An article was released two days ago in the New York Times regarding the loss of a computer hard drive containing a terabyte of confidential computerized data. The hard drive contained vital information attaining to former President Clinton and former Vice President Gore. The hard drive was said to also contain personal information about one of the three Gore daughters as well as numerous other people who visited or worked at the White House. Some of the compromised data included social security numbers and home addresses and who knows what else is on the hard drive. A terabyte is a lot of memory and there could be millions of pieces of confidential information that can possibly destroy lives if in the wrong hands. Security procedures used by the Secret Service at the White House during Clinton's term was also stored on that hard drive and now puts the entire White House security system at risk.
Federal authorities are looking into the apparent breach at a National Archives record center and an extensive investigation is already underway to find the vital hardware. Investigators do not yet know as to whether or not the drive was stolen or simply misplaced, but immediate efforts are being made to recover the hard drive as soon as possible, as many people are left vulnerable until the hard drive is secured. But even then, if someone actually did steal the hard drive and say investigators found it, who is to say that the perp did not make a copy or download all the information onto their computer or separate hard drive. There are so many possibilities that a computer hacker could do with a hard drive containing such valuable and confidential information as this one. The FBI is looking into the matter as well in case it is a criminal act then they will have to get involved because it is federal property. Something tells me that the hard drive was stolen because I don't just see how a piece of equipment that expensive and important gets misplaced. If it was stolen then security measures better be looked at closely and improvement must be made immediately because that is just unacceptable, especially for a government agency. Their access control system and CCTV systems should be thourohgly examined and inspected to make sure they are working properly and if not they must be fixed immediatlely.
Thursday, May 21, 2009
Driving While Texting
Instead of driving and talking on cellphones, the new thing is driving while texting and it is very dangerous. Research has shown how frequent people drive and text and the statistics are very believable as I constantly find myself texting and driving. Studies have shown that despite the research proven to show that texting while driving is not only dangerous, but deadly, it is more rampant then ever and people continue to do it like its no big deal. Its actually alot easier to pick up the phone and call someone while driving, but it is too obvious for police officers to see an individual talking on the phone. You can hide texting by simply using the phone on your lap, but that possess a problem because then your not looking at the road.
A study was conducted by Vlingo, a company that makes software that translates spoken messages into text or e-mail on mobile phones. The company survey over 4800 applicants online and 26 percent of the 4800 were guilty of D.W.T (Driving While Texting) and out of that 26 percent, 60 percent are between the ages of 16 to 19, 49 percent of the people from 20 to 29 and 13 percent over 50 years old. This does not come as a surprise to me as I would expect younger teenagers to be texting their friends, girlfriend and boyfriends, all the time and now a days every teenager has a cellphone. Tennessee was the state with the highest percentage of drivers that text and coming in right after it is New Jersey. I am very surprised that New York is not atop that list because the population is so dense and there are a lot of younger people in the cities, but at the same time many people who live in the city do not own cars. So maybe for New York they should do a study on texting and biking.
A study was conducted by Vlingo, a company that makes software that translates spoken messages into text or e-mail on mobile phones. The company survey over 4800 applicants online and 26 percent of the 4800 were guilty of D.W.T (Driving While Texting) and out of that 26 percent, 60 percent are between the ages of 16 to 19, 49 percent of the people from 20 to 29 and 13 percent over 50 years old. This does not come as a surprise to me as I would expect younger teenagers to be texting their friends, girlfriend and boyfriends, all the time and now a days every teenager has a cellphone. Tennessee was the state with the highest percentage of drivers that text and coming in right after it is New Jersey. I am very surprised that New York is not atop that list because the population is so dense and there are a lot of younger people in the cities, but at the same time many people who live in the city do not own cars. So maybe for New York they should do a study on texting and biking.
Wednesday, May 20, 2009
Facebook Attacks
Facebook has become one of, if not, the most popular social networking site's on the Internet. Facebook has become so unique and popular because it only requires a regular email account to sign up, it used to be only for college students, but it has expanded to include anyone with a valid email address. Now people can search for people that they grew up with, lost touch over the years with, or just someone that they met at the bar last night. Facebook allows individuals to post private and public information about themselves including: the individuals name, address, place of business, schools attended, hobbies, interests, and basically any information that the individual wants to disclose about themselves. People can post photos and videos as well, so their is a lot of information available at just the click of the mouse.
Facebook has recently become a target of malicious hacks to obtain user login names and passwords. Studies have shown that about one third of web users use the same password for all websites or most websites that require a password. Honestly, I found this to be very true because I do the same exact thing. I have about five or six websites that I use that require a password to access them and I usually have the same password or maybe one different one, including my email password. Hackers are posting links on random individuals facebook pages linking them to phishing sites requiring the user to retype their login name and password so that the hack can obtain their information. Although Facebook credentials are not much, hackers can use these logins and passwords to attempt to access people's emails, ebay and paypal accounts, Amazon and gmail accounts, or anything that requires a login and password. This is where the issue become a huge problem and could be detrimental. This has become an increasingly dangerous issue, especially to those users serving in areas of combat and as well as business users who are on Facebook at work. Hackers can use this information to hack into work emails and gain confidential information. This is why many corporations and businesses advise employees and even make it company policy to block certain websites. Computer security advisers recommend that users use a different password for each account and usually non-dictionary words mixed with numbers as well to decrease potential hacks. Users should also change their password once a month, many companies already have policies such as this one in effect to prevent network security breaches. Facebook users need to constantly be aware of the possible threats they may face and the damage that could be done with a simple login name and password.
Facebook has recently become a target of malicious hacks to obtain user login names and passwords. Studies have shown that about one third of web users use the same password for all websites or most websites that require a password. Honestly, I found this to be very true because I do the same exact thing. I have about five or six websites that I use that require a password to access them and I usually have the same password or maybe one different one, including my email password. Hackers are posting links on random individuals facebook pages linking them to phishing sites requiring the user to retype their login name and password so that the hack can obtain their information. Although Facebook credentials are not much, hackers can use these logins and passwords to attempt to access people's emails, ebay and paypal accounts, Amazon and gmail accounts, or anything that requires a login and password. This is where the issue become a huge problem and could be detrimental. This has become an increasingly dangerous issue, especially to those users serving in areas of combat and as well as business users who are on Facebook at work. Hackers can use this information to hack into work emails and gain confidential information. This is why many corporations and businesses advise employees and even make it company policy to block certain websites. Computer security advisers recommend that users use a different password for each account and usually non-dictionary words mixed with numbers as well to decrease potential hacks. Users should also change their password once a month, many companies already have policies such as this one in effect to prevent network security breaches. Facebook users need to constantly be aware of the possible threats they may face and the damage that could be done with a simple login name and password.
Tuesday, May 19, 2009
West Point Cyberwar Games
I found a very interesting article in the New York Times published on May 10, 2009, regarding Cyberwar testing at West Point. The article is very intriguing because it talks about actual scenarios and hacker tests given to computer science and information technology majors at West Point. For the students final exam they had to withstand a staged hack by the National Security Agency (NSA) based in Maryland. A team of cadets spent four days working around the clock to establish computer network and keep it running while the NSA implemented methods that might be used by enemy hackers during a cyber attack. The NSA also planted viruses on the equipment too, possibly the same way enemy hackers would. Teams were formed from the Navy, AirForce, Coast Guard, and Merchant Marines to compete against one another for the senior classes final exam, to see who could withstand and handle the staged attack by the NSA.
Apparently their is really no sole organization or American Military unit dedicated to analyzing the risk of cyberattacks and conducting tests and drills as West Point has. I am sure the government has some organizations working together on fighting cybercrime, but there should be an organizaion established to focus only on cyberattacks as one successful hack could cripple Internet communications and even expose confidential/top secret information to the world. This could pose as a huge military problem and give America's enemies an advantage. The NSA is responsible for bringing for these computer security analysts/hackers. The hackers have an official name; the 57th Information Aggressor Squadron, and they are stationed at Nellis Air Force Base. They are the closest thing to an organization dedicated solely to cyberwar and cyberattack prevention/research. The Defense Department also has cyberwar schools where they train and cadets on cyberwarfare, but only 80 students graduate per year. The Pentagon believes that this number is insufficient and more highly trained and qualified individuals are needed. The Pentagon hopes that young students will become interested in these cyberwar games, such as the ones conducted at West Point, and strive to become a part of the fight against cyberattacks within the United States. This article sparked my attention because I am looking at pursuing a similar degree at the University of New Haven at the graduate program of National Security with concentration in Information Protection. New Haven works directly with the FBI, as they have been known to select many New Haven graduates from this program to be security analysts and perform other computer security related jobs for the FBI. So the idea of eventually being able to participate in cyber games such as the ones at West Point has really intrigued me and is a fascinating thought. Cyberwarfare has become an increasing problem around the world and will only get worse as new technologies develop, so it is absolutely necessary to have qualified and properly trained personnel working around the clock to prevent these cyberattacks from occurring. The government needs all the help it can get and I hope one day I will be lucky enough to be chosen by one of these Federal Agencies, to lead the war against cyberattacks and more importantly, cyberterrorism.
Apparently their is really no sole organization or American Military unit dedicated to analyzing the risk of cyberattacks and conducting tests and drills as West Point has. I am sure the government has some organizations working together on fighting cybercrime, but there should be an organizaion established to focus only on cyberattacks as one successful hack could cripple Internet communications and even expose confidential/top secret information to the world. This could pose as a huge military problem and give America's enemies an advantage. The NSA is responsible for bringing for these computer security analysts/hackers. The hackers have an official name; the 57th Information Aggressor Squadron, and they are stationed at Nellis Air Force Base. They are the closest thing to an organization dedicated solely to cyberwar and cyberattack prevention/research. The Defense Department also has cyberwar schools where they train and cadets on cyberwarfare, but only 80 students graduate per year. The Pentagon believes that this number is insufficient and more highly trained and qualified individuals are needed. The Pentagon hopes that young students will become interested in these cyberwar games, such as the ones conducted at West Point, and strive to become a part of the fight against cyberattacks within the United States. This article sparked my attention because I am looking at pursuing a similar degree at the University of New Haven at the graduate program of National Security with concentration in Information Protection. New Haven works directly with the FBI, as they have been known to select many New Haven graduates from this program to be security analysts and perform other computer security related jobs for the FBI. So the idea of eventually being able to participate in cyber games such as the ones at West Point has really intrigued me and is a fascinating thought. Cyberwarfare has become an increasing problem around the world and will only get worse as new technologies develop, so it is absolutely necessary to have qualified and properly trained personnel working around the clock to prevent these cyberattacks from occurring. The government needs all the help it can get and I hope one day I will be lucky enough to be chosen by one of these Federal Agencies, to lead the war against cyberattacks and more importantly, cyberterrorism.
MyLaptopGps
This is a very interesting article that I found in a Boston, Ma, journal dealing with new computer security technologies such as MyLaptopGps. MyLaptopGPS is produced by Tri 8, Inc, and has been around for over 25 years supplying businesses and corporations with world class data systems. Dan Yost is the CTO (Chief Technology Officer) of the laptop computer security firm MyLaptopGps and encourages all businesses and individuals to use this to help minimize laptop theft. Yost appeared on many news media stations over the past month to discuss the growing problem of government laptop theft within Oklahoma. Apparently two very important laptops, containing over 125 million unique data records on Oklahoma citizens went missing because of lax security measures. The first laptop was stolen from an employees car within the Oklahoma Department of Human Services. The laptop was said to have highly sensitive information about approximately one million Oklahoman citizens and the second laptop was stolen from the Oklahoma Housing Finance Agency, revealing private data about over 200 thousand Oklahoman citizens.
Laptops are stolen every 12 seconds around the world and will continue to be a growing problem unless something is done to safeguard against this issue. A possible and very plausible solution is MyLaptopGps, which is the single most effective deterrent in laptop theft. MyLaptopGps is laptop tracking technology in the form of Internet based GPS. It is inexpensive, easy to install, and money well spent in the long run to insure the protection of critical information. MyLaptopGPS has been proven to be successful and an excellent technique/tool for protection against theft as the product is endorsed by many, including IDTheftSecurity.com. CEO, Robert Siciliano is a member of the Bank Fraud & IT Security Report's editorial board and of the consumer advisory board for McAfee. He is a leader of personal safety and security seminars around the world and has appeared on television (CNN, CBS, MSNBC, FOX News, "The Today Show", etc) numerous times for his expert opinion and thoughts on personal security and identity theft. He has encouraged businesses and anyone looking for theft protection to use MyLaptopGPS as it has proven to be effective, inexpensive, and a must have for all organizations looking to keep confidential information, confidential.
Laptops are stolen every 12 seconds around the world and will continue to be a growing problem unless something is done to safeguard against this issue. A possible and very plausible solution is MyLaptopGps, which is the single most effective deterrent in laptop theft. MyLaptopGps is laptop tracking technology in the form of Internet based GPS. It is inexpensive, easy to install, and money well spent in the long run to insure the protection of critical information. MyLaptopGPS has been proven to be successful and an excellent technique/tool for protection against theft as the product is endorsed by many, including IDTheftSecurity.com. CEO, Robert Siciliano is a member of the Bank Fraud & IT Security Report's editorial board and of the consumer advisory board for McAfee. He is a leader of personal safety and security seminars around the world and has appeared on television (CNN, CBS, MSNBC, FOX News, "The Today Show", etc) numerous times for his expert opinion and thoughts on personal security and identity theft. He has encouraged businesses and anyone looking for theft protection to use MyLaptopGPS as it has proven to be effective, inexpensive, and a must have for all organizations looking to keep confidential information, confidential.
Ancient Steganography
Steganography is the art and science of hiding messages in such a way that no one apart from the sender and intended receiver can realize that a hidden message even exists. It is basically a process of hiding a secret message in another message. There are basically two different types of steganography: physical steganography and digital steganography, which has only been around for about thirty years with the invention of personal computer technology. Digital steganography is still relatively known and constant research is being conducted to further the development of this wonderful tool. Digital steganography involves hiding messages within the images, sound files, text documents, emails, and etc. You can also embed pictures in video material and other pictures, such as jpegs. You can also use encryption and steganography together to make a message ever harder to decipher. One can conceal the information within encrypted data, but the only problem is that this will draw attention to the document/file because you can see the data in its encryption form so you know that there is a meaning and a message to be deciphered.
I find Ancient steganography to be the most fascinating because the idea and concept can be dated back to Ancient Greece. Although there was no actual term “steganography”, the concept was the same. Steganography first appeared in Herodotus’, The Histories, the story of the war between the Persian Empire and the Greek City-States. He wanted to instigate a revolt against the Persians so he shaved the head of his best messenger and wrote/tattooed a message on his scalp. Once the hair fully grew in he sent the messenger on his way and when the messenger arrived to his destination he shaved his head and pointed it directly towards the receiver to read the message. It sounds so simple and easy, but in fact it is a brilliant idea and almost virtually impossible to figure out because no one would think to look there or even think of the idea in the first place. Other types of physical steganography included hidden messages on tablets covered with wax, hidden messages wrote in invisible ink on messenger’s bodies and special papers, and microdot images. These are all actual techniques used in past history; ranging from Ancient Greece to World War I and II. Microdots are actually very fascinating tools because they are images and texts compressed to the size of a period on a piece of paper, which can be seen with heavy duty magnifying glasses and telescopes. Physical steganography is a brilliant technique that has been around for a lot longer than people think and probably could be dated back further than historians could track. It’s amazing how simple a concept could be, but at the same time how much of an advantage it can have over ones enemies. These methods were extremely popular in both WWI and WWII and may have even helped win battles. It amazes me to see that this techniques are still be used today because they date back so far in our history, but new technologies and advancement have begun make physical steganography a technique of the past, with digital steganography becoming a powerful and common tool. I think that the future will only bring greater advancements in steganography and make it almost undetectable and undecipherable.
I find Ancient steganography to be the most fascinating because the idea and concept can be dated back to Ancient Greece. Although there was no actual term “steganography”, the concept was the same. Steganography first appeared in Herodotus’, The Histories, the story of the war between the Persian Empire and the Greek City-States. He wanted to instigate a revolt against the Persians so he shaved the head of his best messenger and wrote/tattooed a message on his scalp. Once the hair fully grew in he sent the messenger on his way and when the messenger arrived to his destination he shaved his head and pointed it directly towards the receiver to read the message. It sounds so simple and easy, but in fact it is a brilliant idea and almost virtually impossible to figure out because no one would think to look there or even think of the idea in the first place. Other types of physical steganography included hidden messages on tablets covered with wax, hidden messages wrote in invisible ink on messenger’s bodies and special papers, and microdot images. These are all actual techniques used in past history; ranging from Ancient Greece to World War I and II. Microdots are actually very fascinating tools because they are images and texts compressed to the size of a period on a piece of paper, which can be seen with heavy duty magnifying glasses and telescopes. Physical steganography is a brilliant technique that has been around for a lot longer than people think and probably could be dated back further than historians could track. It’s amazing how simple a concept could be, but at the same time how much of an advantage it can have over ones enemies. These methods were extremely popular in both WWI and WWII and may have even helped win battles. It amazes me to see that this techniques are still be used today because they date back so far in our history, but new technologies and advancement have begun make physical steganography a technique of the past, with digital steganography becoming a powerful and common tool. I think that the future will only bring greater advancements in steganography and make it almost undetectable and undecipherable.
Tuesday, May 12, 2009
Print Books Are Target of Pirates on the Web
This is an interesting article that I found in the New York Times, published May 11, 2009. The article dives into the issue of copyright novels/books being released on the Internet without the authors permission, which is illegal. Like illegally downloaded music, ebooks are becoming more and more common as it is easier to access them from home and doesn't cost a cent. It is actually very easy to obtain these digitally pirated copies because websites such as Scribd and Wattpad make them readily available to anyone with access to a computer and the Internet. Internet users can also just go to google and type in books that they are interested in and will mostly likely find a digital copy somewhere on the Internet, whether it be part of the novel or the entire thing, users are still obtaining these ebooks without the authors permission. The author has put alot of hard work and effort into writing his or her novel and going through the trouble and expenses to publish it as well. This is becoming a concerning issue for many writers and publishers because they are losing out on money and essentially people are stealing there work, making it accessible to the cyber world for free. People are also gaining access to ebooks through file-sharing services like Rapidshare and MediaFire. Similar to programs such as Limewire and Napster for downloading music and movies. Many record companies and artists are losing a tremendous amount of money on these programs because it's easier to just download the music and its free. This is an ongoing issue that has developed into a problem over the past seven years or so and now illegally downloaded ebooks are becoming a concern. Many prominent publishing companies, such as John Wiley & Sons, known for their "Dummies" series, are hiring employees dedicated solely to searching the Internet for these unauthorized copies of books. They reported over 5,000 unauthorized titles in which they asked these websites to remove these digital versions of Wiley's books. Electronic reading devices such as the Kindle from Amazon and the Reader from Sony make it easier for hackers copy files. The unauthorized copies are uploaded as PDF's which can easily be emailed to one of these devices. New technologies and advancements are always going to pose problems within digital piracy. You can find almost anything you want on the Internet these days as it has become a vital part of people's lives, to the point where a majority of the world would freak out and go into a state of chaos if it ceased today. It is nearly impossible to remove all illegally downloaded music, ebooks, or any other digital files off the Internet because so many people are doing it and because there is so much out there. If I want any new cd I just go to Limwire and download it than transfer it to my Ipod, its that simple and it probably will become even easier as time goes on. Now that more and more books are becoming available digitally, the same problem will begin to develop and I don't see a solution in the near future.
Thursday, May 7, 2009
Wi-Fi to Go, No Cafe Needed
This is an interesting article that I found in the New York Time titled, Wi-Fi to Go, No Cafe Needed, which was published May 6, 2009. The article discusses a new product introduced by Verizon Wireless called the Novatel MiFi 2200. The Novatel MiFi 2200 is a mobile wireless hotspot, which will allow someone to surf the Internet from anywhere. The MiFi is about the thickness of three credit cards, very sleek and tiny. It has just a single power button and is obviously is a wireless device capable of holding a charge of 4 hours during use and 40 hours on standby.
Within 30 seconds of turning on the MiFi, an individual can enjoy access to the Internet from anywhere in the world. It's like a personal WiFi bubble or hotspot that follows you everywhere, within a 30 foot range. The MiFi will be available through Verizon in mid May for about $100 with a two year contract and an additional $40 to $60 a month for the service. Verizon customers can also buy a one day pass as they go, for about $15 for 24 hours, in which the MiFi then costs approximately $270. Many phone providers have similar devices, but they are much more costly and very slow. Many coffee shops, restaurants, and basically any public place these days are equipped with WiFi, but usually require a fee and somtimes even a password if you are trying to bum off someone Else's network. The MiFi converts the cellular Internet signal into an umbrella of WiFi coverage that up to 5 people can utilize. The password to access that signal is on the MiFi device itself so the all the individual has to do is give the other people the password and all are free to surf the Internet. Keep in mind that the more people downloading, the slower the speed of the Internet, but this is true for most networks let alone portable WiFi devices.
The MiFi is perfect for long road trips as one device can support a whole family. Kids and adults can use their ipod touches, iPhone, laptops, or any Internet capable device to surf the web from state to state. College students can use the MiFi in their dorm rooms, anywhere off campus, and during travel. Homes can even set up their primary Internet service through the MiFi as it is so reliable and cost efficient. The MiFi is a remarkable product, which can benefit anyone, kids looking to download some new tunes to those just looking to surf the web, maybe play some games to men and women on business trips. The MiFi's ability to operate without a power cord makes it that much more unique and beneficial. The MiFi is just a step in the direction that our future is heading towards, as new technological advances are discovered everyday.
Within 30 seconds of turning on the MiFi, an individual can enjoy access to the Internet from anywhere in the world. It's like a personal WiFi bubble or hotspot that follows you everywhere, within a 30 foot range. The MiFi will be available through Verizon in mid May for about $100 with a two year contract and an additional $40 to $60 a month for the service. Verizon customers can also buy a one day pass as they go, for about $15 for 24 hours, in which the MiFi then costs approximately $270. Many phone providers have similar devices, but they are much more costly and very slow. Many coffee shops, restaurants, and basically any public place these days are equipped with WiFi, but usually require a fee and somtimes even a password if you are trying to bum off someone Else's network. The MiFi converts the cellular Internet signal into an umbrella of WiFi coverage that up to 5 people can utilize. The password to access that signal is on the MiFi device itself so the all the individual has to do is give the other people the password and all are free to surf the Internet. Keep in mind that the more people downloading, the slower the speed of the Internet, but this is true for most networks let alone portable WiFi devices.
The MiFi is perfect for long road trips as one device can support a whole family. Kids and adults can use their ipod touches, iPhone, laptops, or any Internet capable device to surf the web from state to state. College students can use the MiFi in their dorm rooms, anywhere off campus, and during travel. Homes can even set up their primary Internet service through the MiFi as it is so reliable and cost efficient. The MiFi is a remarkable product, which can benefit anyone, kids looking to download some new tunes to those just looking to surf the web, maybe play some games to men and women on business trips. The MiFi's ability to operate without a power cord makes it that much more unique and beneficial. The MiFi is just a step in the direction that our future is heading towards, as new technological advances are discovered everyday.
Worm Infects Millions of Computers Worldwide
I found this article titled, Worm Infects Millions of Computers Worldwide, in the New York Times. It was written back on January 22, 2009, so it is about five months old, but the topic at hand is very interesting and has come up in recent discussions within our Sec/Mat 270 course.
The article is about the this recent malicious worm known as Conficker or Downadup. Conficker is a malicious software program which has effected corporate, educational, and public computer networks around the entire world and it's spreading like wildfire. It has spread so rapidly because of a vulnerability within Microsoft Windows, by guessing network passwords and by hand-carried consumer gadgets, such as USB drives. It has said to have infected over nine million personal computers around the world, and that was back in January. We recently saw the Conficker worm reappear about a month ago, but luckily enough the worm/virus did not cause much damage to computer networks around the country. The Conficker worm is such a threat to computer networks because it harnesses infected computers into unified systems called botnets, which ultimately can accept instructions from a "head master". These instructions are usually used to attempt malicious attacks and used for illegal use to obtain confidential information on someones personal computer or a corporate, educational, and/or public computer. The other bad thing about Conficker is the fact that it is very hard to tell whether or not your computer is infected, as the worm usually hides and operates in the background or "behind the scenes", using the infected computer to send spam and infect other computer's.
Researches said that Conficker was so successful and still can be successful because of the lax security measures taken by companies and individuals. Alot of people don't realize the effects that these malicious viruses and worms can have on ones computer and the information that is vulnerable. For example, about two months ago my Norton Anti-virus security program expired on my computer and I put off renewing the program for about one week. Not realizing the vulnerabilities I was subjecting my computer and network too, I got a really bad virus/spyware within just a matter of a week of having my computer not fully protected. It cost me over $100 to fix and two weeks of me not having a computer because the virus basically blocked me from the Internet. Luckily no personal information was stolen, as far as I know, but I will never again underestimate the power and malicious abilities of hackers today. Symantec is actually one of the security response teams that worked on the conficker worm and their services helped solve my virus/spyware as well. It is extremely vital that one always protects his or her computer at all times, as you could your confidential information can be exposed to the entire world in a matters of seconds.
The article is about the this recent malicious worm known as Conficker or Downadup. Conficker is a malicious software program which has effected corporate, educational, and public computer networks around the entire world and it's spreading like wildfire. It has spread so rapidly because of a vulnerability within Microsoft Windows, by guessing network passwords and by hand-carried consumer gadgets, such as USB drives. It has said to have infected over nine million personal computers around the world, and that was back in January. We recently saw the Conficker worm reappear about a month ago, but luckily enough the worm/virus did not cause much damage to computer networks around the country. The Conficker worm is such a threat to computer networks because it harnesses infected computers into unified systems called botnets, which ultimately can accept instructions from a "head master". These instructions are usually used to attempt malicious attacks and used for illegal use to obtain confidential information on someones personal computer or a corporate, educational, and/or public computer. The other bad thing about Conficker is the fact that it is very hard to tell whether or not your computer is infected, as the worm usually hides and operates in the background or "behind the scenes", using the infected computer to send spam and infect other computer's.
Researches said that Conficker was so successful and still can be successful because of the lax security measures taken by companies and individuals. Alot of people don't realize the effects that these malicious viruses and worms can have on ones computer and the information that is vulnerable. For example, about two months ago my Norton Anti-virus security program expired on my computer and I put off renewing the program for about one week. Not realizing the vulnerabilities I was subjecting my computer and network too, I got a really bad virus/spyware within just a matter of a week of having my computer not fully protected. It cost me over $100 to fix and two weeks of me not having a computer because the virus basically blocked me from the Internet. Luckily no personal information was stolen, as far as I know, but I will never again underestimate the power and malicious abilities of hackers today. Symantec is actually one of the security response teams that worked on the conficker worm and their services helped solve my virus/spyware as well. It is extremely vital that one always protects his or her computer at all times, as you could your confidential information can be exposed to the entire world in a matters of seconds.
Saturday, March 7, 2009
Do We Need a New Internet?
Recently I was reading an article in the New York Times titled, Do We Need a New Internet? The article was very disturbing and quite shocking to me. I am not much of a computer geek and I don't keep up with all the news that is surrounding the issue of Internet security and safety. After reading this article, I think that I definitely will as it is a major growing problem and getting worse as we speak. According to the article, the Internet is not as safe and secure as people think it is and it hasn't been for a long time if ever. The Internet is actually very vulnerable to millions of hackers and malicious software everyday and a lot of people, companies, businesses, and organizations are suffering as a result. Internet privacy has become a word of the past as most information, whether you want it to be private or not, is public and can be accessed with a few key strokes. The Internet has become so non-private and vulnerable that the only way to fix it it to start all over again. According to the article, a new Internet, like a "gated-community" needs to be established where people are going to have to give up certain cyber or Internet freedoms in return for safety.
Last year a malicious software program, Conficker, was unleashed by a criminal gaining in Eastern Europe, which penetrated the Internet and sidestepped past some of the world's best cyberdefenses. Like I said I don't know much about computers and hacking or malicious software, but it doesn't sound right that a criminal organization could bypass our Country's best security defense programs, leaving our Country completely vulnerable to anything. Conficker is such a powerful malicious software that it had the capability and could very well be used to shut off entire sections of the Internet. This is obviously a huge deal and could be so severe as to affect an individual citizen and entire businesses in performing the necessary tasks they need to survive as a company and remain successful. It essentially could cripple successful organizations and send millions of people into a state of panic and chaos. No one really knows what exactly could happen and the severity and damage this malicious software could cause or any malicious software for that matter. Last November our military networks proved vulnerable as well as they discovered that their network was purposely infected with software that may have permitted a devastating espionage attack. It's hard to believe that our military, using the most advanced and technological equipment known to man, can be hacked and vulnerable. These are the organizations whose main goal is to solely protect our country and our lives and yet they need to be protected. Scientists at Stanford are currently working on this problem and are trying to design a system to make it possible to slide a more advanced network quietly underneath today's Internet and it should be up and running by the end of the summer.
This is an issue that is not going to go away quietly and needs to be dealt with immediately and efficiently. Simply patching our existent Internet is too time consuming, costly, and just simply not worth it. The need for a new, highly secure Internet has arisen and arisen fast. Stanford, along with other organizations is working on building a new Internet with improved security and the capabilities to support a new generation of not yet invented Internet applications. Of course no matter what we do, the Internet will never be 100% secure, but we can sure as hell try and get as close to that number as possible. Reading this article really sparked my interest as to how vulnerable our country really is and I am sure millions of people like myself don't even realize it.
Last year a malicious software program, Conficker, was unleashed by a criminal gaining in Eastern Europe, which penetrated the Internet and sidestepped past some of the world's best cyberdefenses. Like I said I don't know much about computers and hacking or malicious software, but it doesn't sound right that a criminal organization could bypass our Country's best security defense programs, leaving our Country completely vulnerable to anything. Conficker is such a powerful malicious software that it had the capability and could very well be used to shut off entire sections of the Internet. This is obviously a huge deal and could be so severe as to affect an individual citizen and entire businesses in performing the necessary tasks they need to survive as a company and remain successful. It essentially could cripple successful organizations and send millions of people into a state of panic and chaos. No one really knows what exactly could happen and the severity and damage this malicious software could cause or any malicious software for that matter. Last November our military networks proved vulnerable as well as they discovered that their network was purposely infected with software that may have permitted a devastating espionage attack. It's hard to believe that our military, using the most advanced and technological equipment known to man, can be hacked and vulnerable. These are the organizations whose main goal is to solely protect our country and our lives and yet they need to be protected. Scientists at Stanford are currently working on this problem and are trying to design a system to make it possible to slide a more advanced network quietly underneath today's Internet and it should be up and running by the end of the summer.
This is an issue that is not going to go away quietly and needs to be dealt with immediately and efficiently. Simply patching our existent Internet is too time consuming, costly, and just simply not worth it. The need for a new, highly secure Internet has arisen and arisen fast. Stanford, along with other organizations is working on building a new Internet with improved security and the capabilities to support a new generation of not yet invented Internet applications. Of course no matter what we do, the Internet will never be 100% secure, but we can sure as hell try and get as close to that number as possible. Reading this article really sparked my interest as to how vulnerable our country really is and I am sure millions of people like myself don't even realize it.
Friday, February 13, 2009
Sales Guy v. Web Guy
This video is actually quite amusing and worth the 10 minutes out of any one's busy schedule even if you are not much of a computer guys, as I am. One of the first policy violations that I noticed while watching the clip was the users misuse of the computer by downloading and playing video games. Company policies usually state that employees are not to use the computers for anything non-work related, basically referring to surfing the web, but especially not playing halo at work. This poses as a distraction to the employee, as it was in the clip and I am not sure or not, but I think downloaded software such as these games can unleash viruses or malware into the computer posing a potential security threat.
Another policy violation, is when chip asks the user to reboot the server because that's what they did yesterday. And the guy actually reboots it for him without even verifying who hes talking to, what department, or anything that could validate him being a legitimate employee. The user who rebooted the server should have known better and at least asked for some credentials or checked with his boss, who would have told him not to reboot the server because they then need to power off to boot it on. After the web guy reboots the server he then gets yelled at from his boss because he sent an email out clearly explaining not to. So web guy goes into his bosses sent mailbox on his work email and deletes the message so it looks like he never sent it to web guy. This is basically non-repudiation, which is the concept of ensuring that a party in a dispute cannot repudiate, or refute the validity of a statement or contract. Web guy also shows a lack of integrity here and is not a trustworthy employee. Web guy is violating company policies and breaching the security system by accessing other user's emails. This is a major violation and he could potentially be fired for performing something like this if he were to get caught. There must be some way security program to block employees from doing this otherwise this would be a recurring incident and a major problem. And on top of it all, web guy blames the sales guy for the whole mess because he told him to reboot the system in the first place.
I noticed that when web guy sent someone down to the server room to physically reboot the server he was reviewing the security cameras. I am not sure what company policy is or who is suppose to review the cameras, but I know that where I work the only employees allowed access camera footage is the security department and of course the top executives. If I remember correctly, web guy is neither and I don't think he should have access or be reviewing those cameras. He might have access or he might be hacking into the security system to see the cameras, which I am sure is against company policy, a security breach, and maybe even a computer crime.
One last policy/security violation that I noticed was the web guys violation of confidentiality and authorization when he signed onto, chip, the sales guy's computer desktop. First of all the sales guy was stupid enough to give web guy his password and asset key, but web guy should have never asked him for it in the first place. He has no right to observe whats on his desktop and its not up to him to determine what right and wrong considering all of the policy violations that he committed in only 10 minutes. Web guy then access sales guy's desktop from his and proceeds to close out programs, open programs, mess with sales guy's icons and even manages to take a picture of his desktop, which I find to be a huge security violation. He could essentially take pictures of all his data and send them to anywhere, which I didn't even know was possible. Every viewing this clip it's actually pretty cool to see how amazing some people really are with these computers and the extremes that they are capable of. I am sure that this may be baby stuff compared to real computer geniuses, but this is astonishing to me and very interesting. This goes to show you that you can't trust any employee and that a secure computer security system must be priority within any company if that organization wants to keep information confidential and remain successful.
Another policy violation, is when chip asks the user to reboot the server because that's what they did yesterday. And the guy actually reboots it for him without even verifying who hes talking to, what department, or anything that could validate him being a legitimate employee. The user who rebooted the server should have known better and at least asked for some credentials or checked with his boss, who would have told him not to reboot the server because they then need to power off to boot it on. After the web guy reboots the server he then gets yelled at from his boss because he sent an email out clearly explaining not to. So web guy goes into his bosses sent mailbox on his work email and deletes the message so it looks like he never sent it to web guy. This is basically non-repudiation, which is the concept of ensuring that a party in a dispute cannot repudiate, or refute the validity of a statement or contract. Web guy also shows a lack of integrity here and is not a trustworthy employee. Web guy is violating company policies and breaching the security system by accessing other user's emails. This is a major violation and he could potentially be fired for performing something like this if he were to get caught. There must be some way security program to block employees from doing this otherwise this would be a recurring incident and a major problem. And on top of it all, web guy blames the sales guy for the whole mess because he told him to reboot the system in the first place.
I noticed that when web guy sent someone down to the server room to physically reboot the server he was reviewing the security cameras. I am not sure what company policy is or who is suppose to review the cameras, but I know that where I work the only employees allowed access camera footage is the security department and of course the top executives. If I remember correctly, web guy is neither and I don't think he should have access or be reviewing those cameras. He might have access or he might be hacking into the security system to see the cameras, which I am sure is against company policy, a security breach, and maybe even a computer crime.
One last policy/security violation that I noticed was the web guys violation of confidentiality and authorization when he signed onto, chip, the sales guy's computer desktop. First of all the sales guy was stupid enough to give web guy his password and asset key, but web guy should have never asked him for it in the first place. He has no right to observe whats on his desktop and its not up to him to determine what right and wrong considering all of the policy violations that he committed in only 10 minutes. Web guy then access sales guy's desktop from his and proceeds to close out programs, open programs, mess with sales guy's icons and even manages to take a picture of his desktop, which I find to be a huge security violation. He could essentially take pictures of all his data and send them to anywhere, which I didn't even know was possible. Every viewing this clip it's actually pretty cool to see how amazing some people really are with these computers and the extremes that they are capable of. I am sure that this may be baby stuff compared to real computer geniuses, but this is astonishing to me and very interesting. This goes to show you that you can't trust any employee and that a secure computer security system must be priority within any company if that organization wants to keep information confidential and remain successful.
Thursday, February 5, 2009
Heartland Payment Systems Security Breach
Heartland Payment Systems is a nationwide company that is responsible for processing millions of payments a day, ranging from credit/debit cards to payroll and checks. Heartland caters to a variety of industries such as, the restaurant industry, lodging and hospitality, university campuses, the retail industry, and many more. Heartland allows for these companies to provide their customers with the best possible business solutions and at their convenience. Heartland helps to navigate companies through the complexities of payment transactions so they can focus on running a successful business and not have to worry about the issues and problems that can arise.
Unfortunately, Heartland had a recent security breach in 2008, which was officially disclosed to the public on January 20, 2009. The data breach could possibly be one of the largest data breaches ever reported as Heartland is responsible for more than 250,000 businesses and has estimated to handle over 100 million transactions a month. No one knows how many businesses or cards were affected because Heartland has not yet released that information, but my guess is that a majority of Heartland's customers if not all were exposed and someone now has all their information. It was a couple of months before anybody even noticed that some kind of malicious software was planted in the company's payment processing network so I'm sure the perpetrator got more then enough credit card information. According to Heartland's President and CFO, Robert Baldwin, the exposed data consisted of names, credit and debit card numbers and expiration dates. The exposed data did not include cardholder social security numbers, PIN numbers, and addresses or telephone numbers, but when you think about it, if you have someone credit care information and name then you could easily find out their address and telephone number. And I am sure that the people behind this breach can easily obtain their socials with the information they have and their extensive computer knowledge. The data stolen was information encoded on the magnetic stripes on the back of debit/credit cards, which gives the perpetrators the ability to forge counterfeit cards by imprinting that same information on a fake card. Apparently, according to a breach forensic team and the U.S. Secret Service, the malicious software was some type of keylogger malware, which captures and records keystrokes on a computer, such as names and passwords. Once the keylogger malware penetrated the systems firewall, it sent out something called a sniffer which captures not only key strokes, but entire data packets passing over their digital network. Just researching keyloggers on google, it seems as if they are not hard to purchase and apparently they are widely available on the Internet. You can purchase keyboards that have the system set up already or purchase the part and software to install in the keyboard so anyone could be capable of pulling of a security breach. Whether or not this person was an insider, I'm not really sure, anyone with access to Heartland's facilities could have planted the device. It only takes a few seconds to do. A vendor could be responsible or maybe a disgruntled employee looking for revenge. I think that social engineering could have played a part in the security breach but at the same time if it was an inside job then there would be no need to trick or manipulate that person into giving you valuable information because you have access to the building and the computers. Maybe you don't have access to the specific department or network where the malware was originally found so social engineering might have been used in that case. This is a very unfortunate event that occurred to Heartland Payment Systems but at the same time it is a huge wake up call that could eventually benefit the company in the future. Since the finding of the data breach, Heartland has made an attempt to safeguard against further data breaches in the future by implementing encryption to protect data passing over the network, reached out to other merchants and companies to inform them of the data breach and what they are doing to prevent it from happening again. Over 400 new clients have joined Heartland Payment Systems since the breach so obviously Heartland Systems is taking the necessary steps to ensure their customers trust and safety.
Unfortunately, Heartland had a recent security breach in 2008, which was officially disclosed to the public on January 20, 2009. The data breach could possibly be one of the largest data breaches ever reported as Heartland is responsible for more than 250,000 businesses and has estimated to handle over 100 million transactions a month. No one knows how many businesses or cards were affected because Heartland has not yet released that information, but my guess is that a majority of Heartland's customers if not all were exposed and someone now has all their information. It was a couple of months before anybody even noticed that some kind of malicious software was planted in the company's payment processing network so I'm sure the perpetrator got more then enough credit card information. According to Heartland's President and CFO, Robert Baldwin, the exposed data consisted of names, credit and debit card numbers and expiration dates. The exposed data did not include cardholder social security numbers, PIN numbers, and addresses or telephone numbers, but when you think about it, if you have someone credit care information and name then you could easily find out their address and telephone number. And I am sure that the people behind this breach can easily obtain their socials with the information they have and their extensive computer knowledge. The data stolen was information encoded on the magnetic stripes on the back of debit/credit cards, which gives the perpetrators the ability to forge counterfeit cards by imprinting that same information on a fake card. Apparently, according to a breach forensic team and the U.S. Secret Service, the malicious software was some type of keylogger malware, which captures and records keystrokes on a computer, such as names and passwords. Once the keylogger malware penetrated the systems firewall, it sent out something called a sniffer which captures not only key strokes, but entire data packets passing over their digital network. Just researching keyloggers on google, it seems as if they are not hard to purchase and apparently they are widely available on the Internet. You can purchase keyboards that have the system set up already or purchase the part and software to install in the keyboard so anyone could be capable of pulling of a security breach. Whether or not this person was an insider, I'm not really sure, anyone with access to Heartland's facilities could have planted the device. It only takes a few seconds to do. A vendor could be responsible or maybe a disgruntled employee looking for revenge. I think that social engineering could have played a part in the security breach but at the same time if it was an inside job then there would be no need to trick or manipulate that person into giving you valuable information because you have access to the building and the computers. Maybe you don't have access to the specific department or network where the malware was originally found so social engineering might have been used in that case. This is a very unfortunate event that occurred to Heartland Payment Systems but at the same time it is a huge wake up call that could eventually benefit the company in the future. Since the finding of the data breach, Heartland has made an attempt to safeguard against further data breaches in the future by implementing encryption to protect data passing over the network, reached out to other merchants and companies to inform them of the data breach and what they are doing to prevent it from happening again. Over 400 new clients have joined Heartland Payment Systems since the breach so obviously Heartland Systems is taking the necessary steps to ensure their customers trust and safety.
Subscribe to:
Posts (Atom)