Encryption used to be the mainstay of military and other government agencies who need to secure the information they handled preventing anybody who may get access rendering the information useless. Everybody knows about it yet not many use it for the protection of their vital information stores, why? Well there are a hundred reasons why people mistrusts such an extreme measure as encrypting data and one is reliability of technology on which it is used on. Computers as we know have become cheaper and cheaper that has been good on one side but it also raises the risk of failure due to cheaper parts and higher risk for data loss due to failure. I know a lot of people would be going against me on this one but if you have experienced a hard disk crash during my many years of computer use and association with them in my previous line of work as a technical support supervisor, you’d know what I mean.
The technology we have today is of the highest level of quality and technological complexity of the computers I started to work with (386’s and 486’s) but the robustness of these gadgets and gizmos we call peripherals are still quite low except for the extreme types that are too expensive for the ordinary user to afford. Imagine a failed motherboard that has fried circuits, no problem for the hard disks are seldom affected by such incidents. Get the board out and swap it out and you connect the hard disk and you have your data available. Imagine you have a failure in the hard drive itself; you get some software and try to recover that information hoping you get enough of the sensitive files your boss needs in the morning. Now, imagine having a hard disk that was encrypted and had some of its sectors rendered useless, now that’s a nightmare for the encrypted data is useless with the key and the code stored into the hard disk itself.
Archives for May 2008
Government Laptops and Computers get encrypted
Due to the recent problems associated with the loss of government laptops and security breaches such as the incident where the laptop of a Federal Trade Official was reported to have been compromised by reportedly Chinese operatives while on a trip overseas, the US Federal government has begun to encrypt their laptops in hopes of bolstering their security to prevent such security risks in the future. Let us just hope that they do it fast enough for no one wants to get their personal and financial information released online or obtained by enemies of the state (terrorists in layman’s terms). Of the estimated 2 million laptops the US government and the many agencies have, only 800,000 have had the encryption system developed by the Department of Defense and the General Services Administration.
Encryption is one of the most secure way pf keeping data safe from unauthorized access which renders them useless without the proper software or security keys. Comparable to the dial combination on a bank vault, the encryption process turns files onto a useless bundle of information that cannot be read or used for other purposes.
All this effort to boost security of information that is gathered and collated by the various agencies and even private businesses that have ties with the government though contracts have had their computers encrypted to ensure the information they handle and use stays secure and out of the hands of criminals who aim to use them against the government.
Cyber Criminals Use Disaster relief for activities
Shame on you people who capitalize on any means just for that easy buck and depriving help to those who need it most. The US’s C.E.R.T. office that is part of the Department of Homeland Security has acknowledged the existence of fraudulent activities related to the recent disasters in China and Myanmar. These cyber criminals use the disasters as a front to get hold of financial information and other personal data which they use for further criminal activities. The problem has them recommending everybody who wishes to make donations to first check with the Federal Trade Commission’s charity checklist and through other online charity verification facilities such as the Charity Navigator which lists all accredited non-profit organizations that are currently engaged in disaster relief operations in the specified countries.
Many people have been victimized by these cyber criminals who commit identity theft through financial information gathered from fraudulent email and websites through phishing attacks. Once the information is taken, prompt action is needed to avoid the tons of potential problems that can arise from such illegal activities. Measures are in place to freeze bank accounts and other bank financial services once they are reported. The verification systems in place for charities have also provided a lot of help with regards to fraudulent charities and other scams that they have to some extent provided protection for the generous and big at heart who always try to donate for people in need.
Not much can be said of these criminals except for the fact that they exhibit the highest levels of cowardice in their use of the misfortune of others for personal gain. There are a lot of resources available on the internet for verifying the truth of claims and people are advised to take caution when dealing with solicitation letters and such information. Identity theft is continuing to be a pain in the neck for all of us but with proper discipline, the problems associated with such attacks can be avoided and minimized. Shame on You Guys!
ExFeds – Don’t Mess with our Clients
A startup firm named iSekurity has former agents from the various US Federal agencies in their roster is to begin offering Identity theft protection service which may become the start of a new chapter or rather business in the world of industrial espionage and identity theft. These former agents are no strangers to the growing problems associated with identity theft and it is costing money for many US businesses and the people who work for them. From petty credit card fraud to more serious crimes, they’ll tackle them all and they would do it with the same precision and tenacity as they have learned in the service. The President and founder of the company promises to get people who steal identities or give their clients a sum of $11,000 as remuneration for any cases they fail to resolve.
This is in response to growing frustration among people with crimes that have resulted from identity thefts and the company’s crews of over 100 former agents are well versed in the art of surveillance and apprehension.
Private businesses like these, hope to fill in the gap between law enforcement and the public where they can do little to stifle these crimes that often have links to organized crime syndicates. From drug running to many other gang related activities, these guys have done it all. The president of the company was a former Presidential detail to former presidents and has taken the role of leading the Secret Service’s elite CAT or Counter Assault Team. With impeccable records in their former federal duties, criminals have one more group of people to overcome in their endless pursuit of identity theft.
Half a Million IIS Servers Infected with Malware
Panda software, a developer of security systems and anti-virus software has raised the alarm regarding a massive cyber attack on vulnerable IIS Server based web pages. The malware once it gets in re-directs users to malicious sites from totally legitimate web sites. The infection grew from less than half a million infected servers to almost double that which is quite fast for a specific type of malware. Most developers who employ “code scrubbing”, which is removing information as it is saved into an SQL database are easy prey and are the intended target of the massive attack that is still taking place. An I frame is inserted to redirect users to malicious sites that can lead to identity thefts even with the users not knowing about it.
The attack is centered on Microsoft’s IIS web Server in particular ASP pages that have very strong ties to SQL databases. Panda and Fsecure have both identified the hidden code (“) that can be deep in their web pages and advises them to look for the string that re-directs people to other sites. Users and Site Administrators are advised to get all updates from Microsoft to remedy the problem and to halt the spread of this attack once and for all.
All this to bug people who use the web all over the world, in the never ending battle between hackers and those who are up to take them head on.
Unified Communications under Attack…. So Soon!
The move to shift from multi-level communications and incorporating Unified communications such as VoIP and other unified platforms has become the prime targets of hackers who are now turning to IM attacks as their targets. Offices have de-centralized communications and other systems combining them into one system that is capable of handling communications eliminating the need for maintaining several systems each with its specific function. IM or Internet Messaging is cheaper and allows office workers in the field to communicate cheaply with the office and VoIP allows them to communicate cheaply over vast distances.
Unified communications is the next step towards virtualization which is currently being developed and tested by various developers. IM is one of the most convenient means of communications which has the capability to receive mail from all over just as SMS or Text messaging has done in the Mobile Industry. Every user who uses the internet may have one or more IM accounts with the many free mail providers or through their company hosting service. Using the IM allows hackers to send malware, unload their payloads and go on to propagate through the networked system, which if looked at from a business perspective crippling one of the vital communications links. There are still mobile phones and other means communications but being ever present at every desktop, any unsuspecting user can download malware without proper intrusion prevention and detection systems in place. Mobile phones have also suffered attacks from malware that is designed to attack stripped down versions of popular Operating systems, the forays of hackers into unified communications may mean they are keeping pace with the development of new technologies as fast as businesses adopt them and accept them as just part of the game.