IT Security Blog

Cyber Security In Obama’s Sights

By

President Obama And Family Depart White House For Chicago

Who said that Obama does not have a techie side to him? If reports earlier this month are to be believed, the newbie President is not ignoring the importance of cyber space. Iain Thomson of Vnunet.com had this report early this month:

US president Barack Obama has ordered an immediate 60-day review of the online security of government IT systems to check for vulnerabilities.

The review will be led by Melissa Hathaway, who has served as cyber co-ordination executive to the US Office of the Director of National Intelligence. Hathaway will also serve as acting senior director for cyberspace for the National Security and Homeland Security councils during the review period.

“The national security and economic health of the US depend on the security, stability and integrity of our nation’s cyber space, both in the public and private sectors,” said John Brennan, assistant to the president for counter-terrorism and homeland security.

First thoughts…this is wonderful; this coming from the head of the country, it should be a good sign. However, I was thinking about the 60-day limit – would this be enough? More so, are the intelligence arms going to be part of this review? I doubt that the CIA, the FBI, and the NSA will allow anyone to take a look into their systems. Maybe the review is just for the less sensitive government agencies. Who knows?
In any case, I was just thinking of those people who love hacking systems to get credit card numbers, bank account numbers, and the like. Those days will probably be gone pretty soon, don’t you think?

UK Email Law: Security Breach?

By

On-line Communication

Did you know that starting March of this year, every single email that is sent and received in the UK will be monitored? Yep, following the law, all Internet Service Providers (ISPs) in the UK will be required to store email information for a year. Though this law requires information to be kept, the actual content of the emails are not included in the requirement.

However, the fact that information is being monitored – even private emails – has got a lot of people shifting in discontent. The details of the law were published by BBC:

-To keep details of every e-mail sent in the UK for a year
-Internet Service Providers will have to record who sent the email, to whom and when
-The e-mail’s content will not be stored
-Data can be accessed by more than 600 public bodies, such as the police and councils, if they make a valid request
-Part of a European Commission directive

Although the contents of emails are not part of the law, it does not take a rocket scientist to figure out that this gives rise to potential security breaches – BIG TIME. It is a given that the idea behind the law was born out of goodwill. After all, we do know that there are a lot of unscrupulous people out there who take advantage of the technology.

However, who is to say that this database of information will be kept secure and that no one will be able to make unauthorized use of it? That, my friends, is the biggest question. Am sure glad I am not in the UK right now.

Be Careful of Hyperlinks in Messages

By

We all know that some people using the web for success are desperate and regardless if the message comes to you via email, comments or an instant message, do not click! It is easy to spot suspicious messages. For one, if there is no sane explanation on why you should check it out, refrain from doing so. The difference between clicking may make the difference as far as safety and security for your computer or workstation is concerned.

For most, this may seem redundant. Who in his right mind would click a link gone unsolicited? Well that is true but we forget to consider that not all people are aware of the benefits and dangers that await them on the web.

Just like in modern society, you can expect some tactics that can really deceive you. They are not obvious and in fact can come in any from. In fact, you can even get them from friends who may think that such links to site as harmless. Leading the pack for suspicious links would include:

1. Free software links
2. Files or Images
3. Money making scheme programs
4. Unsolicited Sign Ups

Of course, you would have to consider, to get people to click on links, it has to be entirely in their interest. For most, it is too tempting to resist. Especially if you have not encountered them or have been educated of these threats, chances are you may experience them first hand and may become a forgettable one for overlooking the value of security on the web.

DomainKeys, Protecting more Googler’s

By


The problem with spam and phishing has become so much of a problem that Google, has resorted to using Yahoo’s patented DomainKeys technology to protect their email users through Gmail with the security system. DomainKeys was patented and developed by Yahoo but was released under a dual license under the GNU General Public License which allowed the software technology to become a widely accepted internet standard. It uses encryption technology to verify that the domain from which mail comes from is in fact the true source of the sent mail blocking re-directed spam and other malware from taking flight. These types of technology have been vital in the protection of consumers who do online shopping, many of whom fall victim to fake and phishing scams resulting in financial losses.
Internet companies themselves get victimized in terms of the resources they have to allocate to resolve such incidents that start from eBay transactions gone bad that hackers use as phishing tools. Once these people get their hands on the account information of legit users, they go on expensive shopping sprees that costs the e-commerce industry a lot of lost revenue. It also causes a lot of misinformation on the security and reliability of online stores (some are truly legit but most are well…..). Hopefully more and more fake PayPal and eBay scams would be denied giving people more time to develop better protection systems. There are a lot of tips on the internet about online safety with regards to these email and other scams so you’d better brush up and stay informed of the latest news if you love online shopping and haggling over eBay. Safe online Shopping everyone!!

The Cat’s out of the Bag (Part 2)

By

The admittance by an executive from within the industry was sure to happen and doing so may have given more importance on how you implement online security at home and in the office for knowing you are never always protected is the norm of the internet. There is no one software or provider that can promise total protection whatever the case and you are always infected with one form or the other how ever expensive the anti-virus software you have installed on your computer system. The industry is also in a dilemma of how best to present information on the ones that got away and caused mayhem before they caught it and issued a cure. You only hear of the ones they get and not the other way round, why, it’s bad for business. Getting your clients to know that they are not the total solution might get them thinking that if that’s the case, why spend hundreds if not thousands of dollars a year for something that may be effective? There are even instances that these programs that are designed to protect us from viruses and malware being infected and doing the dirty work themselves.
All the hype about technology and new software development tools also mean nothing for the very people who does the programming for these anti-virus programs also have the ability to use it for no good. The reality of using the net is to accept the fact that every click may be your last and that is the gauntlet you walk each and every day as you surf, download and do whatever you wish over the internet. True that it has allowed us more freedom and information but it also opened up the world to these scoundrels who are up to no good.

The Cat’s out of the Bag (Part 1)

By

The Anti-Virus industry has been rendered ineffective for quite sometime and this came into attention only with one industry expert speaking out of the crowd to say so “AS IS”. We have all been under the impression that the security of our PC’s, Laptops and other computers has been quite effective and robust with online active updates that allows them to deal with evolving threats. The problem is as the discussion states, how do you deal with today’s millions upon millions of viruses and other forms of threats without super-computing status? You can’t, that is the reality we have to face that there is no one solution to the problem and that it is going to stay that way.
Anti-virus software engineers do their jobs round the clock to prevent these malware form doing the most harm on the millions if not billions of computers around the world that connects to the internet daily. As one sector of the globe goes to sleep, another wakes up to a new day of infections and threats that is exaggerated more by the constant online status of some pc’s meaning they are always connected whatever time of day it is. Imagine scanning through a database that can give you the ability to determine a virus among the millions of known types, variants and mutations (even with a super-computer it takes time) every time you download a file or click on an internet link, that would be unfathomable. The best these guys can do and hope for is that they (the many anti-virus vendors) get to the problem early on when the virus or malware is still propagating when they can still reverse engineer it, then issue the proper identifiers along with the removal instructions that they send out to their respective clients hoping they are still not infected and spreading the virus themselves.
If they already are infected, it takes more time to formulate an approach on how to remove the problem form the computer system leaving it untouched and without the threat. This is almost next to impossible for any seasoned PC user knows that anything that is installed stays installed (even fragments of files and other programs) long after the known un-install procedure has been done. The only sure way to clear an infected system would be to re-format the hard drive and then re-install the whole myriad of software and drivers that came out with the PC (most of them are lost during the years necessitating an online search from manufacturer sites and other help sites which may also be infected), losing them is suicide for a PC without proper drivers is like a car without brakes that constantly breaks down and has to try to get itself to run to a level of its former self.