Experts have said it again and again and history has shown us that money is the root of all evil and so it goes the same for the development and eventual spread of more sophisticated malware intended for the ever growing mobile computing environment. Current malware is simple yet experts are warning users and other experts alike that it would only be time before some hacker develops a more robust and discreet form of malware that would circumvent standard virus scanners. As we have seen and read in news articles, these viruses, Trojans and other forms of malware are evolving so fast that removal and detection experts are finding it very hard to get one step ahead of them. In the time it takes to read this post, about 35 or so new types of malware would have been released into the wild to infect any of the millions of unprotected systems over the internet. The problem has gone into the pandemic stage that no system is safe for long. The soonest a new and more robust intrusion prevention and security system is in place, several new vulnerabilities in the computer systems we use are found and immediately exploited by hackers and their minion.
Economics or the promise of earning a buck from such malware creation and spreading is the major motivation for hackers. Say you get into the cell phone of your favorite Celebrity and get hold of private pictures, or get hold of a confidential report which lists the amount of funds along with the corresponding account information and much more information that one can sell quite profitably over the internet.

Tags: Malware, Mobile Malware Threat, viruses

Categories: Cryptography, General, IM, Instant Messaging, IT Security Basics, Malware, Network Security, News, Operating Systems, Real-World Issues, Security Policies, Spyware

Leave a Comment

In another addition to the UK government’s growing list of information security blunders, a data CD which was found labeled as coming form the UK Government’s Home Office Branch, was found lodged inside a laptop bought over the internet from eBay. Yes, bought online which at first was kind of funny for the laptop engineers who handled the device after it was brought in by a customer for repairs. The un-named customer apparently won the online bidding for the laptop and took it for repair to Leapfrog computers for repairs. The technicians found the disk crammed in between the keyboard panel and the main board and thought of it trivially till they read the words, “Home Office Confidential”. The seriousness of the situation arose when technicians found the laptop hard drive and the disk itself to be encrypted rendering the information stored within it un-readable. They immediately called the police which dispatched anti-terrorism units to recover the government laptop and took it to the Greater Manchester Police Headquarters for safe keeping.

These types of incidents are not unusual which began last year when on Nov 20, 25 million people and 7.2 million families had gone missing which had information such as names, addresses, dates of birth, child benefit numbers, national insurance numbers and bank and social security details. The Department of the Environment on the 11th of December, lost two computer disks containing names and addresses of 7,685 learner Northern Ireland motorists. On the same day, confidential information regarding dozens of prisoners/inmates released to private businesses. On Dec 11, a company union claimed that personal information of hundreds of members were sent to four companies by health authority employers. Unite said Sefton Primary Care Trust released data including names, dates of birth, salary, pension and national insurance numbers of 1,800 employees. On Dec 18, records of 3 million learner drivers’ information were lost when a hard disk which was sent to the US for maintenance was lost during processing. The HM Revenue and Customs Service lost 6,500 customers of private pension firms were lost contained within a computer cartridge. The NHS trust, lost patient information of 168,000 people and lastly, the Police records from Devon and Cornwall were found in a dump by a man looking for spare parts for computers who was going through scrap equipment.

Such incidents are alarming and very dangerous for some of the lost information were not even encrypted. The one they found within the laptop was encrypted but given time, a computer expert with no good intentions could theoretically have broken the code exposing sensitive information into the unknown. These are some of the ones that are publicly known and as it shows, the UK Government might want to shore up it’s strategy of safeguarding information for the public and it’s own sake.

Tags: Confidential Disk, eBay, UK Home Office

Categories: Cryptography, General, IT Security Basics, News, Real-World Issues, Security Policies

Leave a Comment

McAfee, one of the industry’s leading software developers of anti-virus software have through its Avert Labs has discovered a new Trojan that infects WindowsCE which was developed for the Microsoft PocketPCs. The Trojan, disables data and network security rendering it useless and can be installed via memory card. The Trojan has the nasty ability to defy removal through software methods with the exception of a total re-format and re-installation of the applications and OS from a secure and safe source. Infected users are also asked not to use flash drives or memory sticks with saved data for they can also contain the code which spreads the trojan.The Trojan was discovered in China and makes itself the home page of the heavily reliant PocketPCs on the web. Information regarding the device, serial number and other personal information are then sent to the author of the Trojan leaving it open to future attacks and installation of malware due to security that has been turned off by the said Trojan.

The Trojan has been found contained snugly within legitimate installers and Asia being one of the fastest growing areas for mobile devices it would only take a little time before the said Trojan aptly named InfoJack spreads and wreaks havoc on Asia’s growing mobile PC community. The US-CERT or Computer Emergency Readiness Team has already taken notice of the said Trojan and is closely monitoring for further developments. Them along with anti-virus developers are currently developing methods of defeating the perpetrator and hopefully also capture the crook who designed the said malware.

Tags: PocketPC, Trojan, US-CERT, Windoes CE

Categories: Backups, Cryptography, General, IT Security Basics, Malware, Network Security, News, Operating Systems, Real-World Issues, Spyware

1 Comment

As the evolution of the lowly hard drive goes with the increase of storage capacity into the terabyte range and hardware based-encryption it seems that data cannot be more secure once it is stored within the said hard disk. Well, according to WindowsIt Pro, not totally for based on their testing of several hard drives that come as wireless removable storage devices you connect to your USB 2.0 ports, it ain’t that secure after all. The device/s tested was even secured by a wireless security key that used rfid technology to unlock the drive for use by authorized users only (which in the real world is anyone who has the keychain key).
The name and brand which we would not name for obvious reasons have indeed admitted the weakness and that the advertised capability of the drive was wrong. As it turns out, the true 128-bit AES security system was used only by the RF chip and the controller on the drive which was easily defeated by removing the drive from the case and connecting to a now standard SATA drive connector. The drive was encrypted, but not at the ‘military grade’ levels that were advertised for the encryption chip used only a basic encryption level which was not up to par with accepted high-encryption standards.

Both the manufacturers of the controller boards, casing and key, have acknowledged the flaw and promise a more robust system (which is to use a more secure encryption chip that is said to come out this year but is still only in development) by the end of the year. So we guess the false advertising with regards to the encryption standard of the drives should be changed from ‘Strong 128-bit AES encryption’ to ‘standard encryption’, which would only be fair for people do make choices based on the products qualities and capabilities.

Tags: data-security, Encrypted Hard Drives, encryption

Categories: Backups, Cryptography, General, IT Security Basics, News, Physical Security, Real-World Issues, Security Policies, Storage

1 Comment

Everybody loves free stuff on the web but once in a while, well, most of the time that is, we get duped for something that describes itself to be a free virus/malware removal tool ending up with more malware and viruses. These scams are all over the internet with many still falling for their lure of being what else, FREE.

These tools have flooded the internet and even with common knowledge that it is best to trust only programs and offers from reputable brands, many still fall victim. They can either be anti-virus or malware removal tools that are being offered as swift response to remove them from your computer system.

Big names in the Anti-virus and Malware removal development industry have known about this and they even advice that one not to trust programs even from them that are not from their own secure sites. Though they produce some of the most sophisticated virus removal and repair software but who knows what can be done if a hidden script was run while downloading their programs from unauthorized sites. McAfee, Symantec, Kaspersky are some of the most successful developers of such software that have stood the test of time. Even they are finding it hard to remove and repair the damage done by such malicious code due to the many forms and strains they are taking.

Sites that offer them without the authorization of the developer can include malicious code within the download causing more damage than you started with. For someone who depends totally on a computer system, it would be best to subscribe or purchase a virus/malware protection software which are now evolving into security systems that are customized based on a user’s needs. One can purchase them out of the box at computer retail stores or order and download them straight from their secure sites once subscriptions are done. Old software is available for renewal or discounted for re-purchase of newer versions which gives you the latest protection available based on their development. Updates are usually done online and can be done automatically is configured to do so. So to best protect yourself from identity theft, Intrusion, virus damage and malware damage install one right away for if you remain open to attack no one knows what could happen.

[tags]Computer Viruses, malware, Free Tools[/tags]

Tags: anti-virus, Malware-removal, Malware-Scams, Security-Software, Tools

Categories: Cryptography, General, IT Security Basics, Malware, Network Security, Operating Systems, Physical Security, Privacy & Anonymity, Real-World Issues, Security Policies, Spyware

8 Comments

Many have been victimized by identity theft and no other area has been so affected as the banking industry. Investment in upgrading and purchasing newer technology and software is one of the most expensive costs for the banking sector which has one of the highest losses when it comes to IT security. Banks and other financial institutions are expected to pour billions of dollars into buffing up their defenses in hopes of staying one step ahead of fraudulent claims and users. The culprit, the internet, the internet has become one of the most dangerous territories on earth for anywhere financial information is transmitted and used, it can be intercepted and misused. True to the dilemma, health industry leaders have also begun to recognize the rising costs associated with identity theft related medical claims. This has already been in the forefront of the battle in the US and is fast spreading around the world and company after company is falling victim to the said crime. The internet also makes it easy to get away with the crime for use of public access which can be traced but the user may be any of the millions of users at one time. Hackers can also turn to call bouncing options which is more akin to spy movies but is really possible. The banking industry has long been a target of ID theft more so in their credit card divisions where billions are lost annually to fraudulent claims and use. Technology is the only security these establishments have as defense but technology as we know it costs a lot but there may be no other choice for them. Buy or bust is the dilemma and they are surely buying.

Tags: Banking-Industry, identity-theft, It-Security-Trends

Categories: Cryptography, General, IT Security Basics, Malware, Network Security, News, Physical Security, Privacy & Anonymity, Real-World Issues, Security Policies, Spyware

Leave a Comment

In the time when people are going more and more mobile making the telecommuting concept a true reality, the existence of the wall-less office has slowly been realized. The shift to WiFi and other wireless networking solutions has allowed people to work like never before without the wires that tied them physically to desks. More and more areas like metropolitan areas are putting up hot spots that allow constituents to work within specific areas which already have existing wireless networks. Even offices have shifted to the technology due to cheaper implementation without the expensive wires needed for each and every workstation. Maintenance of said wired networks also proved to be a very challenging task due to the restricted spaces and conduits which housed them behind walls, ceilings and under the floors. WiFi allowed then network to function without physical connections allowing mobile devices to be connected and linked to the network which could be taken anywhere in the office.

The wireless office has indeed given us more in the area of freedom but it has also created a more vulnerable network for control on who gets which access and other security issues quickly emerged. Software and hardware systems like Retina from eEye Corporation allowed network engineers and managers to analyze and address security loopholes such as unauthorized devices connected to the network like the occasional iPhone and most other unauthorized wireless devices. It also serves as an analysis tools on the proper placement and function of wireless antenna which can be analyzed based on signal strength. Weak signals can mean re-positioning the antenna system or worse it could be a signal of a pending failure for a specific network device. It can also show the effectivity of the network in terms of utilization and bandwidth that is being effectively shared/used by the users.

[tags]Network Invetory, Network Usage, Maximizing Internet Use[/tags]

Tags: Data-integrity, Network Security, Wireless-Network-Security

Categories: Cryptography, General, IT Security Basics, Network Security, Privacy & Anonymity, Real-World Issues, Security Policies, Wireless Security

Leave a Comment

Security experts agree and still recommend that passwords be as tough as possible to prevent access to information on computer systems/networks. Yeah, it sounds very redundant and has become a bit tiring to read but it truly is the best protection ever for a computer may it be in the office or home. Encryption is one of the most promising technologies that has swept the IT security arena but even these robust encryption technologies (hardware/software based) protection technologies can be circumvented given enough time and resources.

Some companies have even turned to military-grade encryption which is tough and almost impossible to break but a wrong move along the way (encryption, transmission and decoding) can lead to catastrophic data loss. Carbonite has another approach to data security by actually backing up data offsite from subscriber’s computers may they be corporate or home users. The initial process of copying and indexing may take a few hours or even days depending on the amount of data to be copied but the subsequent back-up process which is simultaneous (which means that it works in the background when there is not much going on in terms of resource use) as one connects to the internet. So you can be working all day and stop fro a few minutes for a coffee break and return to a computer that has all the necessary information backed up by the system automatically.

Data loss due to hardware failure, software corruption due to malicious code (viruses and the likes) and people simply being reckless and deleting information without following the proper assessment of the information still cost a lot of money to recover from and the approach Carbonite uses is a better option. The system uses secure military-grade encryption which even the Carbonite servers cannot break and use adding to it the use of SSL in the transmission of the information for one mean back-up solution. As a user in the article says, it is like getting an insurance policy for your data. More on the said technology in the coming posts so do return and check us out from time to time for more information on the latest and hottest information from all over the world in terms of IT Security. Merry Christmas and a Happy New year to all.

[tags]Data Security, Data Backup, Strong Passwords[/tags]

Tags: Carbonite, data-security, hardware-failure, Online-remote-data-back-up

Categories: Backups, Cryptography, IT Security Basics, Network Security, Real-World Issues, Security Policies, Wireless Security

Leave a Comment

PCI DSS or short for Payment Card Industry Data Security Standard, is designed as a security protocol that has been agreed upon by industry for applications in Credit card payment systems. Due to ever increasing problems and losses incurred by firms due to credit card fraud they have agreed to implement a data security protocol that encrypts data in transit to the various local card centers. The standard calls for a unified set of rules or parameters to be used in card centers to prevent and maintain security at all levels from the retail store where the data is collected, in-transit as it travels through the internet and as it is processed and stored in the data centers.
IBM has introduced the first PCI-DSS End to End system for implementation on the HughesNet Broadband Network Service. At a time when compliance is at a mere 50% these types of data security become imperative to prevent more losses and other problems associated with fraud and other criminal activities. The standard also applies and recognizes the needs of wireless networks through which a set of analytic and diagnostic processes are required. The PCI Standards Security Council who formulated the said standards are in constant process of reviewing and revising the said set standards as needed due to the ever-changing status of the internet and the business that goes through it.
Around 90% or more of most credit card transactions go through a public network in one stage or another as it makes its way to the central data center which makes it vulnerable to attack. The adoption of cheaper high-speed internet has companies turning to the public net opposed to the previously expensive dedicated T1 lines usually used by businesses. It also allows transaction data to be transferred through one single phone line thus lowering overhead costs making it the better choice for businesses.

Tags: Credit-Card-Fraud, Credit-Card-Information-Security, internet, PCI-DSS, Security-Protocol

Categories: Cryptography, General, IT Security Basics, Network Security, Physical Security, Real-World Issues, Security Policies

Leave a Comment

Employee’s love them, Network Administrators hate them, the advent of more function packed handheld devices have sparked a re-evaluation of the threat these small devices pose. Traditionally, networks were quite safe for to gain access to it you needed to be hooked up to the network, physically with a LAN cable. Now that the shift to wireless has become the network engineer’s best friend the network has surely been simplified and companies are switching to the new technology. Thy no longer needed wires and all existing computers are either replaced with ones that support Wi-Fi or bought individual dongles that allowed connection within the office. That was still an easy security agenda for they usually had a range of a couple of hundred feet.

Then came wireless internet hotspots which commercial developers started to put up to get more workers out of the office into their shops allowing them to work while, say having coffee. That’s where the problems began for the more office correspondence left the walls of the office, the more harder was it to secure. VPN’s were implemented that allowed a secure channel within existing networks making it a bit better. But that was still quite vulnerable to attack and security experts needed a better way of securing corporate data where-ever the user might be. Projections by business and security analysts estimate volume to increase to 100 million email transactions to and from outside the office locations that is still causing nightmares as the next step is found in the drive to secure this network without physical bounds.

[tags]Handheld Computing, Mobile Computing[/tags]

Tags: hackers, internet, security, Vulnerabilities, Wireless

Categories: Cryptography, General, IM, Instant Messaging, IT Security Basics, Network Security, News, Real-World Issues, Security Policies, Wireless Security

1 Comment