Encryption used to be the mainstay of military and other government agencies who need to secure the information they handled preventing anybody who may get access rendering the information useless. Everybody knows about it yet not many use it for the protection of their vital information stores, why? Well there are a hundred reasons why people mistrusts such an extreme measure as encrypting data and one is reliability of technology on which it is used on. Computers as we know have become cheaper and cheaper that has been good on one side but it also raises the risk of failure due to cheaper parts and higher risk for data loss due to failure. I know a lot of people would be going against me on this one but if you have experienced a hard disk crash during my many years of computer use and association with them in my previous line of work as a technical support supervisor, you’d know what I mean.
The technology we have today is of the highest level of quality and technological complexity of the computers I started to work with (386’s and 486’s) but the robustness of these gadgets and gizmos we call peripherals are still quite low except for the extreme types that are too expensive for the ordinary user to afford. Imagine a failed motherboard that has fried circuits, no problem for the hard disks are seldom affected by such incidents. Get the board out and swap it out and you connect the hard disk and you have your data available. Imagine you have a failure in the hard drive itself; you get some software and try to recover that information hoping you get enough of the sensitive files your boss needs in the morning. Now, imagine having a hard disk that was encrypted and had some of its sectors rendered useless, now that’s a nightmare for the encrypted data is useless with the key and the code stored into the hard disk itself.
Categories: Cryptography, General, IT Security Basics, Real-World Issues, Storage
Due to the recent problems associated with the loss of government laptops and security breaches such as the incident where the laptop of a Federal Trade Official was reported to have been compromised by reportedly Chinese operatives while on a trip overseas, the US Federal government has begun to encrypt their laptops in hopes of bolstering their security to prevent such security risks in the future. Let us just hope that they do it fast enough for no one wants to get their personal and financial information released online or obtained by enemies of the state (terrorists in layman’s terms). Of the estimated 2 million laptops the US government and the many agencies have, only 800,000 have had the encryption system developed by the Department of Defense and the General Services Administration.
Encryption is one of the most secure way pf keeping data safe from unauthorized access which renders them useless without the proper software or security keys. Comparable to the dial combination on a bank vault, the encryption process turns files onto a useless bundle of information that cannot be read or used for other purposes.
All this effort to boost security of information that is gathered and collated by the various agencies and even private businesses that have ties with the government though contracts have had their computers encrypted to ensure the information they handle and use stays secure and out of the hands of criminals who aim to use them against the government.
Categories: Cryptography, General, IT Security Basics, Real-World Issues, Security Policies, Storage
Shame on you people who capitalize on any means just for that easy buck and depriving help to those who need it most. The US’s C.E.R.T. office that is part of the Department of Homeland Security has acknowledged the existence of fraudulent activities related to the recent disasters in China and Myanmar. These cyber criminals use the disasters as a front to get hold of financial information and other personal data which they use for further criminal activities. The problem has them recommending everybody who wishes to make donations to first check with the Federal Trade Commission’s charity checklist and through other online charity verification facilities such as the Charity Navigator which lists all accredited non-profit organizations that are currently engaged in disaster relief operations in the specified countries.
Many people have been victimized by these cyber criminals who commit identity theft through financial information gathered from fraudulent email and websites through phishing attacks. Once the information is taken, prompt action is needed to avoid the tons of potential problems that can arise from such illegal activities. Measures are in place to freeze bank accounts and other bank financial services once they are reported. The verification systems in place for charities have also provided a lot of help with regards to fraudulent charities and other scams that they have to some extent provided protection for the generous and big at heart who always try to donate for people in need.
Not much can be said of these criminals except for the fact that they exhibit the highest levels of cowardice in their use of the misfortune of others for personal gain. There are a lot of resources available on the internet for verifying the truth of claims and people are advised to take caution when dealing with solicitation letters and such information. Identity theft is continuing to be a pain in the neck for all of us but with proper discipline, the problems associated with such attacks can be avoided and minimized. Shame on You Guys!
Categories: General, News, Tips
A startup firm named iSekurity has former agents from the various US Federal agencies in their roster is to begin offering Identity theft protection service which may become the start of a new chapter or rather business in the world of industrial espionage and identity theft. These former agents are no strangers to the growing problems associated with identity theft and it is costing money for many US businesses and the people who work for them. From petty credit card fraud to more serious crimes, they’ll tackle them all and they would do it with the same precision and tenacity as they have learned in the service. The President and founder of the company promises to get people who steal identities or give their clients a sum of $11,000 as remuneration for any cases they fail to resolve.
This is in response to growing frustration among people with crimes that have resulted from identity thefts and the company’s crews of over 100 former agents are well versed in the art of surveillance and apprehension.
Private businesses like these, hope to fill in the gap between law enforcement and the public where they can do little to stifle these crimes that often have links to organized crime syndicates. From drug running to many other gang related activities, these guys have done it all. The president of the company was a former Presidential detail to former presidents and has taken the role of leading the Secret Service’s elite CAT or Counter Assault Team. With impeccable records in their former federal duties, criminals have one more group of people to overcome in their endless pursuit of identity theft.
Categories: General, IT Security Basics, Malware, Physical Security, Privacy & Anonymity, Real-World Issues, Spyware
Panda software, a developer of security systems and anti-virus software has raised the alarm regarding a massive cyber attack on vulnerable IIS Server based web pages. The malware once it gets in re-directs users to malicious sites from totally legitimate web sites. The infection grew from less than half a million infected servers to almost double that which is quite fast for a specific type of malware. Most developers who employ “code scrubbing”, which is removing information as it is saved into an SQL database are easy prey and are the intended target of the massive attack that is still taking place. An I frame is inserted to redirect users to malicious sites that can lead to identity thefts even with the users not knowing about it.
The attack is centered on Microsoft’s IIS web Server in particular ASP pages that have very strong ties to SQL databases. Panda and Fsecure have both identified the hidden code (“) that can be deep in their web pages and advises them to look for the string that re-directs people to other sites. Users and Site Administrators are advised to get all updates from Microsoft to remedy the problem and to halt the spread of this attack once and for all.
All this to bug people who use the web all over the world, in the never ending battle between hackers and those who are up to take them head on.
Categories: General, IT Security Basics, Malware, Network Security, News, Real-World Issues, Security Policies, Spyware
The move to shift from multi-level communications and incorporating Unified communications such as VoIP and other unified platforms has become the prime targets of hackers who are now turning to IM attacks as their targets. Offices have de-centralized communications and other systems combining them into one system that is capable of handling communications eliminating the need for maintaining several systems each with its specific function. IM or Internet Messaging is cheaper and allows office workers in the field to communicate cheaply with the office and VoIP allows them to communicate cheaply over vast distances.
Unified communications is the next step towards virtualization which is currently being developed and tested by various developers. IM is one of the most convenient means of communications which has the capability to receive mail from all over just as SMS or Text messaging has done in the Mobile Industry. Every user who uses the internet may have one or more IM accounts with the many free mail providers or through their company hosting service. Using the IM allows hackers to send malware, unload their payloads and go on to propagate through the networked system, which if looked at from a business perspective crippling one of the vital communications links. There are still mobile phones and other means communications but being ever present at every desktop, any unsuspecting user can download malware without proper intrusion prevention and detection systems in place. Mobile phones have also suffered attacks from malware that is designed to attack stripped down versions of popular Operating systems, the forays of hackers into unified communications may mean they are keeping pace with the development of new technologies as fast as businesses adopt them and accept them as just part of the game.
Categories: General, IM, Instant Messaging, IT Security Basics, Malware, Network Security, News, Privacy & Anonymity, Real-World Issues, Security Policies
As it turns out, students in the many fields of IT such as software development are still being taught the lessons of old and not being taught how to pro-actively design software to defend itself from attack. This is the result of a recent survey which shows that many programmers and developers to be are not getting ample courses in integrating security into their systems. They are left to fend for themselves and have to rely on patches to overcome development bugs that could have been fixed before they became problems in the first place.
I started out as a programmer in the glory days of FoxPro and C++ and such events that we have now are non-existent or are not as malicious as they are now. Back then, they simply messed up the display of garbled the contents of a floppy with no bearing on Phishing or Vishing and the myriad of stuff today’s malware do. Security has become such an issue with development that people today have to rely on anti-viruses and other intrusion prevention systems for their systems to remain reliable. Incorporating more security into applications would prevent weaknesses even if bugs are present in the program for no system is totally fool-proof. We would still need these intrusion protection systems yet not as highly dependent on them for basic security needs.
Most companies rely on million dollar contracts with software developers who design software to protect their software, McAfee, Symantec and many other security software developers have shifted focus more on intrusion prevention and less on anti-viruses for today’s malware have gotten to a level of sophistication that they can self-modify themselves to elude anti-virus programs of the past. Integrating encryption and other security provisions into the software itself may take longer but it would provide a level of security that hackers would not find easy to break. Education is the key and knowledge is power, so giving the next generation of developers the knowledge to incorporate security greatly increases the level of power over these malicious programs and the hackers who make them.
Categories: General, IT Security Basics, News, Programming, Real-World Issues, Security Policies
The secret he has forgotten for 25 years way back when he was a developer for BSD which is the forerunner of today’s open sourced programming languages. The length of time the said bug has remained in the system so to speak is so critical that he has warned people of the problem as it came to him. He investigates further and finds that all the derivatives of BSD still carried the same bug that he forgot to correct way back in the early days of the open source drive. Why is this so significant, the error though a quarter of a century old still exists in Operating systems like the Mac OSX which is a BSD derivative. From FreeBSD, NetBSD and Dragonfly BSD, they all carry the same old bug that Marc Balmer had to affect all of the changes immediately so no further problems arise.
Open sourced advocates claim that they are faster when it comes to fixing bugs which they do so when a member of the community reports one, the concession is reached and a subsequent patch is issued with mail sent to all those concerned. This incident highlights the need for better analysis of the tools used for our internet use. Imagine a vulnerability that has existed for 25 years and the solution was provided for by the original developer? If he had passed away then who would have realized such weaknesses? This may be the explanation for some of the biggest security threats we have been encountering all this time with malware. So the lesson would be not to totally rely on technology for it is still the man who makes the machine (computer) and tells it what and when to do it.
Categories: General, IT Security Basics, News, Real-World Issues
The news that Microsoft was going to drop everything that has to do with Windows XP came as a shocker to all for not everybody was ready to jump onto the Vista Bandwagon which has nothing to show in the area of reliability and stability that XP has shown. As with their move when they pulled out the plug on Windows 98, many went up and many took up arms to show their disgust. Many saw it as a move to force people to upgrade to a newer operating system even when the old one was still working just fine. Windows XP has reached a level of stability which has exceeded that of Windows 98′ but the company initially saying they were pulling the plug irked quite a lot of people that they decided to have support for it till 2009. They also said that the selling of OEM and packaged XP’s were to be stopped and that they were only to be available to Ultra-portable sellers.
The Upâ€™s and Down’s of their decisions may show that the company is feeling the pressure form the open-sourced community and that it is trying to keep hold of their piece of the pie in the IT market may be in danger of being lessened. Their failed bid to acquire Yahoo as a move to go against Google shows the failure of their company to realize the significance of advertising. They were hoping to acquire Yahoo to use as their internet marketing branch and to get a bite of the search engine market at the same time. They have extended support for XP till 2009, but the problems with XP SP-3 have been so much they had to hold release a week or so back. The update is now available for automatic or manual download from Microsoft’s TechNet and through AutoUpdate.
Categories: General, News, Real-World Issues
The movement to free Tibet from Chinese rule has had several web sites and organizations springing up to fight for Tibetan independence from the Chinese’s Communist Rule. The movement was threatened by the government to be met with force and it indeed was resulting in the much publicized crackdown on the remote Chinese territory. Their discovery of the Trojan, nicknamed FriBet by McAfee is quite unique in the sense that it is the only form of malware that has been specifically designed to attack a specific type of computer, one that supports the Pro-Tibetan movement. The said malware has been identified to have infected two web sites that have expressed support for the movement and the Trojan then seeks all databases that are linked to the said site. Visiting the said infected sites will trigger a seek operation that downloads the payload onto the machine which in turn spreads it to other sites that it visits.
This raises suspicion though the experts are not raising the idea that it may have been developed to wreak havoc on sites the Chinese government have identified as supporters. The Chinese link has yet to be officially declared but anyone knows these types of attacks are a common practice of hackers. The surprising fact is that it is similar to a patriot which locks in on a target which has been designated by mission control effectively getting its target in any weather. The aiming is quite precise which leads conspiracy theories to the conclusion that it may be an attack on these sites from the inside. Much is to be learned from the Trojan as it is tracked and detected throughout the globe. Major developers of anti-viruses have been able to remove and block it but unprotected machines may prove to be too easy a target for the Trojan.
Categories: General, IT Security Basics, Malware, Network Security, News, Real-World Issues, Security Policies, Spyware