IT Security Blog

Cyber Wars: A Lost Cause

By

We know for a fact that the battle towards malicious software and viruses released on the web has caused a lot of pain as far as pinpointing and remedying them but apparently nothing has been done to really resolve them. We buy licensed software but we have to ask ourselves on the extent of their coverage. Are they up to date and can they really save us from all these uncertainties of getting online?

Microsoft has been a prime target, being one of the widely used operating systems we know of today. But while Bill Gates and company are doing their part in being able to address the various intrusions and headaches that they can do with a simple click, you just don’t know who to trust these days. Even the software companies have the ability to manipulate and do some foul work and they are occurring right under our very noses.

Security researchers concede that their efforts are largely an exercise in a game of whack-a-mole because botnets that distribute malware like worms, the programs that can move from computer to computer, are still relatively invisible to commercial antivirus software.

So with all these things set on the table, is the cyber world safe for anyone? We can fend off threats but the question is are we resolving the situation or merely providing a temporary solution to the problem? Sad to say, it is the latter. We are content with detecting them but it is really the cleaning and protection part that needs improvement.

Office policies and IT security

By

office compliance

In every office, you have to have some policies when it comes to sharing of files and downloading of files. Why? For one thing, those computers are the company’s resources. And it should be that during work hours, people ought to limit their downloads except for materials that are necessary for their work to get done.

How do you formulate your policies when it comes to these matters?

If you are working in a creative environment, anything could be used as your inspiration. That is why there are companies who allow surfing within office hours and it does not really matter what sites you visit. Although some of them do block some sites that are mainly of the personal nature like Friendster, My Space and other similar sites. There are also some that ban blogging services like Blogger. They would even issue memos regarding the matter.

If you work in a strictly confidential project, it would be difficult to try to make sure that nothing leaks out. If you are connected via the Internet, chances are your works could be intercepted in one way or another by hackers. So you have to be careful that you have firewall activated. As others would say, just block off everything except interoffice email.

Employees must be briefed carefully so that they will not be surprised in case they were surfing the ‘net one time and they find out that there are blocked sites. Also, you have to make sure you observe how the employees work. Those in the financial business would have to guard a lot of information. They would have to ensure that the employees understand the policies and that they would follow them in order to ensure that everything will be secure. After all, it is better to be safe than sorry. You would not want to lose your valuable clients.

Flaws in Domain Name Service Providers

By

If you think a website has problems as far as security issues is concerned then better check out the domain names as well. Why these domain name service providers are the least things that can create problems to network security issues, apparently there are flaws that many would find interesting to hear about.

A large number of network security professionals have been gathered in Las Vegas for the annual Black Hat computer security conference and among the main topics to be discussed include the most anticipated presentation of IO’s Dan Kaminsky regarding flaws in the Domain Name Service software.

The flaw was reportedly discovered quite some time ago but was kept under wraps. So now, the participants over at the Black Hat computer security conference will learn first hand about the details of this flaw.

As a professional, you would think that these issues didn’t even cover domain name handling. But apparently in the world of technology, nothing is excluded. You just never know what to expect and if you value computer and network security, it would be best to cover all aspects starting from your software all the way down to the least expected components of your IT infrastructure. You just never know what could possibly be contracted and it may become a big issue in the long run.

The most anticipated presentation at the show, however, will be IOActive’s Dan Kaminsky when he unveils details of the flaw he discovered in Domain Name Service software. The flaw had been kept under wraps in an attempt to proactively convince major network suppliers and operators to patch the flaw before information about it was made public. Unfortunately, the flaw was leaked to the public on a blog site, and the race was on to patch servers before hackers could exploit the vulnerability.

Source

The Price that Facebook has to Pay

By

Facebook and other popular social networking sites today have another thing to consider and this is concerned with the security risks that they may become susceptible with. Bear in mind, one thing that hackers and malicious-minded geeks want to do is to test the mettle of successful sites and Facebook happens to be one of them today.

Such a task is something that has to be addressed by successful developing companies such as Facebook. With a growing network and rising popularity, hackers and scammers pry on their success to be popular as well. But knowing how much developers have invested in these sites, you can almost be assured that they have thought of that. But considering the level of security is another thing since it only takes one minor flaw to make life a living hell for online and social networking sites.

We have seen sites in the past encounter such problems. While it would be best to avoid waiting to be another victim, Facebook and other social networking sites would do well to make sure they don’t limit their investment in this aspect. After earning millions from successful sponsorships and adsense earnings, the least they can do is put a portion of these earnings into site security.

Social networking sites such as Facebook, MySpace and LinkedIn are fast emerging as some of the most fertile grounds for malicious software, identity thieves and online mischief-makers. And while some of the talks given here at Black Hat, one of the larger hacker conferences in the country, would probably make most people want to avoid the sites altogether, it turns out that staying off these networks may not be the safest option, either.

Source

Secure Your Wireless Networks with Authentication Codes

By

Today, we see a lot of places that have Internet access. And it is not about plugging up your laptop to cables. They are wireless. With that in mind all you need is a Bluetooth adapter that can detect these wireless networks. Normally you can surf away. But for some networks, there are codes that you have to input since not all air born Internet access is free for some places.

They would normally have a common username and password for people to use. Owing to the fact that they can make money from it or make it a privilege from patrons who avail of other services, wireless Internet is really more of an add-on. For others however, it is about security as well as routers in place can be susceptible to malicious files such as viruses which can be injected if some network administrators are not careful.

You really cannot blame such networks from employing such defensive security measures. At the rate that hackers and harmful files can be solicited over the web these days, safeguarding you equipment and files is a definite priority. Internet access through wireless technology is indeed a breakthrough but it also provides a threat for networks that are not careful on who can access them.

Hence, outside that of trying to control the number of devices accessing a network, it is a security measure to configure wireless networks and limit the ones who are given access. There is no telling what things may occur, and normally they are not favorable.

PCI DSS – The Answer to Credit Card Fraud

By

cct.JPG
PCI DSS or short for Payment Card Industry Data Security Standard, is designed as a security protocol that has been agreed upon by industry for applications in Credit card payment systems. Due to ever increasing problems and losses incurred by firms due to credit card fraud they have agreed to implement a data security protocol that encrypts data in transit to the various local card centers. The standard calls for a unified set of rules or parameters to be used in card centers to prevent and maintain security at all levels from the retail store where the data is collected, in-transit as it travels through the internet and as it is processed and stored in the data centers.
IBM has introduced the first PCI-DSS End to End system for implementation on the HughesNet Broadband Network Service. At a time when compliance is at a mere 50% these types of data security become imperative to prevent more losses and other problems associated with fraud and other criminal activities. The standard also applies and recognizes the needs of wireless networks through which a set of analytic and diagnostic processes are required. The PCI Standards Security Council who formulated the said standards are in constant process of reviewing and revising the said set standards as needed due to the ever-changing status of the internet and the business that goes through it.
Around 90% or more of most credit card transactions go through a public network in one stage or another as it makes its way to the central data center which makes it vulnerable to attack. The adoption of cheaper high-speed internet has companies turning to the public net opposed to the previously expensive dedicated T1 lines usually used by businesses. It also allows transaction data to be transferred through one single phone line thus lowering overhead costs making it the better choice for businesses.