IT Security Blog

Biometrics + Physical security = Next best thing to unbreakable?

By

bio.jpg
Biometrics is seen as the next step in computer systems security and access control due to the failure of more primitive and fundamental security systems. Fingerprint scanners, passwords, security keys and even smartcards have failed miserably in providing the ultimate and most secure intrusion prevention method for just about anything. From your home, car, computer terminal at work to just about anything else that needs security, it has be come more and more of a must due to the increasing threat of identity theft and other computer related crimes in and out of the workplace.

Biometrics are security systems that are based on the differences the human body manifests in terms of eye structure, facial features and now vein geometry. We’ve all heard of DNA or the so-called blueprint for life and the way it makes each and every human different from everyone else on this earth (well, except for some genetic disorders and diseases that changes the DNA makeup). That is what biometrics takes advantage of as a source of a very unique key or method of identifying one from another person.

Your fingerprint is mapped when it is initially scanned into a computer system which convert’s your analog (actual) print into a digital map that is as unique as you are an individual. Iris scanners take into account the differences the iris has from each and every individual (through the use of a low powered light and scanner to obtain a picture of the eye’s iris which is also unique). Voice recognition takes into account, the differences our voices have from everybody else also converting it into a digital map or password of sorts. Vein geometry, uses a thermal imaging camera to take a picture of your hand or whole body which is sensitive to heat showing all the blood vessels which show as hotspots thus giving you a unique id of sorts as that is also mapped and converted into digital form. All of the above biometrics systems rely on our individual differences which are quite unique to us and add onto it, other more basic security measures such as a physical key (password, key or other devices) to give the ultimate security system preventing intrusion.

A Few Tips to Avoid Phishing

By

phishing example Chances are that when you open your inbox today you’ll find an e-mail claiming to be from your bank, an e-commerce site, or another online site you’ve visited. They might offer you an upgrade to your account, inform you that there’s been changes to their, and asks you to verify your account information. This could be a phishing attempt to get sensitive information like your personal information or passwords. Fortunately, you can avoid getting scammed by taking these precautions:

  • Be suspicious of any email with urgent requests for personal financial information. Phishers are getting more sophisticated in their attempts, so even if an e-mail appears to be legitimate, look for proof that it came from your e-commerce company. They should be personalized and carry information that only you and your company would know. They might show partial account numbers or other verification tools.
  • Use anti-virus software and a firewall, and keep them up to date. Phishers sometimes include script that can track your activities on the internet without your knowledge.
  • Never use the links in an e-mail to go to any webpage. Phishers will redirect you to a bogus site to trick you into logging in your account number and password. Log onto the website by typing in the web address to your browser. At the same time, never call any numbers in the e-mail. It could lead you to a VoIP provider that isn’t connected to your company at all.
  • Never fill out forms in e-mail messages asking for your personal financial information. Your e-commerce company would never ask you to send sensitive information in that manner.
  • Check your bank, credit, and debit card statements regularly to see if all your transactions are legitimate. Report any suspicious withdrawals immediately.
  • Finally, report the phishing attempt you received to your company and other anti-phishing groups.

[tags]phishing,spam,spoof emails,indentity theft,pharming,spam filtering[/tags]

Be Careful of Hyperlinks in Messages

By

We all know that some people using the web for success are desperate and regardless if the message comes to you via email, comments or an instant message, do not click! It is easy to spot suspicious messages. For one, if there is no sane explanation on why you should check it out, refrain from doing so. The difference between clicking may make the difference as far as safety and security for your computer or workstation is concerned.

For most, this may seem redundant. Who in his right mind would click a link gone unsolicited? Well that is true but we forget to consider that not all people are aware of the benefits and dangers that await them on the web.

Just like in modern society, you can expect some tactics that can really deceive you. They are not obvious and in fact can come in any from. In fact, you can even get them from friends who may think that such links to site as harmless. Leading the pack for suspicious links would include:

1. Free software links
2. Files or Images
3. Money making scheme programs
4. Unsolicited Sign Ups

Of course, you would have to consider, to get people to click on links, it has to be entirely in their interest. For most, it is too tempting to resist. Especially if you have not encountered them or have been educated of these threats, chances are you may experience them first hand and may become a forgettable one for overlooking the value of security on the web.

Cyber Criminals Use Disaster relief for activities

By

onlinefraud.jpgShame on you people who capitalize on any means just for that easy buck and depriving help to those who need it most. The US’s C.E.R.T. office that is part of the Department of Homeland Security has acknowledged the existence of fraudulent activities related to the recent disasters in China and Myanmar. These cyber criminals use the disasters as a front to get hold of financial information and other personal data which they use for further criminal activities. The problem has them recommending everybody who wishes to make donations to first check with the Federal Trade Commission’s charity checklist and through other online charity verification facilities such as the Charity Navigator which lists all accredited non-profit organizations that are currently engaged in disaster relief operations in the specified countries.
Many people have been victimized by these cyber criminals who commit identity theft through financial information gathered from fraudulent email and websites through phishing attacks. Once the information is taken, prompt action is needed to avoid the tons of potential problems that can arise from such illegal activities. Measures are in place to freeze bank accounts and other bank financial services once they are reported. The verification systems in place for charities have also provided a lot of help with regards to fraudulent charities and other scams that they have to some extent provided protection for the generous and big at heart who always try to donate for people in need.
Not much can be said of these criminals except for the fact that they exhibit the highest levels of cowardice in their use of the misfortune of others for personal gain. There are a lot of resources available on the internet for verifying the truth of claims and people are advised to take caution when dealing with solicitation letters and such information. Identity theft is continuing to be a pain in the neck for all of us but with proper discipline, the problems associated with such attacks can be avoided and minimized. Shame on You Guys!

Financial Institutions – Prime Phishing Targets

By

bankphishing.jpgBanks and other financial institutions are the most attacked institutions in the world which accounts for millions in losses according to RSA, one of the IT Industry’s leading security firms. The rise has been foreseen and predicted for many years yet banks are simply not taking it too seriously. Phishing involves the leeching of client information from bank networks for use in scams and fraud. This type of attack sits next to identity fraud and credit card fraud as the most expensive financial loss generators for the banking industry. The phishing attacks target mostly US based firms with the UK ranking second. Many countries are following as targets for phishing by hackers who aim to use the information they obtain for personal gains.
The banking industry is considered to be one of the most secure and IT dependent industries in the world but the diversity and sheer number of attacks is taking its toll on their systems prompting them to take notice. Credit Card fraud alone accounts for billions in losses worldwide that is suffered by financial institutions adding to that the newer types of attacks making it an IT Security Managers worst nightmare. In Europe, Germany is hailed to be the financial hub in the region yet it has managed to repel attacks which isn’t the same with it’s other neighboring countries. More strict legislation might be needed to deter criminals who now opt to use computers rather than a gun which is safer and involves less effort.
The Credit card Fraud problem is being addressed by the implementation of PCI DSS which is to secure and prevent hackers from getting card customer information while it is in transit over the network. The attacks now focus on more public domain which is the internet through social networks which is where most phishing attacks usually occur.

IT Security – the main concern for 2008

By

itsecurity.jpgMany have been victimized by identity theft and no other area has been so affected as the banking industry. Investment in upgrading and purchasing newer technology and software is one of the most expensive costs for the banking sector which has one of the highest losses when it comes to IT security. Banks and other financial institutions are expected to pour billions of dollars into buffing up their defenses in hopes of staying one step ahead of fraudulent claims and users. The culprit, the internet, the internet has become one of the most dangerous territories on earth for anywhere financial information is transmitted and used, it can be intercepted and misused. True to the dilemma, health industry leaders have also begun to recognize the rising costs associated with identity theft related medical claims. This has already been in the forefront of the battle in the US and is fast spreading around the world and company after company is falling victim to the said crime. The internet also makes it easy to get away with the crime for use of public access which can be traced but the user may be any of the millions of users at one time. Hackers can also turn to call bouncing options which is more akin to spy movies but is really possible. The banking industry has long been a target of ID theft more so in their credit card divisions where billions are lost annually to fraudulent claims and use. Technology is the only security these establishments have as defense but technology as we know it costs a lot but there may be no other choice for them. Buy or bust is the dilemma and they are surely buying.