Viacom, the company that owns MTV has confirmed the fact that there was indeed a leakage of information from their system that has resulted in personal information such as Social Security numbers, Birth dates and other employment related data. They confirmed the fact that the said information was taken from an employee workstation which may have been infected by malware that sent the said information to the outside without the management knowing about it. These types of problems are now becoming more common as people go on the web and as this case shows, the workstation in question was said to have entered a social networking site through which may have been the path the malware took. The said information was contained in password protected files and the company has said that it has launched an internal investigation as to why the employee in question may have been able to access the said site from the office workstation.
Information leakage such as this case is now so common that they happen even without anybody knowing about it. Even with installed security and intrusion prevention systems, programs that piggy-back onto legal programs have found and exploited ways to circumvent them exposing themselves to protection systems as legitimate programs. Social networks have been targeted as with the problems with Goggle’s Orkut, Myspace and the many other social networking sites which have fallen to hackers who use them as launch/propagation platforms to unload their payloads of Trojans, key-loggers and many other forms malicious code.
The Web transforming into the social network may be the best thing that has happened to many but it remains to be a thorn in IT Security People from all over. Many have fallen victim to such instances that have resulted in credit card fraud and full-blown identity theft cases which are a real-world issue everybody has take notice of. The threat is real and we must all make it a point to do our best. Install the proper intrusion prevention systems and establish systems usage security protocol which will minimize exposure to such threats which are sure to invade more of our daily lives as we go on living a second life in the internet of today, the Social net.
Google’s Orkut Social Networking Site – Hit by Trojan
In the endless fight for IT security in the vulnerable internet, even Google’s Orkut has been hit by a self-propagating Trojan which is currently being studied for a possible cure to remove it from the wild. The Trojan works when the creators get information and send messages with links that prompts users to install a newer version of the flash player program. The user is greeted by a pop-up window that tells the user an installation of a newer version of software being used is in need of download and subsequent update. The program downloads a seemingly legal copy of the software installer which in turn begins to unload it’s payload of malicious code and propagates by sending more messages with the addresses that are tagged as friends in the victim user’s address book. So far, the pop-up message that promotes the spread of the Trojan is only in Portuguese which has been seen only in Brazil and with a few in India, but the security experts at Symantec are worried that an evolved version can unload more malicious code that can do more damage to the millions of users on the web, even cause another cascading slowing down of the internet as a whole if these Trojans begin to overload vital internet hubs forcing them to shut-down due to the infinite requests for direction which it would be unable to handle. Google has been warned by Symantec which has yet to release a reply to that warning. Symantec and many other industry leaders in the development of virus/,alware removal software have predicted the rise in attacks that would take effect this year as more and more people get onto the social network bandwagon making the world a smaller place but at the same time opening previously shut doors ripe for attack fromt the ever changing face of malware.
OS Updates, Patches and Service Packs – What they’re not telling you (Part 2)
Some of these updates and patches are well publicized and known to media and IT circles while others are not. The real truth, not all users want to know the details of the several updates and patches that are being installed as long as they get to use the internet and other software without issues. This is a dangerous tightrope to walk for like the Facebook incidents and MySpace problems, and yes even Google (with their customer purchase tracking system which they took out of service as people took notice and were pissed they were being monitored as to shopping habits etc).
Even the most popular web search engines have come under fire when people took notice of their tracking systems and how that information is used to target them for advertising campaigns. The web is a true and proven signal of unparalleled freedom for it allows you to get information all with the press of a few buttons. But the battle begins at your desktop or laptop where the OS resides and is installed on making it the root of all possible problems. Yes, Attacks do come from the net but they are targeted at your home or office desktops using them as propagation tools to spread them all over the globe. Privacy and the right to know is quite battered on these fronts with many problems being discovered at every turn. People love intrigue and they will continue to scrutinize and criticize the work of others may they be friends or foes. On goes the OS wars and we are on the sidelines waiting to suffer all the fallout of their drive to be the first to release the most innovative and feature loaded software (with bugs and system crashes all bundled and included in the box, well till they release the respective fixes and patches to remedy them).
OS Updates, Patches and Service Packs – What they’re not telling you (Part 1)
Everybody on this earth who uses the internet has to begin with a device (PC, Laptop or Mobile Phone) that has a form of operating system that gives the machine (computer/device) the ability to function as it does. May it be from Microsoft (Windows XP or Vista), Apple (OS X Leopard and prior versions) or Linux-Based operating systems, all these programs get their fair share of patches and bug fixes that are essentially damage control measures that hopefully correct programming errors before they cause too much harm to the user and the computer they are installed on.
These patches and updates are available for free for most licensed users but for those who still use bootlegged software, well, they are a bit too difficult to get hold of for the move of OS manufacturers to install (sometimes without you even knowing it), validation tools that check via the internet if the copy of your OS is licensed and legit. These underground updates are not always so discreet for some do get out and are found by users, programmers and other people who rely heavily on their computers for their everyday existence. Some get blown out of proportion sending them into the headlines as unwanted and unauthorized processes that you get to see on CNN and the BBC.
Software development firms are businesses and they do try their best to keep ahead of the pack (competitors) when it comes to the complexity and capabilities of their products. The competitiveness goes as far as the early release of a product before all testing and real-world simulations have been completed opting for patches and updates to correct them well after the product has been released into the wild (for public use). Some problems associated with them are so critical that the developers are so ashamed to admit they overlooked them that they opt to update these files without the user’s knowledge (have you ever seen your OS getting updates from the web as you get to go on your coffee break, sometimes so discreetly you even fail to notice, returning to a computer that tells you your system has been updated and a restart is needed for them to take effect?)
Facial Recognition and Smart Mice – biometrics of the invasive kind.
The future (not actually that far off) sees computer systems that are powerful enough to map out the human face which is known as facial recognition, scanning it into a database that takes a full-360 degrees picture mapping the individual face into a digital fingerprint of sorts allowing no need for invasive security systems. Imagine walking towards your workplace which is studded with cameras that constantly takes pictures of your face and compares it to a digitized database of many other faces in the system. As you get to your terminal, you get immediate access (for the system has seen you as the rightful owner of the computer terminal) to all you stuff without having to physically go through invasive security systems (like the one seen on the sci-fi movie the Minority Report). In the movie, society has evolved into a centralized environment where there are security scanners tied into all major computer systems such as media advertising boards located in major city center’s. Advertising that is suited to one’s preferences and such other information are obtained on a person through retinal scanners that continuously scans one’s location and other information such as the case in the plot which has a rogue officer of the law being subject of much fuss. This gives an insight into the possible future of the human race and how much information technology play’s a part in that future world where nothing is secret and just about anything with the right access can get enough information about you. Hot Forest’s introduction of biometrics-technology based interface system (initially a mouse) that have embedded medical grade sensors that monitor blood pressure and other vital bodily functions to indicate the productivity of their staff based on baseline information collected as the system is implemented. Their system, ‘OPTIMAL OFFICE’ monitor’s the health of their employees through sensors (heart rate monitors) and software helping management create a less stressful workplace. This allows offices to monitor their employees productivity by monitoring their blood pressure which is a sure sign of stress or too much of it allowing better management and control.
The system works and begins to provide important information about an employee who uses the system for more than 2 hours allowing the collection and collation of vitals which are compared and rated according to standards set by the medical field as either healthy or hazardous to one’s health. Management is then alerted to whether they are under or over stressed based on these information allowing the conduction of adjustments or other health analysis tests. This is said to promote a better office for healthy people who work happily are more productive. Though many see the system as too invasive, it may offer an insight on what tomorrow would hold for us as technology become’s more of a necessity rather than an addition to the way we live day by day.
IP-Based Security Surveillance ( Part -2 )
The accessory cards for the standard PC has become so widespread that they come in many shapes and form allowing the connection of any number of security cameras. Triggered systems which rely on other security deterrents for activation allows the people monitoring the site to save on storage which used to be a bank of video recorders that were set to record in extended mode on a loop in a back office which was hopefully secure enough to prevent tampering and destruction by perpetrators. Off-site security allows monitoring over high-speed internet lines of the site without the danger of loosing valuable evidence in the form of video footage safely secured onto the company’s own storage servers or can be out-sourced to off-site data storage companies like Iron Mountain who specialize in secure and reliable data storage. The advent of high capacity hard drives like the Toshiba Terabyte Drive allows a huge amount of data to be stored with minimal hardware footprint. Seagate on the other hand has gone a step further by releasing hardware-based encryption in it’s hard drives which can be activated with the use of the Operating System making for one ultra-secure hard drive (well, till you forget the password or key to decrypt the drive making it useless or exceed the MTBF of the specified drive, ouch.. that’s 931 GB of lost data).
Security has become an ever present need and so is the drive to protect assets that are the essence of business organizations. These newer and cheaper versions of security systems add a level of security that assures us our assets stay safe and secure in the event of either man-made or natural disasters that are becoming quite common as life becomes harder and money is harder to come by turning people to a life of crime never before seen on this earth.
[tags]Securing Assets, Security[/tags]