Tag Archives: information security

Increase in attacks on Social Networking Sites

http://images.defensetech.org/archives/hack.JPGAccording to the Microsoft Security Intelligence Report, volume 10, there is a steady increase in social engineering attacks in 2010. The data was pulled from Microsoft’s customer base as well as partners and Internet Service providers.

Most of the attempts or attacks are made to churn out the name and password of social networking sites which might be used for other financial sites. As per Microsoft the trend of phishing attacks is shifting from financial sites to social networking sites and gaming sites.

Rogue Security Software

Rogue security software or scareware is designed like legitimate software which when installed on a victim’s machine, generates erroneous alerts and tricks the users to buy more softwares or services.

As per a report on rogue security software by Symantec, it said it received reports of 43 million installation attempts. It is told that it is computer security awareness training programs are the best way to defend against these malicious activities. A few web filtering technologies provided by various vendors also help.

Source: TechTarget

Fraud Prevention Trends in 2011

http://www.tctinvestigations.com/images1/fraud-prevention-services.jpgWith the exponential rise in internet usage online transactions are also increasing; and so is the number of online frauds increasing. Thus the companies not only have to prevent online frauds, but also they have to protect the customer privacy.

According to ThreatMetrix, California based provider of cloud-based fraud prevention solutions, there has been a shift in fraud detection. The shift has been from cookie based identification to utilizing device identification, i.e., detecting returning visitors based on attributes of the device. Also the rules have been improved to use the information to detect spoofed devices and IP addresses as well as sniff out botnets.

Some other trends and predictions in fraud prevention as shared by ThreatMetrix are given as below:

1. Less Reliance on Cookies and Personally Identifiable Information (PII).

As the consumers are becoming more aware of the online frauds these days, they concerned with online privacy. Many of them block or delete cookies themselves or using security software. Hence many fraud prevention solutions are becoming ineffective. Thus there is this shift towards cookieless device identification and device fingerprinting in preventing fraudulent transactions today.

 

2. New Classes of Devices Become Commodities for Fraudsters.

The users use new devices like Smartphone and tablets in which they can hide their IP address and thus eliminate the possibility of detecting the source of transactions.

 

3. Use of Fraud Prevention Solutions Across the Entire Value Chain.

Today’s fraudsters are very smart and hence the threat across the entire value chain in e-commerce continues to persist. Thus the use of fraud prevention software has become very important for the online brands.

 

4. Rise of Online Services and Digital Goods Encouraging Fraud Automation.

The real time online transactions have increased considerably which is now the hot target of online fraud automation and the fraudster can easily automate fraudulent transactions.

 

“Every business that transacts on the Internet needs better automated fraud prevention that doesn’t rely on cookies or personal identifiable information,” said Faulkner. “2011 is the year that technologies like device fingerprinting and collective fraud intelligence in the cloud become mainstream tools for web security and fraud professionals. When fighting a collective problem you need a collective solution.”

 

Source: http://www.securityweek.com/fraud-prevention-trends-2011
image: http://techinvestigations.com

Anti hacking tips for home based online business

http://internetbusinessmastery.com/images/online%20business%20security%20vault.jpgTo protect your computer that makes money over your business is the key focus for one to afford protection. Ecommerce sounds to be the one we choose for comfortable environment that saves times, money and distance to make your business happen with good contacts over people. Dangers that attack one’s computer system starts when we use the same computer for both personal as well as for online business options. As it is found that more number of Home PC’s gets affected with virus attacks.

Hack tips and tricks

Tips on how to hack the system can also help people at critical situations but must be used on a professionally ethical way. Hacking tips are more important that one must learn which is linked to analyze the method of hack tips and tricks one employed by the password hacker and system crackers.

Keep your Business & system secure

OS Alerts: A regular maintenance acts its major part to claim on resolving the warning signs that are alerted by our Operating system on which almost all our Business applications work. Security flaw updates are notified now and then for a quick maintenance, in case of Microsoft Windows Update site can be referred. Ignorance to the Operating system warnings and updates is the first mistake one can do.

Antivirus updates: Keep track of the latest updates that are available in the antivirus program you have installed. This can help you to keep you system protected from the upcoming virus and worms that harm the system as a whole. Keep up the protection level of the antivirus with password setting for safety.

Firewall activation: Secure your in-ward and out-ward communications via firewall software installation to keep of unauthorized internet access. It may not be visible that some unlawful probe and scans happen onto your system. Port scanning is the most common practice that finds the weakness of the system exploitation. Start activation of Firewall, Go to “Start” button, select “Settings” -> Network Connection -> Properties -> Advanced ->click on “Internet Connection Firewall” box

Turn off software preview windows: There are certain worms or viruses that affect your computer without opening any attachment or link onto you system with just a small preview message window, affecting the sensitive data and information. Turning off the preview window can help via Outlook Express with the following steps.

Go to “Menu Bar”, Select – “View”, select – “Layout” then uncheck “Show Preview Pane”.

Email filters: Inbox clearance with swamping junks can be done effectively by the email filters that control the viruses and spasm from harming the system there by cutting down the access time.

image source : http://internetbusinessmastery.com/

The Unhackable Cellphone

Gold Line Group’s Hacker Challenge has a cartoonish James Bond aspect to it that begs a bunch of hard questions, but it also has a deadly serious side.
The Israeli company invited hackers, cyber spooks, and industrial espionage geeks to try breaking its new Gold Lock 3G cell phone encryption system. Anyone who succeeds wins a cool quarter million dollars in gold ingots.
The software, launched in mid-2009, is already used by the Israeli military to scramble field communications. South American moguls are using it to prevent kidnap gangs eavesdropping on their conversations. Life and death stuff.
But Gold Lock 3G, which the company launched in North America late last year, can also be used by organizations just looking to protect trade secrets from prying ears.
Cyber spooks
The software encrypts voice conversations, SMS messages, instant message conversations and file transfers to and from Nokia, Windows Mobile, BlackBerry, and iPhone mobile devices.
Phones at both ends have to be running Gold Lock 3G. List prices start from about $35 a month per device, or $1,700 for a perpetual license.
The software does introduce a level of latency in voice conversations – typically about a second – but the company’s North American channel manager, Douglas Haskins, insists users barely notice or, if they do, adjust easily.
Software such as Gold Line’s takes on added significance now with recent news that a German encryption expert succeeded in breaking the native 64-bit protocols used by GSM carriers to encrypt cell calls.
In the past, says Haskins, industrial spies would have to spend $80,000 or more on specialized equipment to intercept and decrypt cell phone conversations.
Now they can use a laptop and $100 worth of software.
“It could be somebody sitting outside your business or your house – they can be a couple of hundred of yards away, or in a nearby cubicle,” Haskins says. “So it’s very serious. If you’re talking about sensitive information – it’s wide open now.”
Gold Line claims that between 2,000 and 3,000 hackers, including security organizations, have taken a crack at breaking its system. The company bumped the prize from $100,000 to $250,000 in November, and renewed the challenge recently.

Final deadline for breaking the Gold Lock 3G system: February 1, 2010.

All hackers have to do is unscramble a Gold Lock-encrypted conversation that the company intercepted and recorded using commonly available call sniffer technology and posted at its Web site.
(To find out how to participate, see this page at the company’s site.)
On the line
There’s more at stake here than cash, of course. There’s also Gold Line’s reputation.
If someone does decrypt the conversation, the company will have egg on its face – although Haskins tries to spin it otherwise.
“If it happens, [it means] there’s one really smart guy out there – and a lot of hackers are really smart,” he concedes.
“I think if it does happen, the way we look at it is that it gives us the opportunity to make [Gold Lock 3G] that much better. We already have by far the best product out there. We not only have the confidence to issue this challenge, but we’re prepared to take [it] even a step higher.”
Haskins says Gold Lock 3G is superior to comparable products from competitors, such as Cellcrypt because it uses a unique three-layer system.
It starts with automatic handshaking between devices using Diffie–Hellman key exchange protocols. Then the software uses the same AES-256 (Advanced Encryption Standard) used by the U.S. government for top secret communications. Finally, it re-encrypts the already encrypted data using 384-bit Elliptic curve cryptography (ECC).
“It’s just off the charts,” Haskins says of the effort that would be required to break the system. “Even if you could break AES-256, then you’d have to work on the 384-bit [ECC].”
The company claims an independent auditor estimated it would take hundreds of years to break the system using brute strength methods. But encryption systems have been broken before using cleverer techniques.
Are hacker challenges like Gold Line’s anything more than flimsy publicity stunts? How legitimate are they really?
For example, to what extent does putting a four-month time limit on the challenge tilt the board in the developer’s favor. After all, if some cyber snoop breaks the system on February 2, the implications for users relying on the product are just as dire – but with no negative publicity.
And notwithstanding the very attractive prize, has the challenge really brought all the best talent out of the woodwork? Would criminal hackers, for example, risk registering with Gold Line to participate?
And then too, how would we ever know if somebody actually succeeded in breaking the Gold Lock system? Isn’t it possible Gold Line would decide to just pay off the winner and keep it quiet while it fixed the vulnerability?
Certainly the company wouldn’t be stupid enough to stiff a successful hacker, Haskins says. For one thing, participants in effect enter into a contract with the company. Besides, it would be too easy for the person to go public with the information and embarrass Gold Line even more.
“It would cause more damage to try and hide the fact than it would to admit it and fix the product,” he says.
But couldn’t Gold Line make them sign a non-disclosure agreement to get their loot and keep it all on the QT?

Yet another scary thought: if a criminal hacker did participate and succeed, might they decide the information was more valuable on the black market? How much would Al-Qaeda or the Iranian secret service pay to be able to eavesdrop on the Israeli military?

Gerry Blackwell is a veteran technology journalist who writes from Canada, Italy, and Spain