By ADuch -

We can all agree that shopping during the holidays can get pretty hectic – so hectic that we dread making that trip to the mall, finding a parking space, and waiting in line to checkout. To avoid all of this, more and more consumers are shopping online during the holiday season. According to a report by comScore, “Online shopping around the holidays has increased 10 percent since the same time in 2010, to around $30.9 billion dollars spent thus far this season.”

In this season alone, four specific days have generated over $1 billion in spend each. This number obviously shows that online shopping is a solution for many consumers during the holiday season. Although this is great, many consumers probably don’t know that over $10 million of an expected $60 billion in sales will be stolen by cyber criminals this year.

You’re probably asking yourself, how do I avoid being targeted? It starts off with the simple things. You should always visit websites directly, use internet security software, and always check a site’s URL. Become a smart consumer and be aware of what site you visit and what links you click on.

To learn more about this report and what’s happening this holiday season, click here.

By DCarmody -

The Department of Homeland Security (DHS) and the FBI are investigating the events surrounding the security breach of an Illinois water plant’s computer system that damaged a water pump last week. Officials have traced the logs back to an IP address in Russia, which would make this event the first “foreign cyber attack on a US utility”, according to an article on Gizmodo.

The hacker gained access to the database of credentials managed by a vendor that provides technical support for the water plant, and used information taken from that database to remotely turn the water pump on and off, damaging the pump.

Service to the plant’s customers was not interrupted, and no one was hurt as a result of the attack.  The bigger issue is the vulnerability of such systems, and the possibility of larger cyber attacks on similar infrastructure.

Although the DHS says “…there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety”,  the fact that it did happen from a computer halfway across the world is alarming.  This is just a small example that reiterates the need for sensitive systems to have the highest security and resistance to infiltration possible to protect against cyber attacks.

Here’s the link to the story on CNN, and the followup over at Gizmodo.

By ADuch -

With Black Friday and Cyber Monday a little over a week away, people are patiently waiting to get their shopping fix. Last year, an estimated 100 million consumers spent $1 billion on Cyber Monday. Although these numbers are remarkably high, most people don’t know that roughly 75% of all consumers are worried about online fraud.

To get a better understanding of this, ThreatMetrix (an online fraud prevention company) and the Ponemon Institute (a data-security research firm) conducted a joint study. Based on their research, they reported that 26% of all consumers are seriously worried about being scammed while shopping online. In addition to this, another 53% of all consumers had some concerns for the same thing. To top it off, their study showed that 43% of their respondents were affected by online fraud at some point in their life!

This fully explains why people are so worried. According to Alisdair Falkner, chief products officer at ThreatMetrix, “Credit card fraud and identity theft are so common in today’s society that it would be unusual to find a family in the U.S. today that has not been affected. People are worried about fraud in online transactions, primarily because they don’t have visibility or transparency into how safely their information is being stored or potentially used downstream.”

Even though Falkner is right, most people will still participate in online shopping. The best way to prepare for Cyber Monday and to make sure you’re not a victim of online fraud is to be careful when shopping online. Take some time to look things over before purchasing right away. Make sure the website you visit is fully secure (this can be seen by the “https” and/or green lock in the address bar) and do what you can to increase your knowledge on online security.

To read more about the study or to get more tips on safe shopping while surfing, please click here: http://www.securitynewsdaily.com/online-shopping-safety-tips-1244/

By ADuch -

With the year winding down, more breaches and attacks have surfaced and made headline news. To solve this issue, companies should tighten up their security and be more cautious of their surroundings and how they transfer valuable data. Losing personal and/or sensitive data and having it in the wrong hands can crumble a company. Therefore, it is extremely important to enforce and follow all security practices at all times.

In recent news, another major corporation has reported it was the target of a cyber attack. On November 3, 2011, Adidas became aware of the attack and immediately took action. They took down any site that was affected, left a message apologizing to their users, and then added in data security measures to their websites.

Some of the websites that were taken down include adidas.com, reebok.com, miCoach.com, adidas-group.com, and several other local ecommerce shops. Although all these sites were affected, there was no evidence shown of any stolen data.

Following the attack, Adidas left a message. “Nothing is more important to us than the privacy and security of our consumers’ personal data. We appreciate your understanding and patience during this time.”

To read the full story and learn more about the cyber attack on Adidas, visit UK’s ITPro.

http://www.itpro.co.uk/637204/cyber-attack-drives-adidas-websites-offline

By ADuch -

Many companies in 2011 have been hit by high level attacks and breaches by malicious hackers. How are these organizations being targeted, and how are hackers penetrating their networks? It all starts with the lack of security awareness by individuals at a company.

In a recent article by Computer Weekly, Lieberman Software conducted a survey with 300 international IT professionals. The survey showed that:

• 50% of the respondents have worked for a company that have not changed their privileged passwords
• 50% of the respondents have worked for a company that have had its computer networks breached
• 42% of the respondents were aware that an IT staff was sharing passwords with others and giving them access to several systems
• 26% of the respondents knew of an IT staff abusing a privileged login to gain access to sensitive data

These results show that senior management need to enforce and pay attention to basic IT security practices. This means to constantly change passwords when you can, and to limit and/or lock down access to any systems that carry sensitive data. These little things will increase security and help keep hackers away.

Read the full story at ComputerWeekly.com and get more stats from the survey.

http://www.computerweekly.com/Articles/2011/10/18/248187/Password-chaos-linked-to-network-breaches-survey-finds.htm

By ADuch -

Today, social media plays a major role for many individuals and firms. The rise of social media has changed the way individuals and firms communicate, and it continues to change and grow each year. However, because of the increasing number of users in each outlet, users become vulnerable to attacks and malicious content on the Internet.

In recent news, Facebook has agreed to partner up with Websense, Inc. to protect Facebook users from potential online threats and content. Facebook chose Websense because “Websense has been analyzing and classifying the Internet for more than 15 years, and now all Facebook users will be protected by the same core technology.” This technology is their Websense ThreatSeeker Cloud which will be used as Facebook’s new security service. This platform will ultimately identify any malware and prevent any data loss by analyzing anything that might potentially be harmful to Facebook users.

With the addition of this new platform, Facebook users are now protected and aware of any potentially harmful links. If a user clicks on a link, it will go through the Websense database and warn the user if they have stumbled upon anything threatening.

Here’s more on the partnership between Facebook and Websense:

http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/231700073/facebook-and-websense-partner-to-protect-users-from-malicious-links.html

By DCarmody -

In the wake of the 2010 Wikileaks controversy, the United States Congress ordered the Office of the Director of National Intelligence to conduct an audit of all the security clearances granted by the US Government.   The results were surprising to some.  A total of 4.2 million people – which the Washington Post notes “rivals the population of metropolitan Washington” – have active security clearances to access government-classified data.

Although we’re just learning of this report, the numbers are dated to October 2010, which means this number has most likely grown over the past 11 months.  It also dwarfs some experts’ expected numbers, raising some concerns about the security of our nation’s important data.

Others don’t think this number is high – and argue that it is a result of increased Government secrecy in the recent years.  Additionally, figuring all military personnel and the entire workforces of the FBI and CIA agencies will have some level of clearance, the number seems much more palatable.

Regardless of the number, the security of our government’s most important and sensitive data should be very closely monitored. As technology has made accessing data exponentially more efficient and immediate, the safety and security of the transfer and storage of this sensitive data should be of top priority.

Read the full article and comments favoring both sides over at the Huffington Post: http://www.huffingtonpost.com/2011/09/20/security-clearances-government-classified-information_n_972492.html

By ADuch -

Have you ever accidentally mistyped a recipient’s email address and sent information to the wrong person? If so, you may want to double check what you send and to whom you’re sending it to.

In a recent post on gizmodo.com, two researchers were able to grab 20 gigabytes worth of data from Fortune 500 companies in a span of six months. The researchers set up doppelganger domains to mimic legitimate domains that belonged to Fortune 500 companies. Doppelganger domains are domains that are spelled almost identically to legitimate domains. Therefore, users are vulnerable to email interception when they mistype a recipient’s email address.

To test the vulnerability of a few Fortune 500 firms, the researchers set up 30 doppelganger accounts to see what they would come up with. To their surprise, the accounts they set up attracted 120,000 emails in their six month experiment. Within these emails, the researchers received employee usernames and passwords, trade secrets, employee personal data and contracts for business transactions.

Out of the 30 doppelganger accounts, only one firm noticed what was going on once they registered the domain. Also, out of the 120,000 emails they received, only two senders recognized their mistake.

As you can see, the two researchers were able to grab a ton of valuable information in a short span of time. This information can be extremely harmful to an individual and/or company if an attacker got his/her hands on it. For future notice, please be careful when sending out emails.

For more on this story, follow gizmodo and their latest posts on Security:

http://gizmodo.com/5838708/how-researchers-stole-20-gb-of-e+mail-from-fortune-500-companies

By ADuch -

In the past, hackers such as LulzSec have become responsible for high profile attacks. Although some of these hackers have called it quits, their work has become an inspiration to many other hackers. Today, a new hacker has made his mark.

Comodohacker, a 21 year old Iranian student, tapped into roughly 300,000 Iranian Gmail accounts this summer, prompting Google to warn the entire country. Unlike LulzSec and many other hackers, he’s not doing it for kicks and giggles. He’s doing it for his country and the Iranian government.

In an email exchange with The New York Times, Comodohacker explains his motives for the hack:

“My country should have control over Google, Skype, Yahoo, etc.,” he said by e-mail. “I’m breaking all encryption algorithms and giving power to my country to control all of them.”

With motives like these, Comodohacker is definitely dangerous. This should be a wake-up call for many individuals and major internet firms.

The 21 year old software engineer also claimed he was responsible for the breach of Comodo, the attack on Dutch company DigiNotar and an intrusion in GlobalSign’s website.

Read the full story at NYTImes.com and learn more about Comodohacker:

http://www.nytimes.com/2011/09/12/technology/hacker-rattles-internet-security-circles.html?pagewanted=1&_r=1

By Erik Small -

With the growing number of ‘devices’ available to us, the number of ways we can connect and share information is ever increasing.

Here is a great read from the Knowledge Transfer blog at Ipswitch File Transfer (the Planet’s parent company).

Information Sharing Wake-Up Call: Customers Now Pushing Organizations to Reconsider How They Transfer Sensitive Files

In a new report from Ipswitch, findings revealed that employees are using risky workarounds to share information and avoid corporate information-sharing roadblocks:

• Personal Email: 60 percent of individuals said they use personal email to send sensitive files because their company systems hinder productivity, a major compliance and security risk.  And 50 percent of those people admitted to using personal email as a means to hide sensitive information from management.

• Remote Devices: Employees are also relying on remote devices – like USB drives and smart phones – to transfer information that can’t be handled by corporate systems. More than 25 percent of employees have lost a USB drive containing confidential information.  Even worse: Out of that 25 percent, 40 percent said they did not report the lost device to the IT department.