Tuesday, August 7, 2012

"Big Brother"...when will "he" relent?




“BIG BROTHER” is at it again!
Will “big brother” ever relent from invading our privacy, or will “he” ever stop chasing after us?
"Big Brother" - Microsoft pics

There is a popular legend that asserts, “no smoke without fire.” With that said, I am not sure what to think of the news reported by Steve Regan of www.securityweek.com August 3rd, 2012.
The report was about Research In Motion (RIM) disputing the false and misleading information of an Indian newspaper, Economic Times, which published a story claiming that RIM established a datacenter in India to help the Indian government conduct lawful intercepts and searches, and has agreed to give the Indian government access to Enterprise email.
If this was reported in India’s newspaper, it means there is an element of truth to it, which conveys to anyone the possibility of the Indian government wanting to gain access to Enterprise email, but RIM has denied and/or disputing it. The question that comes to mind is, why will the government of any country want to gain access to enterprise email without the consent of the enterprise themselves?
Enterprise email contains private, sensitive, public, and confidential information of employees and the enterprise itself, and allowing “big brother” to have access is a criminal act. Any firm involved in releasing access to enterprise email to “big brother” should be held accountable and face the full wrath of the law.
In my opinion, Enterprise email should be protected by all means possible against the prying eyes of ‘big brother” and any other third party.
It is so infuriating how “big brother” wants to gain control over our public and private lives without looking back. I used to think that, it is only on grounds of criminal conduct or activity that big brother is allowed access, but it seem they are going beyond boundaries. Why?
I am so glad RIM did not cower to the request of “big brother” in India, and I earnestly hope our private affairs stays private from “big brother always.” Way to go, RIM! Thanks for showing a good example, and I hope others will follow suit.
As I said last week, this week is the final of the security series. A big thank you to all my followers and fans who have stuck with me for the past 10 weeks. You are the bomb!
Au’revoir tout le monde! (Goodbye everyone).

Wednesday, August 1, 2012

Has someone been going through your diary?



Have you ever caught your sister or brothers looking through your diary? Have you ever caught a friend going through your belongings at home? Have you caught an employee by your desk going through your drawer? Have you caught a friend going through your locker at school?

Sneak peek - Microsoft picture
If you answered “no” to these questions, congratulations! That shows you put security at the top of your priorities. If you answered “yes” how did you feel? This goes to show how laid-back you are with security; probably your drawer or locker key was kept carelessly or your letter was just dropped in your unzipped bag.
The way you felt when you found out your privacy was invaded, that’s how you should feel when your banks online account, yahoo, Hotmail, Facebook, twitter, MySpace etc. are hacked.
When you use weak passwords for all your online accounts you are invariably saying to everyone, “Come take a look at my account”. Indulging in this act not only put your information on a platter of gold and delivered it into the hands of the hacker; you also put the information of everyone who has ever exchanged very important private information with you in it.
Another act that resembles the one described above is using the same passwords for all your online accounts be it online banking and others like yahoo, Hotmail, Facebook etc. Indulging in this act can be likened to someone who deliberately climbs on a cliff without a safety harness and expects to survive the fall.
If your information means something to you, guard it with all malice. Desist from using weak passwords and same passwords for your online/internet account, because for every account hacked there are countless amount of information associated with your account that will be exposed instantly.
Remember, next week’s blog will be the final of the security updates. Till I see you again next week, be good!

Monday, July 23, 2012

Compromised .com's & email accounts...treasure-trove for hackers?



What is the world turning into? Are we so greedy that we do not allow good ethics and morals to come to bare, but allow ourselves to be unrestrained like loose cannon? I know you are screaming the words, “Morals…? Ethics…? Say something else.”

You are right. In a world where there is a “good reason” to commit crime, ethics and morals are the last thing that comes to mind. It is literally trampled upon. We are now forced to ask the question, “What will they do with the money other than eating, drinking, sleeping, waking up and repeating the cycle the next day?”
Now, I do not think people have embraced the message yet on securing their email account with strong passwords that contains numeric characters (1,2,3), alphanumeric characters (mixture of number & alphabets) alphabetic characters (A, B, C) and symbols (@%*<#>). Maybe in 2030 there will be greater awareness, until then expect more and more hacking news. I am almost lost in thought of this…back to the point.
The latest news was given by Steve Ragon via http://securityweek.com on July 18th, 2012, where he quoted Dancho of Webroot saying, “Recently, I came across a new Russian service offering access to compromised accounts across multiple social networks such as Vkontakte, Twitter, Facebook, LiveJournal, and last but not least, compromised email accounts. What’s particularly interesting about this service is the fact that it’s exclusively targeting Russian and Ukrainian users.”
Oh-oh…wait a minute! “…last but not least…?” Meaning there are countless other networks that have been compromised but are not listed. Good Lord!
As if the email compromise is not enough, they now sell these compromised email data, for how much…? $2.00 = 50 email data and with $6.00 dollars I can have access to 500 Russian Facebook accounts or $7.00 for 500 twitter accounts.
Everyone not caught up in the song being sung daily on securing their accounts with STRONG PASSWORDS are in for a rough ride. Forget the fact that the Russians and Ukrainians are doing this against their very own. What makes you think it’s not happening already in your country? Think again.
Until I see you next week, remain safe. Bye.

Monday, July 16, 2012

An attack is not about, "whose system?" or "why?"; it’s about vulnerability.



Unfortunately, every day, week or month someone will fall prey to the trap of cybercriminals. This month (July 2012) Wikipedia is featured as a chick in the hackers claws.
The magazine “computers” at www.computer.org has Wikipedia as one of its news briefs for the month of July.

Vulnerability comes before an attack - Microsoft pics

It’s no surprise that Wikipedia is the latest web page to taste one of many forms of attack by hackers- Ads injection. Ads are streamed into Wikipedia’s pages, and when people click on these ads mistakenly or intentionally, they get malware downloaded to their systems which in-turn steal their personal information.
In my opinion, it took a long time for Wikipedia to be attacked considering their culture on the net. Wikipedia can actually allow any person entry into anyone’s page and their webpages can be edited. I also see no security in place. I may be wrong though, there might be a form of security is place.
I actually have a page in Wikipedia; it can be located here: eCommerce http://en.wikipedia.org/wiki/E-Commerce_identification_and_identification_types
Do you know anyone and everyone can edit this page?
Fine, it is a given that they can be attacked considering their webpage policy or culture, but what about you and me. Are we security conscious? Do you have strong passwords? Do you have firewalls activated in your systems? Do you have antivirus and antimalware installed?
Some persons even indulge in allowing their browser to save their passwords and browsing history. They even allow add-ons from any site requesting. No! Don’t do that, else you will be setting yourself up for the bad guys to take over the system you or your organization invested so much to set up.
Organizations should forbid their employees or households should forbid their members to allow browsers to remember their passwords or browsing history.
These are little ways you can be protected. But as I pointed out in an earlier blog, security starts with you. If large organizations web pages can be attacked, you are not any different.
An attack is not about whose or why, it is about vulnerability. You may be next if you do not take necessary precaution in securing your organizations web applications or your personal computers.
Until next week when I set my eyes on you again stay hydrated. Bye.

Monday, July 9, 2012

The "messiah" security tool to save us from malware.



Anyone who tries to enlighten the public on how important it is to secure their systems and strictly follow security guidelines/policies should be applauded. In the midst of all precaution handed down to the public in the form of security articles, whitepapers, news etc., we are still searching for the one and only messiah tool to liberate us all from the hands of these cyber thieves.

Fraud Victim- Microsoft pics

How can one explain the mystery surrounding the wiping away of $1.2 million from the bank account of Life Style Forms & Display Inc.?

Their story was published on The Wall Street Journal http://online.wsj.com by Sarah E. Needleman Jul 6th, 2012.

One of the staff of the firm logged on to the website for the company’s bank account, and a supposed virus redirected him to a lookalike site, and he typed the user id and temporary password which was immediately sent to the cyber thief who within minutes transferred the money to a bank account. Fortunately $1.02million was recovered.

These cyber thieves are becoming more brilliant and daring day after day. They are always devising new ways to beat security put in place by firms, and their target these days is against small firms.

Small firms always have an excuse why they cannot invest in viable security tools to help safeguard them against these thieves. Large organizations are not left out. Questions to be asked is don’t they have antivirus, firewall, updated web browser, OS, intrusion detection and prevention security systems in place? Are they following the security policies put in place to curb opening a hole the cyber thieves will take advantage of?

This is a huge warning sign for every one person who owns a computer and uses it to log onto bank accounts and so on, to be on the alert. Web browsers are not perfect; neither is the operating system a computer is run by, nor firewall. Community of interest must collaborate to determine risk controls that are most effective.  The human eyes and wisdom should be applied when working with computers. Don’t click on any suspicious link or suspicious advert, and when you are in doubt about anything web related contact your computer administrator.

This earnestly could have been avoided. The question now is what is the messiah security tool to stop these cyber criminals once and for all? Is there such thing as messiah security tool?

Till I see you again next week.  Don’t forget to drop me a line. Bye.

Monday, July 2, 2012

Fraudsters M.O and how you can be safe.



Goodnews! International Credit Card fraudsters nabbed. Bad news! It won’t curb credit card fraud. That was the news from www.bankinfosecurity.com written by Tracy Kitten on June 29th 2012.

I concur. Credit/Debit card fraud seems to be the easiest bad-guy crime. Those involved with this crime can tell how swift they can get free money but the crime itself is actually at the bottom of the crime-pepetrators chart. Verizon proved this in its data breach report for 2012 which showed malware attack at 95%.

There is what is known as “Lord of crime”, these folks do not concern themselves with “cheap crime” such as credit/debit card fraud. They concern themselves with selling malware (softwares developed for the purpose of compromising information asset) that can send harmful codes to an organization’s vulnerable web applications or network which in turn collects credit card/debit card information and trade secrets which may not be easily traced to them. These are the real criminals.

The modus operandi for credit card fraudsters is so easy: either they hack into an organization’s system (which has been on the increase) through web application vulnerability for the sole purpose of stealing credit/debit card information and then create a cloned copy of those, which they use to get funds from ATM machines or use it for shopping online or they buy credit/debit card information sold to them by cashiers.

Why organizational-level attack is on the rise, is because, employees take their computer home and connect to their home network which might get infected with malware and then they attach same laptop at their work network and get that network hit with malware. Sometimes employees attach their personal devices not recognized by the organization network and these points are open doors for malware attack, especially if they are not at the same level of security as those of the organization.

One open door, one attack and lots of classified and personal information of customers and employees are lost to these fraudsters who in turn smile to the banks via ATMs’ and online shopping.

Be safe from these fraudsters and malware, by registering all computer systems on your company’s network, put restrictions and state penalty for those who attach systems not registered in your organizations network, update your browser, update anti-malware software, be up-to-date with anti-virus software, install intrusion detection/prevention tools to network, attach packet sniffing tools to your network, use encryption tools for classified information, train and monitor employees, create security awareness (using security posters, screen savers) and write policies with people to enforce them. Hopefully you’ll be safe.

Until I see you again next week, remain hydrated and healthy and don’t forget to drop me a line.

Sunday, July 1, 2012

Security begins with you...avoid gigantic embarrassment as this.



Am I asking too much when I say, “change your passwords to something that will be too difficult for hackers to crack”.

If you think securing your email account or social network site account with strong passwords is something too much to ask, you need have a rethink. How would you feel as a manager when you receive a message from a bosom friend telling you they just kissed your wife? (it could be worse than this) I believe you would be talking divorce and ready to kill your friend. Or a message sent from an employees email account to everyone on his contact list saying, "you are all fools, i have been watching you, i hate you". For those who are students; what about a mail sent from your principal saying, “you are the worse kid ever admitted in school and that you are suspended” or vice versa. The list is endless.


That is the exact same thing that happened to the Russian opposition leader who’s twitter account was hacked (www.telegraph.co.uk). One of many messages that was sent to his quarter of a million followers read, “Alexi Navalny is a crook & a thief”.


Did I hear you say seriously? Oh yes! Nobody is too big to escape the wrath of hackers.


Security begins with you. Refrain from using passwords like 1234567Mike or 1234567tina, if you continue with this, you may soon be a victim. Start with a password change and a strong one at that. Example: @dad$$mum$$19 or *mgr@office*13.

These are simple but complicated passwords. A mixture of alphanumeric, numeric and alphabetic characters will do the trick.


Just start from this point and find other ways to secure your system afterwards.


I’ll see you soon, bye.