By ADuch -

We can all agree that shopping during the holidays can get pretty hectic – so hectic that we dread making that trip to the mall, finding a parking space, and waiting in line to checkout. To avoid all of this, more and more consumers are shopping online during the holiday season. According to a report by comScore, “Online shopping around the holidays has increased 10 percent since the same time in 2010, to around $30.9 billion dollars spent thus far this season.”

In this season alone, four specific days have generated over $1 billion in spend each. This number obviously shows that online shopping is a solution for many consumers during the holiday season. Although this is great, many consumers probably don’t know that over $10 million of an expected $60 billion in sales will be stolen by cyber criminals this year.

You’re probably asking yourself, how do I avoid being targeted? It starts off with the simple things. You should always visit websites directly, use internet security software, and always check a site’s URL. Become a smart consumer and be aware of what site you visit and what links you click on.

To learn more about this report and what’s happening this holiday season, click here.

By DCarmody -

The Department of Homeland Security (DHS) and the FBI are investigating the events surrounding the security breach of an Illinois water plant’s computer system that damaged a water pump last week. Officials have traced the logs back to an IP address in Russia, which would make this event the first “foreign cyber attack on a US utility”, according to an article on Gizmodo.

The hacker gained access to the database of credentials managed by a vendor that provides technical support for the water plant, and used information taken from that database to remotely turn the water pump on and off, damaging the pump.

Service to the plant’s customers was not interrupted, and no one was hurt as a result of the attack.  The bigger issue is the vulnerability of such systems, and the possibility of larger cyber attacks on similar infrastructure.

Although the DHS says “…there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety”,  the fact that it did happen from a computer halfway across the world is alarming.  This is just a small example that reiterates the need for sensitive systems to have the highest security and resistance to infiltration possible to protect against cyber attacks.

Here’s the link to the story on CNN, and the followup over at Gizmodo.

By ADuch -

With the year winding down, more breaches and attacks have surfaced and made headline news. To solve this issue, companies should tighten up their security and be more cautious of their surroundings and how they transfer valuable data. Losing personal and/or sensitive data and having it in the wrong hands can crumble a company. Therefore, it is extremely important to enforce and follow all security practices at all times.

In recent news, another major corporation has reported it was the target of a cyber attack. On November 3, 2011, Adidas became aware of the attack and immediately took action. They took down any site that was affected, left a message apologizing to their users, and then added in data security measures to their websites.

Some of the websites that were taken down include adidas.com, reebok.com, miCoach.com, adidas-group.com, and several other local ecommerce shops. Although all these sites were affected, there was no evidence shown of any stolen data.

Following the attack, Adidas left a message. “Nothing is more important to us than the privacy and security of our consumers’ personal data. We appreciate your understanding and patience during this time.”

To read the full story and learn more about the cyber attack on Adidas, visit UK’s ITPro.

http://www.itpro.co.uk/637204/cyber-attack-drives-adidas-websites-offline

By ADuch -

Today, social media plays a major role for many individuals and firms. The rise of social media has changed the way individuals and firms communicate, and it continues to change and grow each year. However, because of the increasing number of users in each outlet, users become vulnerable to attacks and malicious content on the Internet.

In recent news, Facebook has agreed to partner up with Websense, Inc. to protect Facebook users from potential online threats and content. Facebook chose Websense because “Websense has been analyzing and classifying the Internet for more than 15 years, and now all Facebook users will be protected by the same core technology.” This technology is their Websense ThreatSeeker Cloud which will be used as Facebook’s new security service. This platform will ultimately identify any malware and prevent any data loss by analyzing anything that might potentially be harmful to Facebook users.

With the addition of this new platform, Facebook users are now protected and aware of any potentially harmful links. If a user clicks on a link, it will go through the Websense database and warn the user if they have stumbled upon anything threatening.

Here’s more on the partnership between Facebook and Websense:

http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/231700073/facebook-and-websense-partner-to-protect-users-from-malicious-links.html

By ADuch -

In the past, hackers such as LulzSec have become responsible for high profile attacks. Although some of these hackers have called it quits, their work has become an inspiration to many other hackers. Today, a new hacker has made his mark.

Comodohacker, a 21 year old Iranian student, tapped into roughly 300,000 Iranian Gmail accounts this summer, prompting Google to warn the entire country. Unlike LulzSec and many other hackers, he’s not doing it for kicks and giggles. He’s doing it for his country and the Iranian government.

In an email exchange with The New York Times, Comodohacker explains his motives for the hack:

“My country should have control over Google, Skype, Yahoo, etc.,” he said by e-mail. “I’m breaking all encryption algorithms and giving power to my country to control all of them.”

With motives like these, Comodohacker is definitely dangerous. This should be a wake-up call for many individuals and major internet firms.

The 21 year old software engineer also claimed he was responsible for the breach of Comodo, the attack on Dutch company DigiNotar and an intrusion in GlobalSign’s website.

Read the full story at NYTImes.com and learn more about Comodohacker:

http://www.nytimes.com/2011/09/12/technology/hacker-rattles-internet-security-circles.html?pagewanted=1&_r=1

By Erik Small -

In our world of file transfer, security and encryption are paramount to properly protecting data. Some unfortunate security news has hit the wire regarding Dropbox, an online file storage and file sharing service.

Similar to FTP, Dropbox files are stored and encrypted with AES-256 and transmission of data occurs over an encrypted channel, like SSL.

The unfortunate part of this story is the major failure to limit access into each user’s account.
Wired.com reported:
“Dropbox did the unthinkable Sunday — it allowed anyone in the world to access
any one of its 25 million customers’ online storage lockers — simply by typing
in any password.”

Read the full story from Wired.com regarding the Dropbox security breach:

http://www.wired.com/threatlevel/2011/06/dropbox/

By Erik Small -

A quick follow-up on the Sony security breach. Ipswitch File Transfer’s Frank Kenney, VP of Global Security, offered solid advice in this NY Times article on the Sony breach:
“These attacks are a combination of Sony’s lax security and a
number of groups being very vigilant about breaking in to show how powerful
they can be,” explained Frank Kenney, vice president of global security at
Ipswitch, a company used to securely transfer files online. “What Sony has to
do is re-examine their entire security system including the type of code they
are using and the type of servers; they have to acknowledge that their brand is
at stake.”

Mr. Kenney said that no server was impervious to hackers, but a
company like Sony, with millions of credit cards and users’ personal
information on file, had a responsibility to ensure protection “equivalent to
the Department of Homeland Security’s servers is in place.” He said that the
fact that dozens of Sony Web sites and servers had been breached indicated it
was clearly a companywide problem.

“Any type of environment can be breached, but Sony has to come up
with a plan that not only protects their infrastructure, but also convinces
their customers that their credit cards and personal information is safe,” Mr.
Kenney said.

By Erik Small -

If you haven’t already heard, email marketing firm Epsilon fell victim to a security breach. The company manages millions of email addresses and campaigns for a long list of clients…like Walgreens, Target, Best Buy, Brookstone and many other big names. We don’t have details on the exact method or failure point of the security breach, but this sort of news perks our ears at FileTransferPlanet.
Read the latest post regarding the Epsilon security breach from Ipswitch’s Hugh Garber.

By Erik Small -

Ipswitch just released WS_FTP Server 7.5.1, a new version of their secure file transfer server software line.  WS_FTP Server can now be deployed in a failover configuration to achieve high availability for increased uptime and reliability.

The new update also introduces:

• Multiple SSH keys per authenticated user: A single user may now authenticate with two, three, or more different SSH client keys, allowing for multi-factor authentication without the administrative hassle of key replication and coordination.
• New operating system support: Microsoft 64-bit only “R2” operating systems in English & German.  We also now support Microsoft Windows Server 2008 in German.

Read more about the latest version of WS_FTP Server from Ipswitch!

By Erik Small -

Our parent company, Ipswitch, just released a maturity model that displays the different stages of file transfer processes.

It’s a great resource for IT Directors & Managers if they are trying to understand which solution and functionality might best fit their IT Project if it relates to FTP, moving large files, or securing data during transfers from location to location.

Take a look and bookmark it!

Ipswitch File Transfer Launches Managed File Transfer Maturity Model

http://www.ipswitchft.com/Company/news.aspx?pressid=180