.

Since the national law enforcement organization of Japan has reported repeatedly, Japanese internet banking consumers began to become victims for this form of assault.

Lately we discovered a fresh new Zeus variant focusing on several banking institutions with inside Japan.

The functionality matches the other variants. As soon as executed, the Trojan hooks on the browsers monitoring any URLs related to financial institutions then inserts code in the page which shows a note notifying of an upgrade to the banking system and asking to enter the registration information which includes accounts, passwords and every other details.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Traffic control The man in the middle

May 13th, 2013

Data sent by GPS applications such as Google maps and Waze can be altered hence control navigation routes of other drivers and even cause traffic jams. That is, if hackers would be interested in it, they would be able to affect the real-time traffic in order to trick users in travelling to the busiest traffic centers, rather than to open road, or to any track or spot they desire.

Both applications allow users to navigate through the use of information obtained from their devices, along with other devices currently on the road – and analyze the real-time traffic in order to offer the ideal route. But just at this point hackers can cause damage and change the route, anonymously and without being discovered by the applications, and to persuade users to take completely different tracks than they should.

Those apps use GPS sensors and Wifi in Smartphone devices in order to track the location of the user. If Wifi

is enabled and alone, you can get information only on the wireless access points and area of radio cells around the user, which helps calculate the approximate location? Google for its part uses real-time traffic information that is sent using TLS protocol (Transport Layer Security) designed to send the user’s location in a protected and secure mode.

While the protocol itself ensures the reliability of the data, which makes it impossible to attack or monitor the phone without Google’s notice, there is a work around that allows controlling the data itself. This is called ‘man-in-the-middle’ – We used Android 4.0.4, placing hack just before the security protocol allows to control the information sent from the Smartphone, without being detected by Google.

Google receives information from the device without approval or user’s current location check, and that’s how it possible to change the driving route to and from any point in the world.

Obviously, in order to have a significant impact on the traffic, you have to create large number of different users.

A similar attack can be associated with Waze, but this application is much more difficult to affect drivers and navigation process, since the app connects the user’s location with an account. Thus, an attacker who wants to change the traffic to simulate more vehicles would need to create multiple accounts with different email addresses.

Companies that offer navigation applications can avoid these attacks by linking the information about the current location of the user to a one-time approval cataloged by the hour and will be limited in time. Thus, applications can limit the maximum amount of information sent or received by any device, and by that effectively offer another layer of security to their internal system.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Malicious spyware in Google Play

May 11th, 2013

New malicious spyware spreading around in Google Play, threatening millions of Android users. The good news is that you’re only infected if you downloaded a funny Russian app, intended to transcribe other common applications. The bad news is it’s probably popular applications since millions of users have already been infected.

The spyware received the non-surprising name ‘bad news’, and is currently detected in 32 different applications, created by four different developers. We can’t tell exactly how many devices got infected, because Google Play is not showing exact number of downloads, but only a relatively wide range, so all we can say now is that between two million to nine million, not bad for relatively new spyware.

The great wisdom inherent in this particular spyware is that it is installed in the form of advertisements server that alerts users later on, thus it does not look dangerous at the initial stage, or when it is placed in the apps store, because there is no initial spyware expression as it “wakes up” only after some time.

Please note that it is unknown if all the infected app developers intended to harm. May be that they were just planning to develop a user-friendly application, but unfortunately bought a tainted platform. One of the recommendations to Android app developers: Observe carefully third-party libraries listed in your application. Even if you meant for the best, you may be putting users at risk.

So what does this spyware do? Two things you would not be very happy to happen to your device. First, it sends false alerts encourage you to download other infected apps, including ‘AlphaSMS’ that in turn sign your name without your approval to premium SMS services that cost money.

Second, it sends your phone number and your device identification number to the Spyware developers – two pieces of data that when are in the wrong hands, the sky’s the limit.

You obviously assume Google is doing something about this. You are right. The company operates the ‘Bouncer’ service that scans the applications for traces of spyware, but it is among the ongoing anthology in which no society cannot always win. Not even Google. As of today, Google removed all known infected apps from its store. On the other hand, it is only those that are known, it is unclear how many more unknown still out there in the market.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Mobile devices malware detection

May 9th, 2013

A new method for identification of mobile devices malware, which usually are not detected by the common detection methods, and uses advanced methods of machine learning.

Cellular phones security is an intensively studied area by security companies and research institutions around the world since the release of G1 devices Android based operating system in 2009.

Recently discovered a new and sophisticated type of malware named Dropdialer, which was distributed to the Google apps store. This malware is installed as legitimate software by the user. Hostile code actually installed later using the ability of the “Automatic Update”, which is used by the software and allows it to “pull” independent software updates from a remote server. In this way malware can spread to a large number of devices without being detected. Retrieving hostile code can occur at a future random or fixed time, or as a command received from a remote server. This capability can be implemented in any malicious application.

The standard Antivirus software usually cannot detect this type of malware (self-updating malware) because the original app is completely innocent and therefore can escape from any static analysis method (code analysis without execution) or dynamic analysis (monitoring software at runtime). The difficulty in identifying such malware is also due to the fact that the ability to self-update serves application developers’ legitimate needs such as application version upgrade, adding stages in different games, bug fixes, and more.

The new method for self-updating malware identification uses advanced algorithms of machine learning, which learns the normal behavior of applications, thus allow detecting abnormal behavior in real time which may indicate that the app is malicious. An analysis of mobile smart phone malicious apps shows that about 70% focus on stealing sensitive information. Therefore, in this study we use the characteristics of a network to study the behavior of applications because they can point to information leakage.

The use of a limited number of characteristics (network characteristics) and the machine-learning algorithm allows to perform the learning behavior of applications, the monitoring and identification on the device itself, which is of course resources limited (i.e. battery).

Examples of properties which are used for studying the behavior of applications are: number of bytes sent or received in different time windows, such as 5 minutes or time since the app was active and connected to the net, etc.

The degree of behavior of an application is performed by using an algorithm based on a technique called Cross-Feature Analysis, which “learns” the relationship of each property relative to other properties of a normal behavior. In the monitoring phase, each sample is checked against each feature and whether the same relationship with other properties is maintained. In other words, we calculate each characteristic probability that it is normal given the values of other viewed properties, and take into consideration the probabilities along the value that represents the distance from normal behavior.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

User access control Fundamental but forgotten

May 7th, 2013

User access control is a cornerstone of information security management. Everybody needs it and does it. Yet in practice it’s poorly conceived, implemented and managed. It’s one of those elephants in the room: a problem that is highly significant, but difficult to tackle so business is reluctant to acknowledge it. If it wasn’t for compliance and internal audit the situation would be even worse.

A number of theoretical models have been developed over the years but they don’t deliver in practice. We’ve got ACLs, Capabilities, MAC, DAC and RBAC, none of which work in a medium or large enterprise. There are several reasons for this.

Firstly, the models are too simple. Access control is too rich a subject to be determined by a single label or capability. Deciding whether a user can have access to an enterprise system is far from simple. It depends on who they are, what they are, how important they are, where they are, what they are doing, to whom they report, and what other access they might already possess. This requires unambiguous policy rules and reliable decision processes, supported by smart application front-ends, all of which are in short supply.

Secondly, we rarely have enough knowledge in one place to make this work. Neither systems owners nor administrators have perfect knowledge of who does what across the enterprise and what access they require, especially in an organization that is continuously acquiring, divesting and restructuring business units.

Thirdly, we don’t pay enough attention to administration. It’s too often poorly resourced and equipped. Cost savings can easily be made by streamlining processes and implementing better tools but this requires enterprise-wide cooperation and it’s rarely at the top of any business unit’s agenda.

Fourthly, we are constrained by legacy systems and infrastructure which complicate the problem space and restrict the solution space. Ambitious visions quickly fade into the distance.

An inescapable fact is that we can’t control a complex situation with simple controls. Today’s access requirements are a sophisticated blend of numerous factors. Access rights depend on multiple user characteristics that can be surprisingly hard to define measure and monitor.

The end result is that it doesn’t get done properly. Instead we fudge it. We do the minimum we can to keep it going and rarely get around to developing the rich policies, knowledge base and streamlined processes needed to build a sustainable, effective access control system.

In fact it’s much easier to close the back doors, through vulnerability management and penetration testing rather than to secure the front entrance. But compliance is catching up with the thousands of wrong profiles, toxic combinations and dead registrations. Sooner or later we will have to put aside the easy, quick wins and face up to the long-standing elephant in the room.

Prevention is better than cure. Prevent your systems from attacks with Alertsec Xpress.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

The Cyberwar Will Not Be Streamed

May 5th, 2013

In early 2000 — ages ago in Internet time — some of the biggest names in e-commerce were brought to their knees by a brief but massive assault from a set of powerful computers hijacked by a glory-seeking young hacker. The assailant in that case, known online as Mafia boy, was a high school student from a middle-class suburban area of Canada who was quickly arrested after bragging about his role in the attacks.

It wasn’t long before the antics from novice hackers like Mafia boy were overshadowed by more discrete attacks from organized cyber criminal gangs, which began using these distributed denial-of-service (DDoS) assaults to extort money from targeted businesses. Fast-forward to today, and although vanity DDoS attacks persist, somehow elements in the news media have begun conflating them with the term “cyber war,” a vogue but still-squishy phrase that conjures notions of far more consequential, nation-state level conflicts.

If any readers have been living under a rock these last few weeks, we are referring to the activities of Anonymous, an anarchic and leaderless collection of individuals that has directed attacks against anyone who dares inhibit or besmirch the activities of Wikileaks, an organization dedicated to exposing secret government documents. To date, the Websites attacked by Anonymous include Amazon.com, EveryDNS.com, Mastercard.com, Paypal.com, and Visa.com, among others.

The websites may be attached, but you can prevent your workstation from being compromised with Alertsec Xpress.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta