Posts Tagged ‘microsoft’

Former Microsoft Manager Accused of Confidential Data Theft

February 25th, 2011
Microsoft's logo with the old slogan, "Wh...

Data Theft at Microsoft

Data theft could lead to numerous problems for larger corporations or even normal users like you. What is really surprising is that it is not just the small organizations, even the big organizations are at fault when it comes to compromise of sensitive information and adoption of data security programs.

Matt Miszewski who is an ex-manager at Microsoft, has been accused of possessing “large aggregation of materials” comprising confidential files. Microsoft has also accused him of breaking a non-competition agreement and carrying a large bundle of confidential documents with him when he left the organization last year.

As per the reports, “Last month, the software giant sued Matt Miszewski, who worked as a market development manager with its CRM and online services division. This was done in order to prevent him from accepting a position at Salesforce.com”.

So what was the data carried by Miszewski?

The incident happened on exactly the last day of 2010 i.e. on December 31st. Miszewski left his current job with Microsoft and accepted a senior vice president job with Salesforce.com. While doing that he took approximately 600 megabytes of confidential information from the company with him. In total,It was reported the confidential information comprised of over 900 separate files with an estimation of 25,000 pages in total.

The Value of Data at Salesforce.com

Salesforce.com, is a direct competitor against Microsoft’s Azure service. On the hosted CRM solutions marked, Salesforce.com also happens to be Microsoft’s primary competitors.. Salesforce.com offerings include cloud-based services for businesses, personal and even mobile computing. The stolen data contained plans, roadmaps and strategy documents for the cloud computing products, and services for 2011.

Without doubt, the estimated value of this data is very high since it brings out Microsoft’s competitive strategies in the open and also allows the other organizations to revamp their own plans in accordance with that.

Miszewski Breached Microsoft Agreement

What is also very surprising is that Miszewski’s act is a clear demonstration of breach of conduct. Since, Miszewski had signed an agreement which prevented him from accepting a job from a rival company. On the flip side, Miszewski claims that he had only taken personal items after resigning from Microsoft for a position at rival Salesforce.com.

According to the reports, “The judge sided with Microsoft and issued a temporary restraining order preventing the former Microsoft manager from starting work as senior vice president at Salesforce”.

Microsoft’s Request to Court

Microsoft has also requested the courts to change Miszewski existing temporary restraining order to a larger duration since the discovery of the critical document was made on his personal computer.

Microsoft’s corporate vice president and deputy general counsel for litigation, David Howard said in a statement “This case involves an employee with knowledge of Microsoft’s sensitive customer and competitive information going to work for Salesforce.com, a direct competitor, in a job that is focused on the same solutions and customers”.

Secure your Data with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Related articles
Enhanced by Zemanta

No comments »

Posted in Security Flaw

Tags:

March 2010: Security News Round-Up

March 30th, 2010

As we come to the end of yet another interesting month in 2010, we look back at some of the major developments in the field of IT & Computer Security in March.

So here is a quick wind-up of all the events that kept the security analysts busy:

  1. Hackers bypass Captcha: In a shocking incident, the highly secure captcha system was broken by US based miscreants. The impact of the attack was huge, with the fraud value of the event being estimated at $25 million.
  2. Review of our Laptop Encryption Protection: Next, we talked about our full disk encryption which is superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.
  3. Hack attack on St. Louis Police: Next in line was another shocking incident, a malicious attack on police department came to light. The name, address and social security number of about 24 victims was revealed.
  4. UK Tops Cyber Security: This is a piece of news which would made have our friends in UK certainly very proud. A report released by House of Lords committee analyzed and encouraged how the United Kingdom has geared up towards the defence mechanism in the Cyber space.
  5. Some of Our Happy Customers: We showcased the words of praise from some of our happy customers.
    Alertsec Xpress is a very easy and convenient service which enables us to secure valuable information on our laptops. Through the Alertsec Xpress service our laptops are secured in just a few minutes.
  6. New ICO Penalties from April: The Information Commissioners Office (ICO) will be rolling out new penalties starting first week of April, the level of financial penalty is set to rise to a maximum of £500 000 (from £5 000), for those companies who do not comply with the Act.
  7. Brazil, India & Korea top the Spam Sending Chart: In terms of percentage spam, Brazil topped with 13.76% of spam, while India came in second with 10.98% and Korea was at third position with 6.32% of spam expressed as percentile of total messages analysed.
Reblog this post [with Zemanta]

No comments »

Posted in Alertsec Express, Hackers

Tags:

Security Updates are Signs of Insecurity

February 21st, 2010

Mainstream software providers continually add security updates to their programs. While the practice is common and ensures that end users are protected from the latest threats and exploits, it highlights a scary truth: most computer software relied on every day by businesses and individuals isn’t secure. The fact that computer programmers constantly need to provide updates is yet another reminder of just how dangerous technology can be.

Unfortunately, it’s not just specialized software which requires security updates. Microsoft’s Windows operating system is infamous for having weekly, if not daily, security upgrades. Security vulnerabilities are just as common with computer programs like Firefox and Adobe. Organizations need to be aware of the risks created by technology and invest in additional computer protection solutions.

A Security Update’s Hidden Message

It’s not unusual to log into your computer and have a security update window pop up, prompting you to install the latest version of some software. These updates, which are created by software developers, patch any recent security holes that have been discovered and upgrade the the code to be more secure. At first glance, these events seem innocent- it makes sense for software to evolve in order to always beat new threats. However, the frequency of these updates reveals a scary truth- most computer applications can be exploited by hackers and aren’t as secure as you’d like them to be.

As anyone who uses Microsoft’s Windows OS can attest to, even well-protected and reputable technologies often have mandatory security updates. The sad reality is that, in many cases, the security patch is developed only after an exploit is discovered by a cyber intruder. For example, Google’s infamous security breach revealed fatal coding errors in Microsoft’s Internet Explorer browser. In response, Microsoft rushed to release an emergency patch which fixed the problem.

Unfortunately, security patches are rarely a final solution. Software developers have to continually look for ways by which outsiders could manipulate their code to infiltrate a computer’s defenses. Sadly, in most cases, third parties end up finding the security flaws first. This is shown perfectly with Microsoft’s “quick fix” to solve the vulnerabilities in IE: a few days after the patch’s release, a security company claimed that the browser was still an easy target for hackers and full of possible exploits. Microsoft’s only response, a generic PR statement:

Microsoft is investigating a responsibly disclosed vulnerability in Internet Explorer. We’re currently unaware of any attacks trying to use the vulnerability or of customer impact, and believe customers are at reduced risk due to responsible disclosure. Once we’re done investigating, we will take appropriate action to help protect customers.

Additional Protection is Required

Organization that seek to protect their digital assets, which include proprietary information and customer data, can’t rely on the software they use to be impenetrable. The flow and amount of security updates show that companies need to invest in additional measures to protect their computers. Encryption software, such the Alertsec Xpress full disc encryption service we offer, adds that extra layer of security and helps defend your machine when the software you use fails.

Further Reading
Microsoft releases emergency Internet Explorer patch [The Telegraph]
Internet Explorer ‘hit with new set of security flaws’ [The Telegraph]
Image [Hall Media Blog]

No comments »

Posted in Data Protection, Encryption

Tags:

“Unhackable” TPM Chip Cracked

February 13th, 2010

The Trusted Platform Module (TPM) chip was generally accepted by security specialists as a safe method of protecting and encrypting information. The chip is common in thousands of motherboards which power everything from notebooks to XBox 360 video game consoles. Many businesses employ the chip as a defense for keeping their private data secure and rely on it as their main encryption device. Even Microsoft’s encryption service, BitLocker, depends heavily on the chip for storing encryption codes.

Earlier this month, a specialist engineer hacked the chip and figured out a way to access its secrets. Using an Infineon chip, Christopher Tarnovsky went through a complicated procedure which broke down the hardware’s defenses and gave him access to the processing core. Breaking into the chip was a lengthy process, but one thing is clear from the hack: depending solely on hardware supported encryption is a bad idea for businesses that truly want their information to be protected.

Am I at Risk?

Tarnovsky’s accomplishment is a serious warning sign, however, the procedure used to break down the chip’s security was extremely advanced and beyond the skill of a novice hacker. The Government Computer News reports:

“Don’t think that this is easy,” Tarnovsky said. He spent six months on the project and still has unanswered questions about the chips’ operations and security. The process of reverse-engineering would cost about $200,000 commercially, but he says that now that he has the technique worked out he can access a chip’s core and its data in six or seven hours.

Tarnovsky’s current method is very difficult to copy and isn’t likely to become a mainstream way of breaking into computers. However, others are going to follow in his footsteps and will continue to build on his work. Eventually, a more efficient and affordable strategy for cracking the TPM chip will be discovered. Hackers will develop ways to break into the chip by evaluating and reworking Tarnovky’s technique. The TPM chip has been proven to be hackable and should no longer be viewed as a secure standalone for protecting information.

We’ve touched on some of the weaknesses that BitLocker had earlier; now we can add its integration and dependence on the TPM chip to our list of complaints. Even if you’re using encryption software to protect your information, you may still find yourself depending on the TPM chip. Many full disk encryption service providers offer a product built around the TPM chip; if the TPM chip of your machine is hacked, essentially, your encrypted data will no longer be safe.

How to Stay Protected

Computer protection is extremely important and the news about the TPM chip’s security flaws should be a wake-up call for businesses. Choosing data encryption software which works is critical and will help protect your organization’s future. If you’re currently using software which is heavily dependent on the TPM chip as the main stronghold, it may a good idea to start exploring other options. Not having any sort of protection is simply unacceptable and inexcusable; we’ve covered several examples where security breaches have lead to serious repercussions for businesses.

To help keep your business data protected in an effective way, explore our secure encryption software solutions. Unlike competitors, our software isn’t dependent on the TPM chip and provides an independent layer of encryption. Try a free 30-day trial now!

Further Reading
Black Hat: Engineer Cracks ‘Secure’ TPM Chip [MCPM]
Engineer shows how to crack a ’secure’ TPM chip [GCN]
Hacker extracts crypto key from TPM chip [The H Security]

1 comment »

Posted in Data Protection, Encryption

Tags:

Breaking into BitLocker

January 27th, 2010

Windows 7, Microsoft’s latest snazzy operating system, comes pre-installed with BitLocker for its Enterprise and Ultimate editions. BitLocker is a hard drive encryptions feature which is meant to help business users and customers who pay a premium enjoy a greater sense of security. BitLocker uses a combination of AES encyption in CBC mode and the Elephant diffusor to protect data. According to Microsoft TechNet, “BitLocker protects against data theft or exposure on computers that are lost or stolen, and offers more secure data deletion when computers are decommissioned.”

Unfortunately, that’s only part of the story; BitLocker isn’t quite as safe as Microsoft would like customers to think. In fact, just recently, software firm Passaware released a tool which can essentially crack the encryption! It also lacks a quite a few features that other providers offer and has several vulnerabilities. The BitLocker service is very new and fails to get any sort advantage over existing market leaders.

What Does Your Business Need?

If you’re managing an organization, you know that you have enough on your plate without having to worry about your computers’ security. You need a solution that works out-of-the box, a proven and successful encryption service which keeps your private information safe and won’t give you any trouble. You need a standalone feature which can’t be exploited and works without any overly complicated set-up.

More importantly, you need a service provider which specializes in its field. Using security companies that work exclusive on encryption technology grants many advantages. Security solution provider who’ve worked in the field for many years can offer a much more complete service than business that offer encryption as a bonus feature.

BitLocker’s Weakness

An analysis of BitLocker from WindowsSecurity.com summarizes our thoughts on the product:

For organizations that take security more seriously this technology still needs to mature substantially before being able to be used with confidence.

BitLocker’s greatest weakness is its integration with the Windows 7 operating system. Unlike our computer encryption software, which works alongside your OS, the BitLocker feature is coded directly into it, making the service less secure. BitLocker’s dependence on the operating system login credentials can be exploited, as can its complicated volume structure. BitLocker also inexplicably stores the Master Key (used for data recovery) unprotected on the hard drive. BitLocker also fails to automatically back up recovery information, meaning that the process has to be done manually.

If you’re serious about your company’s security, it’s a much better idea to go with the full disk encryption we offer. We go beyond BitLocker’s capacities, fixing all of its quirks and providing customers with additional support. For example, we offer a 24/7 remote password reset service, something BitLocker has never even considered. It’s unsurprising that’s the Pointsec technology we offer is certified and can be used by governments or the military, while BitLocker has no 3rd party certification. In business, it’s best to play it safe and choose a product with a 20 year history and proven record, rather than experiment with an inferior one.

Further Reading

BitLocker Drive Encryption [Microsoft TechNet]
First commercial tool to crack BitLocker arrives [ars technica]
Endpoint Encryption – Is BitLocker Enough? [WindowsSecurity]

1 comment »

Posted in Data Protection, Encryption

Tags: