Jul 13 2011
Do US companies do enough for their cyber security?
IT Governance Ltd, the ISO27001 and information security experts have reported that they are making a number of free resources available for download from their US website to help US companies meet the challenges of increased cyber crime.
July 12, 2011 /24-7PressRelease/ — IT Governance Ltd, the ISO27001 and information security experts have reported that they are making a number of free resources available for download from their US website (www.itgovernanceusa.com) to help US companies meet the challenges of increased cyber crime. This week the company has published a white paper on cyber security which can be downloaded from here http://www.itgovernanceusa.com/cyber-security.aspx
Cyber security has become an issue for every nation in the world. In the US over the last 3 months there have been data breaches against high-profile organizations including Fox, Sony, Gmail, the IMF (International Monetary Fund) and major government departments. Two weeks ago, the Arizona State Police again became the victim of a cyber attack. The hack was announced on Twitter less than a week after a previous attack from Lulz Security.
US companies need to do their utmost in order to defend themselves form hackers and protect their information assets. At present, key changes in the US legislation are being discussed, and sooner or later, it is likely that strict data security measures will be imposed on organizations, which they will need to comply with. Organizations who do not act now may face serious fines in the future or even become the subject of a class action lawsuit, if the loss of customer’s data is established. Such was the case with Sony in April when a Canadian Play Station Network (PSN) user claimed damages in excess of $1 billion. This followed another lawsuit filed by an American PNS user. The consequences for companies compromising customers’ data can be severe, leading to both big financial implications and reputation damage.
IT Governance, which specializes in cyber security and compliance solutions, has published a white paper on their US website that provides information on some of the key developments US companies and their directors or IT managers need to be aware of in order to protect their business from cyber attacks. The white paper can be downloaded for free here: http://www.itgovernanceusa.com/cyber-security.aspx
Alan Calder, CEO of IT Governance, comments, “There are a few essential steps that organizations should be following if they are to implement an effective security strategy. Most organizations would only take certain measures if they are given the reasons why they should be doing this and know that their investment of time and money is worth. What is a more convincing reason than the data breaches we all witness? At IT Governance, we not only advise customers what should be done, but also provide guidance and solutions to their problems. We have the most comprehensive range of resources across a number of areas, from books and toolkits through to e-learning and software tools.”
US companies can be doing more than taking partial measures to fight cyber crime. Implementing best practice in information security management has become the most popular approach to tackling cyber security; demonstrating to both customers and business partners that an organization is working to the highest standard. Accredited certification to ISO27001 gives an organization internationally recognized and accepted proof that its system for managing information security – its ISMS or cyber security readiness – is of an acceptable, independently audited and verified standard. Everything US companies need to know about ISO27001 is explained on this website: http://www.27001.com
Jun 22 2011
President lays out cyberwar guidelines, report says
President Barack Obama has developed guidelines for how the U.S. should respond to–and initiate–cyberattacks, the Associated Press is reporting.
Citing anonymous defense officials, the news service claims the guidelines include a wide range of cyberwar efforts to be employed by the U.S. during both peacetime and when conflicts are underway, including installing viruses on international computers and taking down a country’s electrical grid.
According to the Associated Press, the guidelines also allow for defense officials to transmit code through another country’s network to ensure the connection can be made. Though it wouldn’t necessarily carry a dangerous payload at the time, that connection could be used in the future if an attack was authorized on the specific country.
The Associated Press’ report on the president’s cyberwar guidelines comes just a week after the Chinese military called on its government to invest in more defense against the U.S.
“The U.S. military is hastening to seize the commanding military heights on the Internet, and another Internet war is being pushed to a stormy peak,” the Chinese military wrote in its official newspaper, Liberation Army Daily. “Their actions remind us that to protect the nation’s Internet security, we must accelerate Internet defense development and accelerate steps to make a strong Internet army.”
Read remaining post @ The Digital Home:
Jun 15 2011
LULZ Security Hacks CIA Website!
“Tango down – cia.gov – for the lulz,” the group, which had earlier claimed responsibility for hacking into the websites of the U.S. Senate, Sony, Nintendo and Fox News, wrote on its Twitter feed.
“While some people think this is a fun game that can also help point out corporate security weaknesses, the truth is that companies and innocent customers are – in the worst cases – having their personal data exposed,” Sophos senior technology consultant Graham Cluley said.
“There are responsible ways to inform a business that its website is insecure, or it has not properly protected its data – you don’t have to put innocent people at risk. What’s disturbing is that so many internet users appear to support LulzSec as it continues to recklessly break the law.”
http://www.youtube.com/watch?v=AozrqppyEf0
Cyber War: The Next Threat to National Security and What to Do About It
Jun 14 2011
Hacker Groups Attacks US Senate WebSite
Image via Wikipedia
US Senate Hacked! “We Don’t Like The U.S. Government Very Much” LULZ Security
The video states some reasons in significant rise of hack attack by Lulz Security on US information assets including critical assets (US senate) which is a growing threat to national security.
Leon Penetta warned in last week hearing that next Pearl Harbor might very well be a cyber attack which may affect power grid, financial system or government system.
“The Computer systems of exective branch agencies and the congress were probed or attacked on an average of 1.8 billion times per month last year” Sen. Susan Collins (R-ME)
http://www.youtube.com/watch?v=aFD3W6LhO04
Cyber War: The Next Threat to National Security and What to Do About It
Jun 08 2011
In cyberspy vs cyberspy, China has the edge
Image via Wikipedia
By Brian Grow and Mark Hosenb
WASHINGTON: As America and China grow more economically and financially intertwined, the two nations have also stepped up spying on each other. Today, most of that is done electronically, with computers rather than listening devices in chandeliers or human moles in tuxedos.And at the moment, many experts believe China may have gained the upper hand.
Though it is difficult to ascertain the true extent of America`s own capabilities and activities in this arena, a series of secret diplomatic cables as well as interviews with experts suggest that when it comes to cyber-espionage, China has leaped ahead of the United States.
According to US investigators, China has stolen terabytes of sensitive data — from usernames and passwords for State Department computers to designs for multi-billion dollar weapons systems. And Chinese hackers show no signs of letting up.
“The attacks coming out of China are not only continuing, they are accelerating,” says Alan Paller, director of research at information-security training group SANS Institute in Washington, DC.
Secret US State Department cables, obtained by WikiLeaks and made available to Reuters by a third party, trace systems breaches — colourfully code-named “Byzantine Hades” by US investigators — to the Chinese military. An April 2009 cable even pinpoints the attacks to a specific unit of China`s People`s Liberation Army.
Privately, US officials have long suspected that the Chinese government and in particular the military was behind the cyber-attacks. What was never disclosed publicly, until now, was evidence.
US efforts to halt Byzantine Hades hacks are ongoing, according to four sources familiar with investigations. In the April 2009 cable, officials in the State Department`s Cyber Threat Analysis Division noted that several Chinese-registered websites were “involved in Byzantine Hades intrusion activity in 2006.”
The sites were registered in the city of Chengdu, the capital of Sichuan Province in central China, according to the cable. A person named Chen Xingpeng set up the sites using the “precise” postal code in Chengdu used by the People`s Liberation Army Chengdu Province First Technical Reconnaissance Bureau (TRB), an electronic espionage unit of the Chinese military. “Much of the intrusion activity traced to Chengdu is similar in tactics, techniques and procedures to (Byzantine Hades) activity attributed to other” electronic spying units of the People`s Liberation Army, the cable says.
Reconnaissance bureaus are part of the People`s Liberation Army`s Third Department, which oversees China`s electronic eavesdropping, according to an October 2009 report by the US-China Economic and Security Commission, a panel created by Congress to monitor potential national security issues related to US-China relations.
Staffed with linguists and technicians, the Third Department monitors communications systems in China and abroad. At least six Technical Reconnaissance Bureaus, including the Chengdu unit, “are likely focused on defence or exploitation of foreign networks,” the commission report states.—Reuters
Cyber War: The Next Threat to National Security and What to Do About It
Related articles
- PRC and USA in ‘Heated Cyber-Espionage Battle’ (infosecurity.us)
- WikiLeaks Cable about Chinese Hacking of U.S. Networks (schneier.com)
Jun 02 2011
Google blaming Chinese hackers for security breach
Image via CrunchBase
For the second time in 17 months, Google is pointing its finger at China for a security breach in one of its systems.
This time, Google says Chinese hackers were responsible for breaking into the personal Gmail accounts of several hundred people _ including those of senior U.S. government officials, military personnel and political activists.
The latest cyber attack isn’t believed to be tied to a more sophisticated one that originated from China in late 2009 and early last year. That intrusion went after some of Google’s trade secrets and triggered a high-profile battle with China’s Communist government over online censorship. (AP, ccg)
This seems pretty intrusive and targeted incident. I’m curious, what is a threshold trigger for declaring a cyber war between two countries. I understand this was not a very prolong incident but these small incidents here and there can certainly achieve some long term objectives for the other side. It is very difficult to prove the correct source of these incidents in the wild west of internet and also there is a lack of international law to pursue these cases as a criminal offense.
Apparently the pentagon recently concluded that computer sabotage can constitute an act of war and justify the use of military force, the wall street journal reported this week.
Well before the use of military force you have to prove beyond reasonable doubt that you are targeting the correct culprit nation. Well if this is the criteria to declare a war against other nation we better buy a good error and omission insurance. In cyber world it hard to prove and easy to spoof, where some groups will be eager to setup an easy victim to justify the use of military force…
Clinton: China hacking charge “Vey Serious”
Cyber War: The Next Threat to National Security and What to Do About It
Related articles
- China rejects Gmail spying claims (bbc.co.uk)
- ‘China hackers’ hit Google e-mail (bbc.co.uk)
May 30 2011
California computer glitch releases violent criminals
RT.com
Gang members, sex and drug convicts, and more were accidentally released from California state prisons after computer software designed to reduce prison numbers encountered a glitch.
Around 450 dangerous inmates were let go unsupervised onto the streets of California, the state’s inspector general confirmed.
A glitch in software lead to prison officials accidentally releasing “high risk of violence” inmates from jails as opposed to low risk inmates set for release to elevate the crowded prison system.
In addition, over 1000 inmates deemed high risk for drug and property offenses were also mistakenly released.
The information comes after the US Supreme Court upheld a lower decision and ordered California to alleviate prison overcrowding by releasing prisoners or building more prisons. The decision gives State prison officials only two years to cut the 143,335 prisoner count by around 33,000 either by reductions, new programs outside of prisons or constructing new prisons within the state.
According to Renee Hansen, a spokesperson for the California inspector general, no attempts have been made to find or return the former inmates to prison or at least place them on supervised parole.
The computer error placed all of those who were released on ‘non-revocable parole’ which means they do not have to report to parole officers. It also means they are free to live their lives and can only be sent back to jail if they are caught committing a new crime.
The software was not designed to be discretionary based on the history of inmates and issues releases without consideration to their crimes or their risk of re-offending. It uses a database of arrests that does not correlate information regarding convictions and the facts surrounding a case.
Effective Physical Security, Third Edition
May 16 2011
Your Security For Your Personal Finances
by Consumer Reports
Threats to Your Personal Finances and Six ways to Stay Safer
Banking from a public computer
Keylogging malware that can capture account numbers, passwords, and other vital data is a risk that has been linked to use of open Wi-Fi connections and public computers such as those in hotel lobbies.
Using unfamiliar ATMs
Thieves have been known to put out-of-order signs on a legitimate ATM and set up nearby freestanding bogus ones that “skim” data from your card. ATMs located inside banks within view of surveillance cameras aren’t risk-free, but they pose more challenges for crooks installing skimming equipment.
Two other important pieces of advice related to ATMs: Separate your PIN code from your ATM or debit card. Almost 1 in 10 people carry their code with the card, says ACI Worldwide, a payment systems company. And when typing your PIN into an ATM or card reader, use your free hand to shield the keypad from the view of hidden cameras or anyone nearby.
Dropping your guard at gas pumps
Card-skimming at gas stations is likely to increase during summer months, especially in vacation areas, so use cash or credit cards at the pumps if possible. If you must use a debit card, select the option to have the purchase processed as a credit-card transaction rather than typing in your PIN.
Ignoring your credit or debit cards
Monitor your accounts at least weekly to spot and report unauthorized transactions as soon as possible. Use services offered by your bank or card issuer that can help protect you, such as an e-mail or text alert if a transaction occurs for more than a certain amount.
Abandoning your receipts
Many transactions, such as filling up your tank and making a debit-card withdrawal, leave a paper trail. Don’t toss away receipts in the ATM lobby or leave them at the gas pump. Hold on to them until your transactions have cleared your bank account to make sure the totals match. Then shred the receipts if they have any information a thief might use.
Trashing your bills
Thieves harvest sensitive data from account statements and other financial documents placed in the trash and use them for ID theft, says Inspector Michael Romano of the U.S. Postal Inspection Service. Shred them first.
6 Ways to Stay Safer
1. Watch out for imposters
The fastest-growing scam in the past year has been imposter fraud, according to the latest annual report on consumer complaints from the Federal Trade Commission. Thieves claiming to be someone they’re not (such as a friend or relative stranded overseas in need of cash to get home, a bill collector, or an employee of a government agency) use Facebook messages, e-mail, phone calls, and text messages to persuade people to send money or divulge personal information such as Social Security or account numbers. Last year, 60,000 people reported that they were affected by this form of fraud, up from just five cases reported in 2008.
2. Learn to parallel park
Car thieves are becoming more professional. They’re stealing new cars by putting them on a flatbed tow truck, our expert says. Parallel parking hinders access to the front and rear of your car, making it difficult to tow. Also, be careful about whom you bump into at the grocery store, especially if your car has keyless entry and a push-button ignition. A thief with an antenna and a small kit of electronics can transmit your key’s code to another thief standing near your car, allowing him to open it, start it, and drive it away.
3. Hide the stuff in your car
Don’t leave electronics and other valuables visible inside your car. GPS units are less of a magnet these days; cell phones and laptops more so. Holiday gifts are a big target, so don’t stack them up in the backseat. Is there a worse move? Yes. Leaving your stuff in the back of a pickup truck.
4. Change your PIN
Make it a habit to routinely change the secret code for your debit card or ATM card. That gives you better protection against any thieves or skimming schemes.
5. Keep a financial inventory
Once a year take out all of the cards in your wallet, make a list of the account numbers and contact information you’ll need to cancel cards if they become lost or stolen, and hide it in a safe place, says Mark Rasch, a former Department of Justice computer-crime prosecutor who is a director at CSC, a business technology firm based in Falls Church, Va.
6. Change your Wi-Fi password
If you have a home wireless network, choose the highest-security option. That way your Web-browsing and financial transactions will be more protected. Go a step further and create your own administrative password rather than rely on a default password supplied by the router.
Related titles to protect your personal & private information
8 ways to protect your Facebook privacy
May 06 2011
NSA publish list of recommendations for Keeping Networks Secure
Image via Wikipedia
‘Best Practices for Keeping Your Home Network Secure’ is a new guide published by the National Security Agency. This document provides home users directions for keeping their systems secure and protected.
Users are faceing lots of security issues now a days, and trying to apply all the required security measures is complicated due to the fast pace of changes in technology and new vulnerabilities that may leave them open to new attack. Thess controls are industry best practice and mitigate most risks to safeguard your information assets.
The document is divided in 4 parts:
■ Host-Based Recommendations:
■ Network Recommendations:
■ Operational Security (OPSEC)/Internet Behavior Recommendations:
■ Enhanced Protection Recommendations:
To be safe on the internet, use these recommendaions as a best practice to reasonably safeguard your information assets. These best practice information controls may also help you to invest wisely and justify cost on security.
Related articles
- NSA Advises Upgrade To Windows 7 (it.slashdot.org)
NSA titles for IAM and IEM implementation and certification
Apr 29 2011
Top Five Hollywood Hackers Movie
Image via Wikipedia
In movies the hacker tries to hack into a Department of Defense computer by speed-typing passwords. We all know reality is nothing like this and we see it as the joke that it is.
But business management don’t see the inherent risks as affecting business bottom line but a hindrance to another new project; they don’t see the research, the probing, the social engineering, risk impact, risk probability and overall risk as security professional do. It is our job as a security professional to show the risks in business terms to management so they can make a reasonable decision based on business risk threshold rather than emphasis on hinderance to bottom line. Remember the return on investment in security is part of doing business, it’s about reducing risks on ongoing basis and keep the company profitable on long term basis (keep making the money).
Emphasize management’s accountability for the risk and most importantly for residual risks (remaining risk after implementing a control). Put the onus on the Information Asset Owner who should be at the management level not a technical staff (may delegate responsibilities in small companies). Make clear recommendations but let them make the key decisions AND make them accountable if things may go wrong.
So yes, management is more impressed by flash and glamour, Because they know and good at analyzing the business risks but take the security risks as business inhibiting to their new project and may like to accept the risks rather than taking the time to address the issue which should be a corrective control to mitigate the existing risk to acceptable level.
What do you think – Do the Hollywood movies add any value in a sense to emphasis the information security risks as a threat to business folks or they just fictional stories which make business people ignore the information security threat?
Which one is your favorite hacker movie….
Below are the top three hackers movies
3-Hackers, 2-Untraceable, 1-WarGames
Mar 28 2011
McAfee report: Cyber thieves target firms’ secrets
Alex O’Donnell and the 40 CyberThieves
sfchronicle.com by Marcus Chan
Social Security numbers and other personal information have been popular targets by cyber crooks. But a new report says thieves have shifted their focus to corporate data such as trade secrets and marketing plans, making it the “new currency” of the underworld economy.
The report, based on a global survey of more than 1,000 senior IT workers, follows recent headlines of hacker attacks on Nasdaq OMX Group, RSA Security and energy companies.
When it comes to these targeted attacks, many companies have taken the approach that “it won’t happen to us, and if it does, we’ll just pay for it then,” said Simon Hunt, a vice president and chief technology officer at McAfee, which is based in Santa Clara. “What’s become evident over the past year is that it’s happening more than people expected.”
McAfee, which sells cyber security products and services, authored the study with SAIC, a scientific and engineering company that works with national security agencies.
The potentially bigger payday from selling stolen proprietary data, along with the trend of businesses putting more of their information in the cloud, have made intellectual capital a bigger target, the report said.
To illustrate the impact of these targeted attacks, the report noted how a quarter of the companies said a data breach – or the serious threat of one – caused them to either stop or delay a merger and acquisition or a new product rollout.
The survey also found that when an organization suffers a data breach or loss, only 3 out of 10 report all such instances to government agencies or authorities, or stockholders. About 6 out of 10 “pick and choose” the incidents they report.
“Companies certainly aren’t doing all the reporting they should or that I think most people would like them to,” said Scott Aken, vice president for cyber operations at SAIC.
Businesses are also “generally trying to store their data in locations where they’re offered the best ability to pick and choose whether they have to notify (about) a breach or not,” he added. “Some countries’ laws are set up in such a way that maybe they don’t have to report.”
Further obscuring the full picture of data theft is the fact that many companies may not even realize they’ve been breached.
“Malware is really clever, hides itself well and is hard to detect,” said Fred Rica, a security expert and principal at PricewaterhouseCoopers. “We still see a lot of clients where we find evidence of a breach on their network, but they just didn’t know.”
Rica also said that amid cyber criminals’ efforts to steal intellectual capital, he’s still seeing a huge amount of personally identifiable information, such as credit card numbers, being stolen.
Among the report’s other findings:
— Lost or breached data cost companies more than $1.2 million on average. That compares to less than $700,000 in 2008, when a similar study was done.
— In the United States, China and India, organizations are spending more than $1 million a week on protecting sensitive data abroad.
— Employees’ lack of compliance with internal security policies was considered the greatest challenge to securing information.
As for the outlook, Aken of SAIC expects to see more of these sophisticated attacks.
“We’ll continue to see very well-coordinated attacks against big companies that have good security postures in place,” he said.
Mar 24 2011
Federal Cyber Attacks Rose In 2010
Image via Wikipedia
Federal Cyber Attacks Rose 39% In 2010
Cyber attacks on the federal government increased in 2010 over the previous year, even though the total number of cybersecurity incidents was down overall, according to a new report from the Office of Management and Budget (OMB).
There were 41,776 reported cyber incidents of malicious intent in the federal network in 2010 out of a total 107,439 reported to the United States Computer Emergency Readiness Team (US-CERT), according to the OMB’s fiscal year 2010 report on federal implementation of the Federal Information Security Management Act (FISMA). The number represented a 39% increase over 2009, when 30,000 incidents were reported by the feds, of 108,710 attacks overall, according to the report.
To read more on Federal Cyber Attacks Rose 39% In 2010
Richard Clarke: U.S. Chamber committed felony in ChamberLeaks scandal
Mar 19 2011
Computer security and crime prevention tips for businesses
Top Ten Tips™: Computer Security
By SDPD
Computer crimes involve the illegal use of or the unauthorized entry into a computer system to tamper, interfere, damage, or manipulate the system or information stored in it. Computers can be the subject of the crime, the tool of the crime, or the target of the crime.
As the subject of a crime, a criminal would use your computer or another computer to willfully alter the information stored in your computer, add fraudulent or inaccurate information, delete information, etc. Motives for this include revenge, protest, competitive advantage, and ransom.
As the tool of a crime, a criminal would use a computer to gain access to or alter information stored on another computer. In one common mode of attack a hacker would send a “spear phishing” e-mail to employees who have access to the business bank account. The e-mail would contain an infected file or a link to a malicious website. If an employee opens the attachment or goes to the website, malware that gives the hacker access bank account log-ins and passwords would be installed on the computer. The hacker would then have electronic payments made to accounts from which the money would be withdrawn. Criminals also use computers to commit various frauds and steal identities and other information.
As the target of a crime, computers and information stored in them can be stolen, sabotaged, or destroyed. Sabotage includes viruses, malware, and denial-of-service attacks. Trade secrets and sensitive business information stored in computers can be lost in these kinds of attacks.
Your computers and the information in them should be protected as any valuable business asset. The following tips deal with physical and operational protective measures, Wi-Fi hacking and hotspot dangers, personnel policies and employee training, anti-virus and spyware protection, protecting your bank accounts, use of social media, preventing and dealing with data breaches, and safer use of the Internet. For more details see National Institute of Standards and Technology (NIST) Interagency Report NISTIR 7621 entitled Small Business Information Security: The Fundamentals, dated October 2009. It’s available online under NIST IR Publications on http://csrc.nist.gov.
Also, consider joining the FBI’s InfraGard, a partnership with the private sector with the goal of promoting an ongoing dialogue and timely communications between its members and the FBI. Its members gain access to information that enables them to protect their assets from cyber crimes and other threats by sharing information and intelligence. Go to www.infragard.net to apply for membership.
To read more on this article: Crime News: Computer security and crime prevention tips for businesses
Top Ten Tips: Computer Security
Mar 16 2011
Hacking Cars with MP3 Files
by Bruce Schneier
“By adding extra code to a digital music file, they were able to turn a song burned to CD into a Trojan horse. When played on the car’s stereo, this song could alter the firmware of the car’s stereo system, giving attackers an entry point to change other components on the car.”
Impressive research:
To see all the comments on this posting on Hacking Cars with MP3 Files
The latest most devastating hacks and possible countermeasures
Mar 13 2011
Lessons from Anonymous on cyberwar
Image via Wikipedia
By Haroon Meer
A cyberwar is brewing, and Anonymous reprisal attacks on HBGary Federal shows how deep the war goes
“Cyberwar” is a heavily loaded term, which conjures up Hollywood inspired images of hackers causing oil refineries to explode.
Some security celebrities came out very strongly against the thought of it, claiming that cyberwar was less science, and more science fiction.
Last year on May 21, the United States Cyber Command (USCYBERCOM) reported reaching initial operational capability, and news stories abound of US soldiers undergoing basic cyber training, which all point to the idea that traditional super powers are starting to explore this arena.
Recent activities with one government contractor and Anonymous, however, show clearly that cyber operations have been going on for a long while, and that the private sector has been only too ready to fill the cyber mercenary role for piles of cash.
To read the remaining article and Anonymous vs. HBGary
Feb 17 2011
RSA conference looks at online vulnerability
By James Temple
The hottest trends in technology also represent some of the gravest threats to corporate data security.
Mobile devices, social networking and cloud computing are opening up new avenues for both cyber criminals and competitors to access critical business information, according to speakers at this week’s RSA Conference 2011 at San Francisco’s Moscone_Centerand a survey set for release this morning.
The poll of 10,000 security professionals, by Mountain View market research firm Frost & Sullivan, also concluded that corporate technology staffs are frequently ill prepared to deal with many of the new threats presented by these emerging technologies.
“The professionals are really struggling to keep up,” said Rob Ayoub, global program director for information security research at Frost & Sullivan.
Businesses face a number of threats from the increasingly common use of smart phones and tablets by their workers, including malicious software that attacks the operating systems, or the simple loss or theft of devices often laden with corporate information.
Juniper Networks, a sponsor of the RSA conference, presented some eye-catching – if also self-serving – statistics during a session titled “Defend Your Mobile Life.”
Mark Bauhaus, an executive vice president at Juniper, said that 98 percent of mobile devices like smart phones and tablets aren’t protected with any security software, and that few users set up a password. That’s troublesome, he said, given that:
— 2 million people in the United States either lost or had their phones stolen last year;
— 40 percent of people use their smart phone for both personal and business use;
— 72 percent access sensitive information, including banking, credit card and medical records;
— 80 percent access their employer’s network over these devices without permission.
Read more: New Technologies bring new threats
Mobile devices new threats and countermeasures
Feb 10 2011
China-based hackers targeted oil, energy companies in ‘Night Dragon’ cyber attacks
Image by lisbokt via Flickr
From the LA Times
China-based hackers may have been stealing sensitive information from several international oil and energy companies for as long as four years, cyber-security firm McAfee Inc. said in a report Thursday.
The company said it traced the “coordinated covert and targeted cyberattacks” back to at least November 2009 and that victims included companies in the U.S., Taiwan, Greece and Kazakhstan. McAfee has dubbed the security breach “Night Dragon.”
McAfee said the hackers, using techniques and tools originating in China and often found on Chinese hacking forums, grabbed details about company operations, project financing and bidding that “can make or break multibillion dollar deals.”
Operating through servers in the U.S. and the Netherlands, the company said, the hackers exploited vulnerabilities in the Microsoft Windows operating system. Techniques included social engineering, spear-phishing, Active Directory compromises and remote administration tools, or RATs.
Although elaborate, Santa Clara-based McAfee said the hacking method was “relatively unsophisticated.” And because most of the Night Dragon attacks originated between 9 a.m. and 5 p.m. Beijing time on weekdays, the cyber-security firm said it suspects that the hacking was not the work of freelancers.
Feb 01 2011
Top 15 hacking tools & utilities
A list of 15 Hacking Tools & Utilities from darknet.org.uk.
Experienced user may recognize most of these tools and for others who are not so familir with these tools may provode a good place to start with a good explanation.
Here is a short list of all the other tools mentioned: Nmap, Nessus Remote Security Scanner, John the Ripper, Nikto, Superscan, pof, Ethereal, Yersinia, LCP, Cain and Abel, Kismet, Netstumbler and hping.
Make sure you check these tools in a safer environment and have a proper authorization to use these tools on a client or business environment.
Here is a list again 15 Hacking Tools & Utilities for your review. Please share your thought on some your favorite tools which works for you.
To know more the latest titles on security tools
Jan 27 2011
Cyber Attacks Jeopardize Superpower Status
Cyberspace enable e-mail, electricity grids, international banking and military superiority.
We can’t live without cyberspace – but increasingly, experts say its openness is putting the United States in jeopardy.
“We can say that sovereignty’s at risk,” said Sami Saydjari. He heads the Cyber Defense Agency, an information security company.
“Basically our whole superpower status as the United States depends on computers,” he said. “We lose them, we lose our status as a superpower. We become a Third World country overnight.”
http://www.youtube.com/watch?v=V3rNiKF4ku8
« Previous Page — Next Page »
