Have you ever accidentally mistyped a recipient’s email address and sent information to the wrong person? If so, you may want to double check what you send and to whom you’re sending it to.
In a recent post on gizmodo.com, two researchers were able to grab 20 gigabytes worth of data from Fortune 500 companies in a span of six months. The researchers set up doppelganger domains to mimic legitimate domains that belonged to Fortune 500 companies. Doppelganger domains are domains that are spelled almost identically to legitimate domains. Therefore, users are vulnerable to email interception when they mistype a recipient’s email address.
To test the vulnerability of a few Fortune 500 firms, the researchers set up 30 doppelganger accounts to see what they would come up with. To their surprise, the accounts they set up attracted 120,000 emails in their six month experiment. Within these emails, the researchers received employee usernames and passwords, trade secrets, employee personal data and contracts for business transactions.
Out of the 30 doppelganger accounts, only one firm noticed what was going on once they registered the domain. Also, out of the 120,000 emails they received, only two senders recognized their mistake.
As you can see, the two researchers were able to grab a ton of valuable information in a short span of time. This information can be extremely harmful to an individual and/or company if an attacker got his/her hands on it. For future notice, please be careful when sending out emails.
For more on this story, follow gizmodo and their latest posts on Security:
In the past, hackers such as LulzSec have become responsible for high profile attacks. Although some of these hackers have called it quits, their work has become an inspiration to many other hackers. Today, a new hacker has made his mark.
Comodohacker, a 21 year old Iranian student, tapped into roughly 300,000 Iranian Gmail accounts this summer, prompting Google to warn the entire country. Unlike LulzSec and many other hackers, he’s not doing it for kicks and giggles. He’s doing it for his country and the Iranian government.
In an email exchange with The New York Times, Comodohacker explains his motives for the hack:
“My country should have control over Google, Skype, Yahoo, etc.,” he said by e-mail. “I’m breaking all encryption algorithms and giving power to my country to control all of them.”
With motives like these, Comodohacker is definitely dangerous. This should be a wake-up call for many individuals and major internet firms.
The 21 year old software engineer also claimed he was responsible for the breach of Comodo, the attack on Dutch company DigiNotar and an intrusion in GlobalSign’s website.
Read the full story at NYTImes.com and learn more about Comodohacker:
In a new report from Ipswitch, findings revealed that employees are using risky workarounds to share information and avoid corporate information-sharing roadblocks:
Personal Email: 60 percent of individuals said they use personal email to send sensitive files because their company systems hinder productivity, a major compliance and security risk. And 50 percent of those people admitted to using personal email as a means to hide sensitive information from management.
Remote Devices: Employees are also relying on remote devices – like USB drives and smart phones – to transfer information that can’t be handled by corporate systems. More than 25 percent of employees have lost a USB drive containing confidential information. Even worse: Out of that 25 percent, 40 percent said they did not report the lost device to the IT department.
In our world of file transfer, security and encryption are paramount to properly protecting data. Some unfortunate security news has hit the wire regarding Dropbox, an online file storage and file sharing service.
Similar to FTP, Dropbox files are stored and encrypted with AES-256 and transmission of data occurs over an encrypted channel, like SSL.
The unfortunate part of this story is the major failure to limit access into each user’s account.
Wired.com reported:
“Dropbox did the unthinkable Sunday — it allowed anyone in the world to access
any one of its 25 million customers’ online storage lockers — simply by typing
in any password.”
A quick follow-up on the Sony security breach. Ipswitch File Transfer’s Frank Kenney, VP of Global Security, offered solid advice in this NY Times article on the Sony breach:
“These attacks are a combination of Sony’s lax security and a
number of groups being very vigilant about breaking in to show how powerful
they can be,” explained Frank Kenney, vice president of global security at
Ipswitch, a company used to securely transfer files online. “What Sony has to
do is re-examine their entire security system including the type of code they
are using and the type of servers; they have to acknowledge that their brand is
at stake.”
Mr. Kenney said that no server was impervious to hackers, but a
company like Sony, with millions of credit cards and users’ personal
information on file, had a responsibility to ensure protection “equivalent to
the Department of Homeland Security’s servers is in place.” He said that the
fact that dozens of Sony Web sites and servers had been breached indicated it
was clearly a companywide problem.
“Any type of environment can be breached, but Sony has to come up
with a plan that not only protects their infrastructure, but also convinces
their customers that their credit cards and personal information is safe,” Mr.
Kenney said.
We often talk about security on File Transfer Planet. How could we not? Beyond traditional FTP, there are many highly-secure solutions leveraging the core function of FTP. News of a significant data breach involving Sony is taking shape this week.
A lawsuit has been filed against Sony as news coverage expands around what possibly could be a larger security breach than TJX’s unfortunate breach in 2007.
The breach may involve roughly 75 million Sony PlayStation Network customers — billing addresses, usernames/passwords, email addresses, birthdays, and transaction histories.
If you haven’t already heard, email marketing firm Epsilon fell victim to a security breach. The company manages millions of email addresses and campaigns for a long list of clients…like Walgreens, Target, Best Buy, Brookstone and many other big names. We don’t have details on the exact method or failure point of the security breach, but this sort of news perks our ears at FileTransferPlanet.
Read the latest post regarding the Epsilon security breach from Ipswitch’s Hugh Garber.
Wow. An incredible stat for the security market in 2010.
On many levels of FTP or file transfer, this is a staggering number of instances. What file transfer processes are being used to avoid a security breach in your small, medium or large business environment?
Check out the Knowledge Transfer blog on Ipswitch File Transfer’s corporate site for more on security breaches in 2010.
Malicious attacks still account for more breaches than human error, with hacking at 17% and insider theft at 15%
39% of listed breaches did not identify the cause — Indicating a clear lack of transparency and full reporting to the public
49% of breaches did not list number of potentially exposed records — A clear sign of inaccuracy and incompleteness of reporting
62% of breaches reported exposure of Social Security Numbers
Yes, we’re talking about a space laboratory and WS_FTP.
The European Columbus laboratory, located on the International Space Station (ISS), has selected Ipswitch’s file transfer solutions. This is really exciting for WS_FTP. The European Columbus laboratory will be using
WS_FTP to securely transfer scientific data from the space laboratory to Earth. The scale of the processes the laboratory will be using is also amazing. Each experimental cycle is anticipated to generate hundreds of megabytes of data for which WS_FTP Professional will be used to securely transfer in and from space.
Formerly FTPplanet.com, we have redesigned and relaunched as FileTransferPlanet.com, a community site for discussions about file transfer, web design, software deals, and other cool topics! Registration is free -- Post a question in the Discussion Forums or comment on any blog posts.
Tuesday, September 20, 2011
1
