5 Common Hacks & Advice on How to Defend Against Them

You may think that hackers are excessively clever people who are coming up with improbable hacks around elaborate security systems, and some are, but most rely on a few old tricks that have been around for years.

I am going to look at 5 common hacks that are used so that you can become aware of them, as knowledge is the first line of defense. I will then give you some actionable advice on what you can do to defend against these common hacking techniques.

Common hacks 1: Bait and switch

There have been countless ‘bait and switch’ scams over the years. I’m talking “years” as in over the last century. Things haven’t changed much in the computer age as bait and switch style hacks are still used.

Commonly, they’ll buy legitimate advertising space on websites. The hacker will switch the link contained within the ad from the approved one to a malicious one, or they’ll code the legitimate website to take the user to a malicious site. Clever hackers will give away something free, like a website counter, and allow thousands of websites to use it - and then switch it out for something like a nice fat JavaScript redirect.

How to defend: Given the large variety of bait and switch hacks out there, it’s difficult to give advice on them. The first point is to make sure that you understand that anything you don’t control can be manipulated. If it isn’t your web counter, someone can exploit it. If you didn’t find the website yourself, the ad can direct you somewhere you don’t want to be. These can be defended against by simply going to trusted resources for your web counters, or doing your own search for the content within the ad.

Common hacks 2: Cookie theft

Cookie theft, also known as session hijacking, enables people to assume your online identity on popular websites. This allows them to log into your accounts, taking over your social media accounts, as well as making purchases in your name.

To make matters even worse, there’s even a program called Firesheep that allows people to do this with a few clicks while using another trick we’ll talk about next, the fake wireless access point. All it takes is a few clicks, and they’ll take over your identity.

How to Defend: Try to always use websites that have secure development techniques and the latest cryptography. A tool that can help you do this while using Google Chrome is called KB SSL Enforcer.

The KB SSL Enforcer plug-in forces your browser to go to the most secure version of websites. This will be the one that starts with HTTPS, with the ‘s’ being ‘secure’ and referring to TSL cryptography. It is not 100% protection, but it does make things more difficult. If hacking you is a challenge, hackers are more likely to move on to someone who hasn’t read this list!

Common hacks 3: Fake Wireless Access Points

Everyone loves free wifi, including hackers. How this hack works is a hacker will set themselves up in a public location, a coffee shop, restaurant, airport, or public library as examples. They’ll establish a fake wireless access point (WAP) of their own and name it something that makes it sound official: “McDonalds Free WiFi” or “Laguardia Free Connection.”

Those who are looking to make a quick connection, for free, will then establish a connection to these WAPs. There are two ways that a hacker can steal information. The first is that they can set it up so that you have to enter a username and password to connect. Most people use a common username and password for these quick “set it up and forget it” accounts. Hackers will then take that information and use it to try to log into your Twitter, Facebook, Amazon, iTunes and other popular accounts. This is one example of online identity theft.

The other way that a fake WAP will work is by the hackers just sifting through the information that is going through the connection and taking whatever isn’t protected or encrypted.

How to defend: First, ask the proprietors of the establishment what the correct name is for their WiFi. That’s the easy one. Next, be sure to always use a unique password and login for public WiFi. It may be a pain, but it’s your best form of online protection.

To protect against those who sift through and steal information that isn’t encrypted, use a personal VPN to encrypt all of your communication. You can read more about top VPN services over on the blog I work for.

Common hacks 4: False file names

This work by tricking people into clicking on files that look enticing, like BeyonceNipSlip.avi, but are actually files full of malicious code when opened.

One of the most famous examples of this right now is one known as the Unicode character switch. It fools computers into displaying a file that is actually BeyonceNipSlip.exe (an executable file that can tell your computer to do things) as the less harmful looking BeyonceNipSlip.avi (.avi being a video file).

You then open it thinking you’re going to see a video of a small slice of heaven (sorry, clearly Beyonce biased), and instead get a computer full of something bad.

How to defend: This is one of those instances where you have to do your homework. If someone is sending you a file, be sure that you know what the full name is with the extension. If you don’t know who is sending you the file...don’t open it! If you have a virus scanner which allows you to scan individual files before opening them, put it to work.

Common hacks 5: Wateringhole attacks

Watering hole attacks can be related to point 3, but with more focus and malice. Hackers will scope out a common place where employees of their target company hang out for drinks, dinner, or even online social platforms - a ‘watering hole.’

These employees are often more relaxed about their security, but since they’re with co-workers they’re still prone to discussing business matters. The hackers will then either install fake WAPs in the physical location that they gather to get company credentials, or they’ll install harmful JavaScript redirects into the online places that these people visit.

The hackers will then use the login details or compromised workstations to gain access to the inner workings of a company. Notable wateringhole attacks have happened to Apple, Microsoft, and Facebook.

How to defend: Making it known to your employees is the first step. They can not use their same credentials on their workstation and on these types of sites, or in these locations. Like it or not, in today’s digital world, your employees have to act as if they’re always at work.

---

About The Author:
Marcus is the resident security writer over on the Best VPN Providers blog. He writes about internet security issues, occasionally goes on rants about the government, but doesn't go too far off the rails...most days.

Read More

Cyber Security Defense Strategy: 7 Steps to Effective Network Segmentation

Many of today's networks have a flat structure that sets up no barriers between disparate systems. Organizations may wall off SCADA systems from the rest of the network, but they fail to limit unnecessary communication paths between other network nodes. Too often, systems like CCTV, manufacturing control, alarms and building access control live on the perimeter of a network with no limits on internal access. For example, attackers can compromise the workstation that maintains access control functions. They can then disable door keypads, compromise building security, steal data and manipulate power distribution.
In a world that has seen exponential growth in cyber security threats, network segmentation limits an attacker’s movements, protects proprietary information and prevents unauthorized access to sensitive data. The process brings together logical groups of users, applications and assets. It then ensures that these groups don't interact unnecessarily with one another. The key is to balance segmentation for cyber security with the organization's need for agility and rapid workflow. It's a long-term process, and the implementation timetable will differ depending on the size and complexity of the organization.

1. Take an Inventory of Machines

Few organizations know exactly how many machines they own. They also may not know who's using those machines, and they may not even know where to find what they have. For this reason, taking an exhaustive inventory of every machine is crucial to starting the network segmentation process. These machines may fall into these categories and more:

• Windows and UNIX servers
• Development servers
• Financial servers and workstations
• HR servers
• Security devices
• Other network infrastructure

In particular, pay attention to equipment that’s controlled by system administrators. One compromised system administrator laptop can give an attacker access to a wide range of functions and employee credentials.

2. Decide How to Protect Each Machine

A Windows server in one location may not need the same level of protection as a Windows server in another location. Therefore, after taking a machine inventory, categorize the machines according to the type of protection that each machine requires. Once you know what you have and what it does, then you can make decisions regarding how to protect each asset.

3. Take an Inventory of Personnel Including Which Machines They Can Access

Make a list of every person in the company and which machines they can access including workstations, notebooks and mobile devices. Then, ask yourself whether these people actually need every machine they have. In the previous step, you decided how to protect each machine according to its characteristics and functions. Now, make more decisions about protection by factoring in whether the receptionist or the CEO is using the machine.

4. Create an Initial VLAN to Isolate a Low-Maintenance Group

Instead of trying to tackle a company-wide segmentation, start by creating a virtual LAN (VLAN) for a low-maintenance group of workers. Good choices include the legal department, accounting and human resources. Start by monitoring the group and monitoring all traffic in and out of the servers so you can understand what the group accesses and how workflows actually happen. As you learn to understand your initial group, you can expand your segmentation efforts to other groups.

5. Create a Default Deny Ingress Rule for Each Group

Starting with your pilot group, develop a default deny ingress rule so that other users, machines and applications can't interact with that segment of the network. Every time you implement a new default deny ingress rule, prepare for some problems. For instance, if the CEO can no longer access a desired financial report, prepare to apologize profusely and to quickly fix the problem.

6. Prepare for New Equipment Needs and Personnel Training

Old equipment may not be able to handle your segmentation. For example, you might have to purchase a new router if the old one can't implement your new access control list. Also, you'll have to train personnel to navigate through your segmented network. They should understand why they no longer have access to certain areas.

7. Refine Your Groups Over Time

No matter how much time you spend trying to understand business drivers and workflows, you're going to make mistakes that people will find disruptive. Refine your group structure and protection strategies as you learn, and give yourself a generous timeline to implement a full network segmentation strategy.

Read More

Not Your Mom's Antivirus Software: 7 Ways That Antivirus Is Evolving to Meet Today's Threats

When antivirus was developed, an antivirus software provider would learn about a piece of computer malware. It would then record the code and enable its software to scan a computer for the malware signature. Soon, security companies began to share information about the viruses they detected. Consumers benefited from their combined efforts to stop malware in its tracks.

As the Internet has expanded and the number of connected devices has grown, the sheer volume of malware from phishing emails, from malicious websites and from other sources is more than signature-based antivirus solutions can handle. Also, today's malware is designed to morph and change to evade signature-based detection.

By nature, antivirus software is reactive. It may protect individual machines from known threats, but it doesn't stop attacks until those malware signatures are detected. Fortunately, the best antivirus software is evolving to handle today's threats. Instead of becoming obsolete as some experts have argued, antivirus has evolved in seven primary ways to become more relevant than before.

Behavior-Based Blocking

Antivirus software and deep discovery tools can detect malware based on how a snippet of code behaves. By using data analytics to review the patterns associated with known malware, behavior-based blocking identifies code with similar characteristics or operating patterns to existing malware. In addition to pattern analysis, behavior-based blocking tools analyze the reputation of the source that transmitted the code. They also sandbox suspicious pieces of code, running code in a silo to expose malware without infecting the network or end-user devices.





Web Browser Integration

Today's antivirus solutions can analyze websites and prevent users from opening pages containing malicious code. Working as a browser extension, antivirus software can greenlight safe pages and red-light potentially dangerous pages. Many antivirus extensions also incorporate privacy tools, and they allow parents to control which sites their children can browse.

Network Access Monitoring

Modern antivirus tools log network access events. They record each time a user accesses a database, a set of files or a server and make note of any unusual patterns. For example, the software may send out an email alert if a user tries to access data from an unfamiliar IP address. Also, IT can review employee logs to see if data was accessed using an unfamiliar browser or from an unusual location.

Whitelisting Approved Sites

Instead of just blocking known malicious websites, applications or data, today's antivirus tools allow IT to take a whitelisting approach to security. By default, end users have access to nothing online unless it's authorized by IT. Whitelisting removes the burden of trying to detect every possible malicious site or application. Instead, users are given access to only what they need, and they avoid exposing the company to dangerous or malicious sites that may escape threat detection tools.



Early Warning Services

Security companies are competing to sell products, but they also work as a community to protect consumers and businesses from malware threats. When one company's antivirus tools detect a new threat, that company shares the information to keep threats from spreading.

Web Crawling

Some antivirus tools offer Web-crawling tools that crawl websites looking for malicious executable code. The tools then blacklist dangerous websites from the company network, and they provide an early warning to other security companies that keep the malware from spreading.

Application Isolation

Instead of detecting threats and then quarantining them, some antivirus tools isolate applications from a computer's operating system. Applications work as they should, but if any code from the application attempts to make changes to the operating system, the suspicious code is isolated and then discarded when the application is closed. Bromium creates a microenvironment for every task an application executes. Its vSentry solution detects any code's attempt to propagate, persist or compromise the microenvironment. Polymorphic malware can be eliminated even on unpatched computers, and IT can have a full view of the attack forensics.

Ignore the hype that says antivirus is obsolete; it's still an important component of any security strategy. Security companies are constantly incorporating value-added services into their antivirus solutions. Simply put, today's security programs have made significant advances from your mother's antivirus software.

Read More

Bitdefender Internet Security 2014 Review

There are some hassles that can slow down the fastest ever computer, so if you want to enjoy the features of the technology, and then you should not stick to the security measures of the yesteryears, which are not compatible to the needs of your computer. Updated anti-virus program is what your system needs. Installing a basic antivirus is not enough to keep your system free from the hazards and threats of the hackers. You need to give much more to the PC. Plenty of antivirus software are available in the market can offer good protection; however, they are not adequate. Only a very few antivirus software can offer you complete protection like the Bitdefender Internet Security 2014.

Bitdefender- What can you get?

Bitdefender Antivirus is widely acknowledged and has won many awards for the efficiency. Bitdefender, who you can trust to the core, has three different services- Bitdefender Antivirus Plus, Bitdefender Internet Security, and Bitdefender Total Security. Of all these, the Bitdefender Internet Security 2014 is the software that is easy to use and getting recommendations by the users.

Bitdefender Internet Security Features

Let us take a look at some of the most striking features of Bitdefender Internet Security.

Auto-Pilot Mode

With the Auto Pilot mode the user do not need to interact much with this software, which is often required with other software. The Auto Pilot mode ensures that your computer gets the maximum security. No need to struggle with the pop up messages that spring up on the screen and irritate you!

User Friendly Interface

Moreover, you do not have to worry about the security messages and notifications. Whenever you feel that you are at leisure, you can find the user-friendly box, which lets you access the notifications. . You can easily know the security status of your computer through the color codes. Green, red and yellow colors are used to denote security status and the numeric indicator tells you about the pending tasks. The best thing about the notifications is that you would not be clogged up with notifications. Only four notifications are shown at a time based on the importance of the notice.

In total there are 8 panels, antivirus, anti-spam, parental control, wallet, firewall, update, and Safego. The greatest advantage is that the user has complete control over the display of the panels. You can choose the panels you want to view most in the startup.

Advance Photon Technology

Bitdefender offers security against all the threats one faces in the online world and this is possible because of the fastest scanning technology used by this software. The photon technology is discreet, fast, has a user friendly approach and does not slow down the system during scanning.

Two-way Firewall

The two-way firewall not only protects you from the unauthorized hackers, but also protects both you're incoming and outgoing connections from the intruders.

Cool Desktop Widget

You can use Bitdefender Internet Security desktop widget 2014 with Windows 8 and XP. The use of the widget is that you can know the status of the security in your system and also the events that are awaiting your response or action. A graphical interpretation of the software’s antivirus protection can be seen in the widget. The widget also shows the firewall capability of the software.
Besides these, some of the other advanced features are strong parental control, enhanced Cloud Antispam and Bitdefender Safepay options.

Pros

The advantages of the Bitdefender Antivirus include the easy installation, ease of use, strong management of passwords, auto pilot mode, social media monitoring, password encryption and apt for home and business use.

Cons

There are a few setbacks too. The advanced features cannot be used as easy as the other features. The drag and drop option is not available for the encoded files.

Wrap Up

Overall, the Bitdefender Internet Security 2014 is the best antivirus protection you can give to your system. In the AV-Test, it has come out as the best of all the antivirus software available in the market.

Read More

[ike-scan] Discover & Fingerprint IKE Hosts (IPsec VPN Servers)

Among the various functions that the ike-scan can perform, it discovers hosts of IKE and also fingerprints these using a back-off pattern for retransmission. Here are some more of its functions:

Discovers:

The scan determines particular hosts that are running IKE within the IP range provided. This action is a result of the displaying hosts that respond to the ike-scan requests for IKE.

Fingerprint:

This set up helps in determining what kind of IKE implementation in network security the hosts are using. In some of the cases, it also determines the software versions that they are running. This is carried forward in dual ways. First way is done by fingerprinting with UDP back-off that involves the procedure of recording the times of the packets of IKE response from the hosts aimed, and also comparing the retransmission pattern with the existing patterns. The second procedure is done by fingerprinting with the Vendor ID that compares payloads of Vender ID from the VPN servers with the patterns of vendor id already known.






User Enumeration:



This works for some VPN systems where valid usernames of VPN are discovered.

Transform Enumeration:

It finds out which transform characteristics are allowed on the VPN server for Phase-1 of IKE. For example, hash algorithm, encryption algorithm, etc.

Key cracking that is pre-shared:

The ike-scan performs brute-forced cracking of passwords or offline dictionary for IKE Aggressive mode which has Pre-shared Key authentication. This one uses ike-scan in order to obtain parameters like hash and psk-crack, which in turn is a part of package of ike-scan, and perform the cracking.

There is a detailed description of the concept of retransmission back off fingerprinting in the fingerprinting paper of UDP back off that is supposed to be included in the kit of ike-scan as UDP Backoff Fingerprinting Paper.

The specified program sends requests Main Mode or Aggressive Mode, also known as IKE phase-1 to the specified hosts and displays the responses it receives. The ike-scan works with the retransmission and retries with back off to cope up with the loss of pocket. It also confines the amount of bandwith consumed by the IKE packets that are outbound. IKE is actually the Internet Key Exchange protocol that is the key authentication mechanism and exchange used by IPsec. Almost all the modern systems of VPN implement IPsec and most of the IPsec VPNs use IKE to enable key exchange. The Main Mode is the mode among many others for phase-1 of the IKE exchange. The other mode that is defined in similar way is the aggressive mode. The main mode is preferable implemented as far as the RFC 2409 section 5 is concerned. This proves that all implementations of IKE are expected to support the main mode. Many of them also support the Aggressive Mode.

Building and Installing

Firstly, to obtain the project source code you need to Run git clone https://github.com/royhills/ike-scan.gitRun cd ike-scan to enter source directory

Then to b able o install a viable ./configure file Run autoreconf

Run ./configure or ./configure --with-openssl to use the OpenSSL libraries

For building the project Run make

Run make check to verify that everything works as expected

Run make install to install

---

Author Bio:
Maegan Pulman is a freelance IT consultant and technology enthusiast. She is active in local and international IT events and is always on the lookout for the latest industry trends.

Read More

Understanding the Link between Social Media, ID Theft and Your Credit

Image by http://usopenborders.com

Chances are, not everyone on your social media site is someone you would haphazardly hand your credit card to. Yet, many people are treating social media sites like a trusted best friend or even an ATM when they share photos, travel plans, birthdays and addresses publicly with the world. Because of the lasting damage that identity theft can have on credit scores and long-term financial health, it’s important to break the link between social media, ID Theft and your credit.


According to the Bureau of Justice Statistics, identity theft is broken down into three segments:

• Unauthorized use or attempted use of existing credit cards
• Unauthorized use or attempted use of other existing accounts, such as checking accounts
• Misuse of personal information to obtain new accounts or loans, or to commit other crimes.

Consumers most at risk of identity theft are those who don’t regularly check their bank accounts and credit scores, which are most often children and the elderly. According to a 2012 report from Carnegie Mellon CyLab, children are targeted 35 times for identity theft more than adults, and 15 percent of the victims are under the age of five. Kids that have grown up in the social media environment are not afraid of what they share. They also don’t apply for credit and don’t have as much activity around their bank accounts so it takes longer to see if their identity has been compromised.

While the older generation is less apt to participate on Twitter, they are also less likely to apply for a mortgage, car loan or other purchase that requires a credit check. Years can go by before any unusual activity is noticed on their credit scores.

However, 12 million Americans fell victim to identity theft last year and they certainly weren’t all children and elderly. In fact, every three seconds, someone in the United States becomes a victim of identity fraud, according to Javelin Strategy & Research 2013 Identity Fraud Report. This means over 5% of all U.S. adults were affected by identity theft in 2012.

Think you’re not at risk? Go to http://protectyourprofile.org for a realistic look into what criminals could obtain from your Facebook account. It recently won a 2013 Marcom Gold Award for the realism of the experience.



Social Media’s Role

Information in social media can let criminals piece together enough of a story to steal identities without being caught. “Hackers can take family names, addresses, phone numbers and use that data to try and figure out passwords. These people can sell your information to other criminals in their network and it’s worth a lot on the black market,” says David Anderson, directory of product at Protect Your Bubble.com.

For example, a Facebook user can be duped into giving up personal information through fake posts asking for likes, votes, or clicks. These messages look legit because they appear to be sent by a friend. The user many not think twice about entering contact details like a phone number to participate in a contest, special or poll. Once they enter this personal information, they become susceptible to identity theft as criminals start to share data that may ultimately result in capturing payment credentials like credit or debit card numbers.

In fact, just this December hackers swooped in to capture login information from over 2 million Twitter, Facebook, LinkedIn and Google accounts. Facebook accounted for over half of the compromised accounts and left victims vulnerable and uncertain about just how much information the hackers consumed.

How to Break the Link

On social media, consumers must personally self-manage information and stay on top of security settings to keep their credit secure. According to the National Cyber Security Alliance, no individual, business, or government entity is solely responsible for securing the Internet.

Everyone has a role in securing their part of cyberspace because individual actions have a collective impact on making the Internet more secure. What role can you play? Here are five simple steps you can take to unlink your social media account from your credit and from the risk of identity theft.

1.  Take the time to review credit card statements each month for fraudulent charges.
2.  Remember when you share information on social media, it’s not in a bank vault.
3.  Choose a secure password that doesn’t include your birthday or pet name. Make passwords at least 8 characters long, combining uppercase and lower case letters, numbers and symbols.
4.  Alternate passwords for different accounts. Using the same password on Facebook as your online banking is a huge risk.
5.  Never send money based on a Facebook post or message. If you get a request from a friend that seems out of character, be aware that their account may have been hacked and ask them directly rather than assuming it is a legitimate request.

Don’t let thieves ruin your credit or financial stability. Learn more about keeping your identity and finances safe at http://us.protectyourbubble.com/id-theft. Please take steps to protect yourself and share this information with others to help fight against identity theft.

---

About Author: Dechay Watts is Chief Content Strategist at Sprout Content.

Read More

iPhone Security: 10 Apps to Keep Your Apple Smartphone Safe

Photo: ayuzo.com

Once you’ve managed to realize the importance of keeping your phone as safe as locked vault, you need to know which apps to really put your money on. To help you make the right choices, we've reviewed 10 security apps that are worth the space on your phone.

1. Get Your Tech Back With Find My Phone (Free)

What do you think about an app that would not only help you find your lost iOS device but also protect your data while it’s lost? Find My Iphone helps you do just that. You may lock your phone while its lost, send a message or it or even erase all data.

2. WISE ID – Protect personal data. (Free)

This app helps you store your encrypted data safely, such as your PIN numbers, your passwords, credit cards, photos, notes, and other data. So not only do you have your data at your fingertips but you have it safe as well. This provides you with the option of password authentication, dot pattern or face recognition.

3. SECURE IT mSECURE by mSeven Software, LLC ($9.99)

How about you get an insurance for $10 for your Iphone? Yes that’s exactly how much it takes to get a 256 bit blowfish encryption, password generator, free back up utility, cloud data protection, auto-lock, email backup and optional self destruct.

4. Secure FolderPRO by iDevMobile Tec. ($1.99)

This app has some similarity with the mSECURE though is available at a cheaper rate. It can code-lock or pattern lock your pictures, videos, texts, credit cards as well as your passwords. You can easily identify any intruder with picture and gps track system. It also gives you a secret website, along with a private navigation system. This happens without a track of history.

5. Surf Safely With Kaspersky Safe Browser (Free)

We have all been fed up of inappropriate content and malicious links, Surf Safety filters such links and saves the users from fake websites.

6. Alarm.com – monitor/control security systems at home or business. (Free)

Wouldn’t it be great if you are able to keep a check on your house or your business in your absence? This app helps you do just that. Although it requires for one to have an interactive alarm.com service plan with a compatible system, the outcome is great because you have access to your home from just anywhere. This app enables you to watch a live/recorded video from your security cameras, set your thermostat temperature or even control the lights.

7. Wickr Lets You Send Self-Destructing Messages (Free)

Photo: foxnews.com

Would you rather have all your read messages lying around filling your inbox or have your inbox clean and sorted? Wickr comes to your rescue to solve this crisis by allowing you to send messages to several other users with this option of building a mechanism to destruct these messages. The mechanism they use is to forensically erase unwanted files you deleted from your device, with Secure File Shredder.

8. Hide Photos From Prying Eyes with Pic Lock 3 (Free)

All of us have our restrictions when it comes to the privacy of our pictures. With its redesigned interface and multiple layers of protection Pic Lock 3, helps you keep your media files safe and secure.

9. Avira Mobile Security App Offers Backup, Anti-Theft (Free)

This app makes storage, access and sharing data securely very easy for all the users while they are on the go. The firm’s very first cost free iOS brags of a malicious process scanner, storage and battery optimization tools which are then to the company's Secure Backup platform.

10. Lock It All Up With Keeper Password & Data Vault (Free)

If you have not heard about 256-bit AES encryption then you have probably missed this app from Keeper Security that boasts of syncs across all of your mobile devices which creates passwords which are ultra secured with the embedded password generator.

11. Kryptos (Free)

This may sound like technology for the secret services, however if you had been looking for a space where you could safely discuss the secret topics then Krypton is what you were looking for. This app equips the user with a free military-grade 256 bit AES-platform which is encrypted for keeping secrets safe,. The connection is made through voice over IP for secure calls over 3G, 4G and WiFi networks.

Written By:
Sara Xiang is a information security consultant. She has special interest in graphical aspects of security algorithms. Now a days she is studying algorithms that are use in luxbet Sports.

Read More

Understanding Virtual Patching — and Why It’s So Important

Image by ddpavumba from freedigitalphotos.net

Every day, hackers are looking for —and finding — vulnerabilities in secure networks and applications. Most of these vulnerabilities can be eliminated by applying patches or fixed, but by some accounts, there are as many as seven critical patches released every day. For a busy security IT team, immediately applying those patches to every server is a cumbersome, and sometimes impossible, task.

Compounding the problem is the shift to virtual environments. Traditional security and patching methods are not effective in the virtual environment for various reasons, meaning that without an effective solution, performance issues and security holes will remain, leaving your networks and data vulnerable to theft.

One of the best solutions to the issue of managing security patches is virtual patching. This agentless solution immediately identifies security vulnerabilities and applies necessary fixes, creating a secure environment until the critical or “official” patch can be applied. Such a system overcomes many of the issues presented by virtual environments as well, preventing a serious and costly data breach as a result of poor patch management.



Where You’re Vulnerable and Why

In most enterprises, there are several places where vulnerabilities can be found. For example, you may be running an older operating system or application the developer no longer supports or issues patches for, and your security measures will not protect those systems. Other issues include systems that cannot be shut down to apply patches for fear of lost productivity or revenue, delayed release of patches and fixes from the developer and SQL injection attacks via Web applications that can be difficult to locate and fix on a large scale.

The virtual environment only complicates these vulnerabilities. Under a traditional security model, all of the traffic from virtual machines must flow through one central server to be scanned for malicious content or code, which causes network congestion and slows down network performance. Compounding the problem is the fact that in many virtual environments, the server locations regularly move, turn on and off according to demand or are dormant for extended periods. This all makes it difficult to consistently and effectively apply patches as needed.

How Virtual Patching Works

While correcting the source code of the vulnerability via a patch is the ideal re-mediation strategy for any potential problem, that’s not always practical. This is where virtual patching comes in.

Technically speaking, a virtual patch is an additional layer of virtualization security that prevents hackers from taking advantage of a known security vulnerability. Again, because vulnerabilities quickly change, it can be all but impossible to effectively apply every new patch as it’s released, and a system that was completely impervious one day could be ripe for an attack the next. That’s why some people call virtual patching “just in time” patching or “external patching,” because it blocks vulnerabilities before they become problems. Regardless of terminology, it provides an important layer of protection against a potentially devastating security breach.

Virtual patching relies on intrusion protection and detection (IPS/IDS) rules to protect against known vulnerabilities, including those that have not yet been addressed by patches. The advanced network security system automatically scans the network to determine the OS, applications in use, patches that have already been deployed and other factors, and determines which rules need to be activated to protect the system. As things change — new patches are installed, for example — the virtual patching system will automatically adjust the IPS/IDS rules that apply, so as to avoid service disruptions and system slowdowns. In the virtual environment, such a patching system covers all virtual machines —including new machines and those that have been dormant — and routes all traffic through a secure machine to ensure protection on every front.

Patch management is one of the most important — and most time-consuming — tasks for many IT security teams. In fact, some surveys indicate these tasks take up the majority of their time, but are largely ineffective. For those organization struggling with patch management, or even those who have a handle on it but need to ensure compliance and data integrity, virtual patching is an ideal solution, adding a layer of protection that traditional perimeter security measures simply cannot.

---

About The Author:
About the Author: Melissa Cromwell works as a content curator in the tech industry. You can follow her on Google Plus here

Read More

Behavior Blocking or Artificial Intelligence: Real-Time Virus Scans

Finding solutions quickly for the latest virus is challenging. New scanning software seeks to stop viruses with real-time scanning protection. Protecting against viruses, worms, and Trojans is a major challenge to today's computer software designers. The number of viruses being released each year is alarming, and anti-virus software designers appear to be outnumbered. By the time most viruses have been detected, they have already infiltrated different levels of computer programming, including main frames and standalone processing units. Software developers have brought down their response time from weeks and days to hours and even minutes, but for some, this is too little, too late.

Anti-Virus Software

Viruses are programs which attempt to infiltrate a computer's software and operating system. Its intentions vary, but they are rarely good. Most viruses, including worms, Trojans, keyloggers, and malware, are all designed to gather information from your computer and send it to someone else. Some of these programs have strictly malicious intentions, such as the disruption of a program's normal function. These can be used to sabotage control systems for manufacturing facilities, power plants, or security systems. Those that are used for information gathering usually are helpful in conducting data breaches and identity theft.

To counter these dangerous programs, software engineers work tirelessly to provide
best-up-to-date anti-virus programs that can detect and contain the viruses. The difficulty is that most virus programs are released with little or no warning. It isn't until computer operators start noticing problems that they realize they've been infected with a virus. The challenge to anti virus software development is to find programs that are able to respond instantaneously to infection attempts. As programmers continue to work on these problems, many are leaning toward artificial intelligence and similar ideas for effective solutions. While some programs seem to be effective, they can also result in many "false-positives" when detecting malicious files and programs. Monitoring these programs can be tedious for those who are unfamiliar with software design.

Behavior Blocking

One of the many types of anti-viral software on the market today includes behavior-blocking technology. These systems serve as virus protection software for computers, and they are proving to be very effective. This type of program reviews each action that a piece of software is attempting to perform, analyzes its behavior, and either permits it to continue, or notifies the user that a program is attempting to commit a questionable act.

The biggest issue with behavior blocking software is that it requires the computer operator to be much more familiar with software design. The average office worker using a desktop computer for administrative duties, such as word processing, database maintenance, and webpage design, don't usually have a very broad understanding of software programs, and may not know if they should permit an act or deny it. Many routine programs on a computer make changes to other programs as a regular part of their process. Such routine activities could cause repeated notifications by behavior blocking software, which could slow the computer user's productivity substantially.

Real-Time Scanning

One of the current goals of anti-virus designers is to come up with software that operates in  a real-time manner. Every time a file is downloaded, opened, received, copied, or modified, a real-time scanning program analyzes it for possible security risks. Such real time scanning and virus protection software would provide immediate detection. The procedure for this type of program is, after analyzing a file for security risks, the software immediately flags the user with the name of the file and with the specific security threat being exhibited. This constant monitoring provides the highest level of security against viruses, malware, and other malicious programs.

Many of these programs can be set up to also remove any files that are dangerous, and to update the anti-virus software to look for recurrences of the threat. Programs can be configured so that they do not warn users of their anti-viral activities, thus reducing disruption in the operator's routine. Although this may not always be the desired setting for some users, most will benefit by the lack of interruption. It maybe useful to alert the user about problem files, so that the user can report the problem to the file's originator or to the organization's IT office.

Battling against computer viruses, malware, spyware, and other unwanted programs is never ending. For those who are tasked with finding appropriate software, learning more about artificial intelligence-based programs, behavior blockers, and real-time analysis will be extremely helpful. Without knowledge of these program options, lesser protection may be used, failing to adequately protect computer systems. Of course, users should do their part in minimizing the introduction of viruses by using caution when opening emails and downloading files from the internet. Minimizing the number of programs that begin during startup can also help reduce inadvertent introductions of malware and similar malicious viruses.

---

About The Author:

James has been associated with the IT industry for the past 5 years. He is working as a tech support specialist in NYC. Besides system troubleshooting, he loves to write articles related to computer security and educates people about cloud antivirus softwares in order to keep their PC safe from malware and viruses.

Read More

Creating A Generated Password

You’ll Hate Yourself Later if You Don’t Get a Generated Password
With so much of our lives now taking place online, keeping your password safe and secure is more important than ever. We all know about the dangers of identity theft and hacking. A breach in one of your online accounts can lead to everything from embarrassment to serious financial loss.

So how does one choose a great password? First, by avoiding anything even remotely autobiographical. Whether it's your pet's name, the city you were born in or the name of the addiction rehab centers your aunt got sent to, anything you have a personal connection to should be avoided.

Also dangerous are those pesky security questions you're asked when resetting your account — a number of prominent examples in recent years have shown how easy they can be to hack. If your email requires you to use them, never answer them literally.

Get Random

Your best bet for maintaining a secure password may be to use a random generator. There are a number of resources than can provide you with a string of meaningless characters that is extremely difficult to hack. Here are some of the best:

• Random.org: The name says it all. This free site uses "atmospheric noise" to generate a password between 6-24 characters long.
• PCTools: A free service offered by the anti-virus pros at Symantec, PCTools gives you a number of useful options for generating random passwords that will meet the requirements of your email provider and other sensitive accounts.
• LastPass: Available for Windows and OSX, LastPass is an easy-to-use password manager with built-in random password generation. The software automatically detects when you are being prompted for a password and offers a number of suggestions for one that is random and un-guessable.
• Siri: Oh Siri, is there anything you can't do? Simply press and hold the Home button on your Siri-enabled device and say "Wolfram Password." You'll automatically get a randomly-generated 8-character password that would take an estimated 229 years to crack.

Other Password Pro Tips

Clearly, a randomly generated password is the way to go if you want to keep your data and personal information safe. But when it comes to network security, that's just the tip of the iceberg. Here are two more tips for smart password use:

• Store your passwords in a secure place. For most people, a random string of numbers and letters will be pretty hard to remember. If you need to write your password down, store it anywhere other than your computer — an encrypted Flash drive is a good choice.
• Don't use the same password twice. If somehow your account does get hacked, limit the damage by making sure none of your other accounts are vulnerable.

Smart password selection is the key to staying safe online. Taking the time and effort to use a random password will help ensure your data stays safe and sound!

---

About The Author:
Courtney Gordner is a blogger with a passion for all things internet, social media and SEO! Read more from her on her own blog, www.talkviral.com

Read More

5 Ways You're Making it Easy for Hackers to Steal Your Identity

Identity theft is just a scary news headline until it happens to you. This crime is happening with shocking frequency, according to the Department of Justice, which estimates the cost of these crimes amounts to $6.4 billion each year. About three percent of U.S. households fall prey to some form of identity theft, which equates to about 3.6 million families each year. How are thieves stealing our information?

Using Public Wi-Fi Hotspots

Image via Flickr by Jannie-Jan

Public Wi-Fi is convenient and can save you big bucks on expensive data plans, but the convenience may not be worth the price when it comes to identity theft. Any information you access or send over a public Wi-Fi connection is subject to being stolen, including passwords, account numbers, personal photos, as well as sensitive data like social security numbers and business data. Instead, convert your smartphone to a Wi-Fi hotspot or invest in a VPN.

Ordering From Unsecured Websites

When the Internet was new, people were more cautions to check for the security symbol in the address bar. As online transactions have become commonplace, people are ordering from unsecure websites all the time without even thinking about it. Only do online business with trusted companies, and always check for the security icon before entering your payment information. Use a prepaid debit card for online purchases so your liabilities are limited if the number is hacked.

Tossing Documents in the Trash

Do you carelessly toss out your paid bills, all those pre approved credit cards, and bank statements? Many thieves target the trash, knowing we throw away all the information they need to open credit accounts, phony bank accounts, and take out loans in our name. Invest in a shredder, preferably a cross-cut shredder for maximum security.

Posting TMI on Social Media

What are the types of information identity thieves need? Your birthday, pet's name, mother's maiden name, and your employer, all of the other information that's readily available on your social media pages. Never friend anyone you don't know, and keep your privacy settings tight, but also never assume that anything you post on social media is secure. Also, avoid posting when you're going out-of-town, new cell phone numbers when you change services, and other tell-tale info. If you use social media regularly, consider a protective service like LifeLock's identity theft services.

Using ATM and Debit Card Machines

A device called a skimmer can easily be placed into ATM machines and debit card machines such as those at the gas pump. The device allows the machine to act normally, so you never suspect anything is wrong, but it steals your card number and PIN number. Thieves can then empty your account and you're none the wiser until you try to make a purchase and your card is declined. Your bank may offer recourse, but your account will sit empty for some time while the bank investigates. LifeLock services and a prepaid debit card are useful for these purposes too. They may steal what's on the card, but at least you won't be broke while you wait for the charges to be credited to your account.
The Age of Information is indeed convenient, but it's also less secure. Always weigh the benefits of those conveniences against the terror of identity theft. Sometimes, it's just not worth the risk.

---

About The Author:
INFO WILL BE ADDED IF AVAILABLE.

Read More

How To Prevent Credit Card Identity Theft While Abroad

When you’re traveling overseas, you’re automatically putting your identity at risk, primarily due to your credit card. The risk isn’t severe enough that you should avoid travel altogether, but it does warrant some extra precaution and a reasonable amount of attention that you should be aware of during your trip.

Since identity theft is common and difficult to protect against in other countries, you need to be a bit more proactive in terms of protecting your credit card. Identity thieves will specifically target foreigners, especially Americans because of their perceived vulnerability.

They’ll assume that you’re not paying attention and that you aren’t prepared, but if you prove them wrong, then you’ve already won the war.

So, how can you be prepared and get the jump start on potential identity thieves?

While you can never guarantee the safety of your credit card 100-percent (even on American soil), taking these simple steps can help to ensure that you’ve got the deck stacked in your favor.

Here are a few things you can do to help prevent identity theft while travelling abroad:

1. Notify your credit card company ahead of time -- Your credit card company is on your side. It might not feel like that at all times, but when it comes to identity theft, you’ve got a willing (and powerful) ally in your credit card company, so be sure to use them.

Give them a call before your trip and give them a quick “readers digest” version of where you’re going to be and what you’ll be buying. Not only will this prevent your credit from getting unnecessarily deactivated, but it will also help your credit card company know when and where to flag certain purchases if something does go wrong.

2. Cover up when entering your PIN number -- It seems obsessive and maybe even rude, but when you’re making a purchase in public and you have to enter your PIN number, feel free to be discreet.

If someone looking over your shoulder can get your PIN number, it’ll make you a prime target for identity theft and in turn will make life much easier for those targeting you.

3. Photocopy your credit card -- Make a copy of the front and back of your card and leave it with a trusted friend or family member before you go. This will make the process of cancelling the card easier, in the event that it does get stolen. Chances are that this won’t be an issue, but if your card does get swiped, it’ll allow you to expedite the cancellation process.

4. Checking expenses online or on your smartphone -- Make sure that you have your bank’s app, or some other method of tracking purchases and checking your balance on your laptop or smartphone.

If you’re able to monitor your purchases on a daily basis, you’ll also be able to pick up on inconsistencies or purchases that you might not have made that will show up on your expense report.

Don’t get overly obsessed with checking it, but just review your purchases each night to make sure you don’t find anything unexpected.
Staying Sharp


Overall, staying sharp and keeping your wits about you when you’re traveling abroad will be enough to keep the topic of identity theft off the table. In addition, taking these extra steps will help you to protect against the most typical forms of credit card theft and fraud.

In the off chance that you do experience some issues with your credit card while traveling abroad, there are plenty of resources for credit help that will be able to assist you.
The more you can ensure a smooth and uneventful trip overseas, the better off you’re going to be, especially when dealing with your finances.

---

About The Author:

Marcela De Vivo is a freelance writer and internet entrepreneur from Southern California whose writing covers everything on technology, home security, gaming and marketing. She keeps her computer well-protected through the use of various programs.

Read More

Spy camera detector - Things You Can Do To Protect Your Privacy

Privacy is extremely important for every individual to have and protect, but it is becoming
more and more difficult to protect your privacy with today’s invasive technology. It seems
that wherever you go, people can encroach on your privacy by stealing confidential personal
and financial information, or by recording you with video cameras, cell phones, and even spy
cameras that you can’t detect. So how do you take steps to ensure that you keep your valuable
privacy intact and that others do not steal your information or film you without your knowledge
or consent? While you shouldn’t walk around feeling paranoid all of the time, you will be much
more likely to protect your privacy if you follow these suggestions.

Monitor Credit Reports

One of the most important ways to protect not only your privacy but your identity as well is to
monitor your credit reports regularly and vigilantly. You can receive a copy of your credit report
on an annual basis for free, so don’t worry about the cost. If you monitor your credit reports
regularly then you will be able to catch fraudulent activity that is happening under your social
security number before it becomes a bigger issue.

Keep Your Phone Password-Protected

Smart phones contain so much confidential information, and if you lose your phone then others
could easily access that information. To keep this from happening, make sure you password-
protect your smart phone and any other type of cell phone that you may own.

Purchase a Hidden Camera Detector

You never know when you may find yourself in a situation where someone tries to film you
secretly and without your consent. If you find yourself in a situation where you think this may
happen, you should invest in a spy camera detector that will alert you to any hidden cameras
that may be around you. This will help you make sure that you don’t do or say anything that
could incriminate you later if you were secretly being filmed on a spy camera.

Choose Strong Computer Passwords

Computer hackers are out in full force lately, and they aren’t likely to back down anytime soon.
To keep all of the confidential information on your computer safe, it is important that you
choose strong passwords for all of your various accounts that you access online. Even though it
can be a pain to try and remember multiple passwords, make sure that you don’t use the same
password for all of your important accounts. You should also make sure that you always have a

strong antivirus and antispyware program installed to protect your information at all times.

Always Be Cautious

Although you don’t want to be paranoid all the time, you should always be cautious about who
you give personal information to. If you don’t know why someone is asking for specific, private
information then simply don’t give it to them. If someone ever calls you or emails you claiming
they are from your bank or other financial institution, make sure you ask them to provide
information to identify you, instead of giving them personal information that will identify you.
After all, if they are really your bank they should know who you are when they call you or email
you.

If you follow these helpful suggestions you should be able to successfully protect your privacy
from those who would like to exploit it.

---

About The Author:

This is a guest post by Laura Russell, a guest writer from Brickhousesecurity.com,
a site that offers home security solutions with their highly trusted spy cams. They
also offer GPS tracking, hidden cameras and PC monitoring assistance.

Read More