Internet service provider

File Sharing and Security

February 28th, 2015

In recent times, file sharing is done frequently on the internal servers, websites or through Instant Messaging service. Due to availability of various services on personal devices like smart phones it has become challenging for the organization to secure the sensitive information. Even unprotected Windows networking shares can be exploited by intruders in an automated way. Companies can follow below guidelines to protect themselves from data breach:

  • Protecting your computer against malicious file sharing tools and websites
  • Domain checking of the website for authenticity and then allowing permission to transfer data
  • Downloading data from trusted sites
  • Save downloads instead of running them from pop up window
  • Checking license agreement and privacy statement before installing any software
  • Avoiding illegal downloads
  • Don’t open mail from unknown sources
  • Don’t share your computer access
  • Regularly update your security software with the patches
  • Check your security on regular basis
  • Don’t open your IM on public list
  • Never send sensitive information or files like credit card numbers, SSN’s etc on IM
  • Secure your IM by contacting security admin regularly
  • Highly social nature of IM helps imposters to get information
  • Beware of sharing your personal as well as company information with strangers

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Adobe to patch bug for Reader

June 15th, 2013

Adobe is planning to patch fairly low severity security vulnerability in all of the current versions of Reader and Acrobat that could enable an attacker to track which users have opened a certain PDF document. The vulnerability can’t be used for code execution, but researchers say it could be used as part of a larger attack.

The vulnerability was discovered and disclosed in late April by researchers at McAfee, who had been watching the behavior of some odd PDF samples in recent weeks. They noticed that all of the samples had a similar, weird characteristic, leading them to investigate and discover the vulnerability.

“Recently, we detected some unusual PDF samples. After some investigation, we successfully identified that the samples are exploiting an unpatched security issue in every version of Adobe Reader including the latest ‘sandboxed’ Reader XI (11.0.2). Although the issue is not a serious problem (such as allowing code execution), it does let people track the usage of a PDF. Specifically, it allows the sender to see when and where the PDF is opened,” Haifei Li of McAfee wrote.

“When a specific PDF JavaScript API is called with the first parameter having a UNC-located resource, Adobe Reader will access that UNC resource. However, this action is normally blocked and creates a warning dialog asking for permission…The danger is that if the second parameter is provided with a special value, it changes the API’s behavior. In this situation, if the UNC resource exists, we see the warning dialog. However, if the UNC resource does not exist, the warning dialog will not appear even though the TCP traffic has already gone.”

Adobe on Thursday acknowledged the issue and said that it wills vulnerability in its next scheduled Reader update on May 14.  Although neither McAfee nor Adobe consider the vulnerability to be serious, Li said that it could be used as one piece of a larger attack, as a method of gathering some intelligence on a target.

“Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, Internet service provider, or even the victim’s computing routine. In addition, our analysis suggests that more information could be collected by calling various PDF JavaScript APIs. For example, the document’s location on the system could be obtained by calling the JavaScript “this.path” value,” Li wrote.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Suspect arrested for ‘biggest cyberattack in history’

June 7th, 2013

A Dutch national suspected as the mastermind behind the largest DDoS attack ever recorded has been arrested in Spain.

The Associated Press reports that 35 year-old Sven Kamphuis, identified by The New York Times, was arrested Thursday in a city 22 miles north of Barcelona.

Originally from the Dutch city of Alkmaar, the hacking suspect operated from a mobile bunker — a van “equipped with various antennas to scan frequencies” and able to break into networks anywhere in the country. An Interior Ministry statement said that Kamphuis was able to use his “mobile computing office” to coordinate cyberattacks and speak with media before being arrested by Spanish police on the basis of a European arrest warrant issued by the Dutch. German, Dutch, British and U.S. forces all took part in the investigation.

Kamphuis runs Internet service provider CB3ROB and web hosting firm CyberBunker, which has hosted websites including the Pirate Bay and WikiLeaks in the past. The Interior Ministry’s statement says that the accused called himself a spokesperson and diplomat belonging to the “Telecommunications and Foreign Affairs Ministry of the Republic of Cyberbunker.”

The alleged hacker is accused of launching an attack against anti-spam watchdog group Spamhaus. A 300Gbps distributed denial-of-service sent the non-profit into disarray, taking down the agency’s website and forcing Spamhaus to turn to Cloudflare for assistance. According to the cloud services provider, the majority of the attack was traffic sent using a technique called DNS (domain name system) reflection. Usually, DNS resolves wait for a user request, but if the source address is forged, then requests may be “bounced” off different servers, amplifying the amount of traffic a domain name has to cope with and exploiting vulnerabilities in the Internet’s DNS infrastructure. Most cyberattacks tend to peak at 100 billion bits a second, which a third of what Spamhaus and Cloudflare is had to cope with.

The attack on DNS infrastructure resulted in lower speeds for Internet users worldwide.

The attack against Spamhaus — which is known for blocking fake good advertising and preventing it from reaching our email addresses — was one in a list of major DDoS campaigns thought to be masterminded by the Dutch national.

Kamphuis has denied any role in the attack, calling himself simply a “spokesperson” for one of the loose groups established to take down Spamhaus. However, according to the NYT, the alleged hacker used his Facebook page to proactively look for supporters to attack the agency, saying “Yo anons, we could use a little help in shutting down illegal slander and blackmail censorship project ‘spamhaus.org,’ which thinks it can dictate its views on what should and should not be on the Internet.”

The hacking suspect is likely to be extradited from Spain to attend court in the Netherlands.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta