As it turns out, students in the many fields of IT such as software development are still being taught the lessons of old and not being taught how to pro-actively design software to defend itself from attack. This is the result of a recent survey which shows that many programmers and developers to be are not getting ample courses in integrating security into their systems. They are left to fend for themselves and have to rely on patches to overcome development bugs that could have been fixed before they became problems in the first place.
I started out as a programmer in the glory days of FoxPro and C++ and such events that we have now are non-existent or are not as malicious as they are now. Back then, they simply messed up the display of garbled the contents of a floppy with no bearing on Phishing or Vishing and the myriad of stuff today’s malware do. Security has become such an issue with development that people today have to rely on anti-viruses and other intrusion prevention systems for their systems to remain reliable. Incorporating more security into applications would prevent weaknesses even if bugs are present in the program for no system is totally fool-proof. We would still need these intrusion protection systems yet not as highly dependent on them for basic security needs.
Most companies rely on million dollar contracts with software developers who design software to protect their software, McAfee, Symantec and many other security software developers have shifted focus more on intrusion prevention and less on anti-viruses for today’s malware have gotten to a level of sophistication that they can self-modify themselves to elude anti-virus programs of the past. Integrating encryption and other security provisions into the software itself may take longer but it would provide a level of security that hackers would not find easy to break. Education is the key and knowledge is power, so giving the next generation of developers the knowledge to incorporate security greatly increases the level of power over these malicious programs and the hackers who make them.
Tags: Bottom's-Up Security, Development, security
Categories: General, IT Security Basics, News, Programming, Real-World Issues, Security Policies
Employee’s love them, Network Administrators hate them, the advent of more function packed handheld devices have sparked a re-evaluation of the threat these small devices pose. Traditionally, networks were quite safe for to gain access to it you needed to be hooked up to the network, physically with a LAN cable. Now that the shift to wireless has become the network engineer’s best friend the network has surely been simplified and companies are switching to the new technology. Thy no longer needed wires and all existing computers are either replaced with ones that support Wi-Fi or bought individual dongles that allowed connection within the office. That was still an easy security agenda for they usually had a range of a couple of hundred feet.
Then came wireless internet hotspots which commercial developers started to put up to get more workers out of the office into their shops allowing them to work while, say having coffee. That’s where the problems began for the more office correspondence left the walls of the office, the more harder was it to secure. VPN’s were implemented that allowed a secure channel within existing networks making it a bit better. But that was still quite vulnerable to attack and security experts needed a better way of securing corporate data where-ever the user might be. Projections by business and security analysts estimate volume to increase to 100 million email transactions to and from outside the office locations that is still causing nightmares as the next step is found in the drive to secure this network without physical bounds.
[tags]Handheld Computing, Mobile Computing[/tags]
Tags: hackers, internet, security, Vulnerabilities, Wireless
Categories: Cryptography, General, IM, IT Security Basics, Instant Messaging, Network Security, News, Real-World Issues, Security Policies, Wireless Security
The evolution of the internet has given us the Web 2.0 which is a more open form of the previous internet. The traditional internet had people and companies make their own web sites on their own computers or servers, with anybody else just logging in and getting (actually it’s more of reading) the stuff that you need and leave without getting a chance to tell the site’s owner if the information was either very helpful or a complete waste of time. Net 2.0 has allowed the opening up of borders between the said linked computers allowing people to become more interactive in their use of the web. You search for an article on the web through a search engine and find yourself in a blogging site. The information you find is very much useless so you leave a comment telling the owner such. He then reads the post and makes the information on the blog more informative thus giving him feedback on the contents of the site. This was totally unheard of in the old internet days when, what you see was what you got (literally).
The social Net 2.0 has allowed users to influence the way the internet is setup along with the information it contains. Companies get instant feedback from users thus allowing them to improve customer services. The problem, exploits or another form of malicious code that is up to no good. Imagine a social web site like MySpace where you have a page that you share over the net with your pal’s. A hacker finds a hole in the security net and leaves a few short lines of code in the form of a hidden program. It then takes all information you send and receive or use, such as purchase information from internet-based companies. This exploit, turns your page or rather the information gathered from it into his personal atm machine, using the information he has leeched and goes on a shopping spree online. Sounds crazy? You figure it out. Google found almost half a million of such exploited sites out of only 4.5 million surveyed sites (which is only a fraction of the total computers linked on the internet).
You do the math….
Tags: Exploits, identity-theft, Privacy-Issues, security
Categories: General, IT Security Basics, Malware, Network Security, Privacy & Anonymity, Real-World Issues, Spyware
Information is knowledge so information is power. Much so that data that is used, stored and shared within a business environment as all of us know is the subject of too much security that has data centers locked up away from the actual site. Some companies even have armored or secure clean rooms where if something was to happen in the actual office or work site the data center can survive anything under a nuclear blast. But most it professionals still forget the importance of integrity of data that is stored within these data centers.
Yes they have been secure for all the years the several servers have been sending and retrieving data to and from the data center but is the information that we work so hard to keep intact accurate? What if some malicious code somewhat managed to sneak past the thousand dollar anti-virus and other protective software? And has been wreaking havoc within the data center walls? I mean, they do not have to destroy or corrupt the data for as simple alteration of making 1’s into 0’s could be enough to reduce all the information stored within useless.
That is where redundancy comes in which many people now consider to be an old fashioned approach and a waste of important resources. Say a back-up tape/s of all the initial data that is updated with current data say yearly and processed with the same information that entered the data center in a parallel run to see if all was well. It might seem to be a lot of work and investment of manpower but it is assured to keep the integrity of all the information within, going in and out of all data centers. Say a 1,000,000.00 pension suddenly turned into a 1,100,000.00 pension, wouldn’t that ruin your day?
That’s why companies like RSA’s Enterprise Data Security offer in Data security and control systems to prevent such problems from arising in the first place. In any system, the weakest link is till the human operator who can easily misplace a file or other data that can make or break a company. So instead of having to develop their own systems for the same purpose, most opt to hire someone to do that job for them which allows the business to do what it was put up to do, earn a profit.
Tags: Data-integrity, Real-World-threats, security
Categories: Backups, General, IT Security Basics, Network Security, Privacy & Anonymity, Real-World Issues, Security Policies, Storage
The best way to find out the security breaches is to think like a hacker on how to penetrate a secure network through various means. Accessibility to servers may have to go through different stages since various encrypted usernames and passwords would stand in the way of a successful hack.
The approach is quite simple. It is a reverse psychology of sorts since to become a full-proof secure system, ways on how to be able to get over the fences for such walls that have been put off must be severely tested.
Unorthodox as it may seem, the various approaches to be done will certainly be simple at this point because at the rate that hackers are able to go around security fences today, a lot of progress has been made in being able to make the lives of administrators a living hell as far as IT security is concerned.
[tags]hacker, network security, breach, coding, cracks, cryptography[/tags]
Tags: breach, coding, cracks, Cryptography, hacker, Network Security, security
Categories: Cryptography, IT Security Basics, Network Security, Operating Systems, Privacy & Anonymity, Programming, Real-World Issues, Security Policies, Spyware
It is perhaps the dream of most sites to be one of the known sites that will be included in the affordable search engine optimization practices we have today. Many have resorted towards link building and other known online marketing practices and have paid dividends by entrusting the same to companies such as Los Angeles SEO.
But of course, there are security concerns that most people take into consideration today. One is that potential worms and Trojans may just take the place of a site, providing the irritating pop-ups which are usually the origin of these said worms and banes of the Internet.
While search engine optimization is what many web and blog site owners are aggressively seeking, just make sure you do it the professional way and avoid the scam and spammers the web holds as well today. Rather than becoming an ideal site, you may just find your site the least one to be visited at any given day due to hazards many are avoiding.
[tags]search engine optimzation, seo, online marketing, security, worms, trojans[/tags]
Tags: online-marketing, search-engine-optimzation, security, seo, trojans, worms
Categories: IT Security Basics, Malware, Network Security, Real-World Issues, Security Policies, Spyware
Hackers, code breakers and some people who want to try out their best interest in the line of penetrating the supposedly well-secured network infrastructures that large business empires have on the web will always be the target of people who want to prove a point on their capacity to override such challenging securities.
To programmers and people who are up to date with technology, such an outlook can be fulfilling to their curious personality aspect but could also be asking for trouble. Breaching security walls is like intruding in high voltage areas where people would never experience a normal life once again once they are caught.
Hackers and code breaking individuals have made it a point to try their hand in determining up to which content they can call themselves geeks or nerds in technology and breaking a password or security id is something that is definitely up for them to consider. But hopefully, they would know the consequences for such as privacy of their lives may eventually become intruded in the future as well.
[tags]hackers, security, network, coding, code breaker[/tags]
Tags: code-breaker, coding, hackers, network, security
Categories: IT Security Basics, Network Security, Physical Security, Privacy & Anonymity, Real-World Issues, Security Policies, Tips
Anyone would often be advised to regularly change his password in any access points such as e-mails, log on servers and websites. Reason for this is to increase the need for security as far as gaining access and safeguarding files and pertinent information that is usually stored.
With the large number of hackers that have been cropping up one by one, various means to steal passwords,also known as phishing, or hack accounts have been their main course of action. While some would disregard such acts, the real pain begins once important messages, attachments and relevant information are tampered. True that some would not need to change passwords regularly, but just to be on the safe side, it is best to maintain a regular schedule of updating password security and make it a combination of numbers and letters to establish a more secure and harder way of being cracked or accessed by anyone today.
[tags]password theft, passwords, hacking, cracks, codes, security[/tags]
Tags: codes, cracks, Cryptography, hacking, IT Security Basics, Network Security, password-theft, passwords, Programming, Real-World Issues, security, Security Policies
Categories: Cryptography, IT Security Basics, Network Security, Programming, Real-World Issues, Security Policies
Electronic mail has become the buzz of the town in recent years and while some use e-mail as a means of cheaper and faster ways of sending messages and files over the Internet, it cannot be discounted that some use e-mail as a form of exploit as well, by send unrecognized files to various recipients who in the same way may not know the harmful effects that such files would bring to their personal workstations.
While there are various means of supplying computer protection such as firewalls and anti-virus protection for single and networked computers, some harmful file just tends to get past them. That is why there are specific softwares used for specific infections, particularly the Trojan developed files that do their work unnoticed.
So the next time you get mail from someone who has an attachment with questionable file name extensions, better think twice before clicking or opening it. It may cause more pain than enjoyment in most cases.
[tags]spyware,malware,trojans,security[/tags]
Tags: IT Security Basics, Malware, security, Security Policies, Spyware, Tips, trojans
Categories: IT Security Basics, Malware, Security Policies, Spyware, Tips
With the vast number of viruses and spyware that most people contract in their everyday
exposure to the web, the need for consistent and reliable anti-virus protection software is the foremost concern of most people. To date, the awareness for such deceiving acts done over the
Internet without the user even noticing it is rampant. Such viruses have caused discomfort and havoc in more cases than one and it has been the battle cry of most security software developers to adhere and answer such miscues that usually occur everyday.
[tags]malware, spyware, virus, security, anti-virus[/tags]
Network and workstation security has always been the subject of most people, especially the vulnerability that most computer stations are prone to. Updates and patches are usually the way to update reliable anti-virus software partners, but in most cases, there will always be a loophole to which hackers and advanced technology harassers would be able to come up with. Hence the needs to find a reliable software partner that can truly protect a workstation from such harmful intrusions evolve and change in time. It is just a matter of being up to date with regards to their reliability and efficiency in providing a safe surfing and exposure level once they are logged on to the World Wide Web.
Tags: anti-virus, IT Security Basics, Malware, Network Security, Programming, Real-World Issues, security, Security Policies, Spyware, virus
Categories: IT Security Basics, Malware, Network Security, Programming, Real-World Issues, Security Policies, Spyware
As it turns out, students in the many fields of IT such as software development are still being taught the lessons of old and not being taught how to pro-actively design software to defend itself from attack. This is the result of a recent survey which shows that many programmers and developers to be are not getting ample courses in integrating security into their systems. They are left to fend for themselves and have to rely on patches to overcome development bugs that could have been fixed before they became problems in the first place.
