Posted by Kalyani M. on Jun 9, 2014
As predicted by security researchers, 2014 is really turning out to be the year for new forms of ransomware attacks. Ransomware is a form of malware that takes over your system and restricts access to your files and folders until you pay the ransom amount to the malware author. Without the knowledge of the victim, the malware slowly manages to encrypt all the files, folders and documents present on the victim’s machine. Your system will not show any sign of infection, as it will take hours to encrypt all the files and folders. Once all your files and folders are encrypted, a message with a timer will pop up on your computer screen asking you to pay a ransom amount or to lose access to your important files forever. Last year, a ransomware perpetuator named “Cryptolocker” managed to infect nearly 250,000 computers, stealing millions of dollars. Cryptolocker was very successful, as it was extremely difficult to detect.
Posted by Kalyani M. on Jun 3, 2014
The occurrence of security breaches at large companies appears to be on the rise. Last year, we saw massive data breaches at Target and Adobe affecting millions of customers. The personal data of many people were at stake as a result of the incidents. Data breaches are the stuff of nightmares for any enterprise. They not only suffer huge financial loss, but also lose the trust of their customers. Recently, eBay became the latest victim of a major data breach, with a database containing encrypted passwords and other personal data becoming compromised. The hacker followed the usual practice of using employee credentials to gain access to the eBay network and steal the personal details of millions of eBay customers. Last week, the company notified users via email to change their passwords in order to prevent further damage due to the breach.
Posted by Kalyani M. on May 29, 2014
In light of NSA surveillance, finding a truly secure email service presents a challenge. The PRISM revelations have made us aware of government surveillance programs targeting the email communications of millions of Americans for mass data collection, and as a result, many of us are more concerned about the privacy and security of our data in the electronic medium. The majority of email services store our correspondence with third party services, and, as a result, are vulnerable to surveillance and interception. Apart from that, there is also the possibility of the emails being hacked or scanned by advertisers. With the NSA targeting popular email services like Yahoo and Gmail, how can we ensure secure communications over the Internet?
Encryption is one form of protection against surveillance, however there are few concerns with this method, as well. Encryption only works if it is implemented properly, and the encryption keys are securely managed and stored. The NSA has been successful in circumventing the majority of the encryption technologies on the web. But when it comes to cracking strong encryption standards, like AES, the NSA is facing some level of difficulty. Keeping all these surveillance concerns in the forefront, a German-based company, Lavaboom, has come up with a secure email service that ensures protection against government snooping activities.
Lavaboom is named after Lavabit, an encrypted email service that was used by former NSA contractor Edward Snowden for communication. Lavabit shut down their operations last year when they were requested by the government to hand over the private SSL keys that would have allowed the government to decrypt all encrypted emails. When the NSA finds it difficult to get through a tightly secured application, it sends request notices to the service providers for access to user data. In Lavabit’s case, the NSA was after the encryption keys, as they could not find a way to bypass the strong security controls implemented in the email service.
The biggest lesson gained from Lavabit’s case is that, apart from establishing strong encryption standards, email service providers need to come up with a way to effectively handle their secret keys to prevent unauthorized access. Lavaboom’s secure email service purports to take care of this issue. Their end-to-end email encryption method allows only the users to take charge of the key needed to decrypt the emails they receive from others. It is based on PGP encryption standards, which is considered one of the most robust and hard-to-crack encryption methods by far. PGP is a unique combination of traditional encryption and public key cryptography. In public key cryptography, a user’s public key is available to the public for use, but the private is only available to the user. When sending any message to the user, the sender needs to encrypt the message with the user’s public key. The encrypted message can only be read by the user when using the private key to decrypt the message.
Some people are under the impression that the use of security tools on the Internet will put them under extra scrutiny by the NSA. This is simply not true. By not using security tools, you are opening the doors for other kinds of cyber attacks, like phishing and identity theft. Imagine the amount of personal and sensitive data stored in your inbox- bank statements, credit card information, medical information, and much more. An intruder can take advantage of this sensitive information and carry out fraudulent activities. Therefore, it is in your best interest to use the appropriate services to encrypt your email messages.
Secure cloud storage service that protects your data from surveillance
SpiderOak believes in zero-knowledge privacy and establishing defenses against any individual or organization attempting to compromise your privacy. It is our belief that privacy is a right, and it is our mission to protect yours.
It provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access. SpiderOak offers reliable products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. Sign up for this product today.
Posted by Kalyani M. on May 27, 2014
Data attacks have unfortunately become commonplace these days, with new reports of penetrated security systems being reported on a seemingly regular basis. SQL injection is the most commonly used form of attack by intruders to compromise enterprise data, as it is highly effective and successful in gaining access. The SQL injection vulnerability has been around for ages, and could be easily fixed during the development life cycle. SQL injection attacks have been on the rise for the past few years. “According to Neira Jones, former head of payment security for Barclaycard, some 97 percent of data breaches worldwide are still due to SQL injection somewhere along the line.” Many well-known companies, like LinkedIn, Yahoo, and the Federal Bureau of Investigation have become victims of this form of attack.
Posted by Kalyani M. on May 22, 2014
The PRISM revelations served as a wake-up call for tech firms in terms of privacy, security, and NSA surveillance. The documents leaked by Edward Snowden indicates that the NSA has left no stone unturned in getting access to a huge amount of sensitive user data. They have been successful in circumventing the majority of encryption technologies over the web by partnerships with security companies, court orders, and backdoor methods. The NSA works closely with security vendors to understand the vulnerabilities in commercial products and exploits them to carry out surveillance activities. There are times when the spy agency asks companies to deliberately make changes to their products in undetectable ways, like leaking encryption keys, making random number generator less random, adding a common exponent to a public-key exchange protocol, and so on.
Posted by Kalyani M. on May 21, 2014
Enterprises invest huge sums of money on developing security mechanisms to protect company assets and networks against cyber attacks. With ever-emerging security threats, it becomes imperative for any organization to bolster their security controls. Organizations tend to focus on introducing new technical upgrades, improving encryption technologies, better threat detection, and prevention tools for preventing unauthorized access to their company resources. However, there is one popular means of gaining access that completely bypasses technologies and security systems. Social Engineering is a form of attack in which the attacker uses a variety of psychological tricks on a user to gain access to a computer or network.
Posted by Kalyani M. on May 15, 2014
In today’s age of technology, it is safe to say that the mobile phones have surpassed desktop PCs in terms of popularity and usability. You can get all your tasks accomplished on a small portable device, rather than sitting in front of a static computer for hours. You can surf the Internet, pay your bills, do shopping, and socialize with your friends, all from your smartphone. Besides being easy and convenient to use, another major reason behind the popularity of mobile devices is the availability of apps. There is an app for almost everything these days, from banking to health and fitness. With smartphones, all kinds of services are just a click away. However, because of their widespread use and popularity, mobile phones are vulnerable to cyber attacks.
Posted by Kalyani M. on May 13, 2014
There has been significant growth in the number of individuals working remotely or telecommuting in recent years. Remote connections, also called VPNs, are an attractive alternative for many businesses; they increase employee productivity, save company expenses, and require less maintenance. In order for this large workforce to carry out business effectively and efficiently, it is important to focus on the security of remote access technologies. It is necessary to extend the concept of “confidentiality, integrity, and availability” to the remote access devices that have direct connections to corporations’ secure data and network resources.
There is no doubt about the fact that virtualization has made our life easier by providing access to corporate home bases, anytime from anywhere. The remote services allow us to get our tasks done without having to be physically present in the office. This is an excellent option for employees with a lengthy commute between office and home, and those who need to care for children or family members. Unfortunately, remote access services are one of the most exploited IT resources in today’s time and age. Enterprises invest huge amounts of money to provide remote services; however, much less is invested to make the connections secure. Vulnerable remote access connections provide easy access to any intruder hoping to gain entry to a company’s sensitive information. From a lack of secure network configuration, to weak passwords and poor endpoint security, there are several loopholes that can lead to major data breaches.
Let us take a look at the security risks associated with remote access services:
It appears that virtual workspaces and cloud computing are here to stay. As long as giving employees the option to work remotely pays off for companies, there will be a need fo remote access connections. Therefore, enterprises should invest in strengthening remote access solutions, in order to ensure better security and confidentiality of corporate data.
True Privacy with SpiderOak: Secure remote access requires implementation of best security practices for better security of data. SpiderOak believes in “zero-knowledge” privacy, and implements strong security controls, such as 256 bits AES and two factor authentication for protection of sensitive information. It allows you to encrypt your files and folders before sending them to the cloud. Even SpiderOak cannot read your data because the keys used for encryption only belong to you. It is impossible for someone to gain control of your data by hacking into SpiderOak. SpiderOak offers amazing products, like SpiderOak Hive and SpiderOak Blue, to help you secure consumer and enterprise data. SpiderOak Blue provides enterprises with a fully private cloud service featuring all of the benefits of cloud storage along with 100% data privacy. And for the average web user, SpiderOak offers the same protections with lower costs and smaller storage space. Sign up for this product today.
Posted by Kalyani M. on May 8, 2014
Cloud computing provides effective connectivity and easy access to the latest computing resources. This technology has become extremely popular among businesses because of its flexibility and cost effectiveness. Gradually, the education sector is also making a transition to cloud services. Many school districts are embracing cloud computing to improve academic delivery and learning, provide personalized student attention, and reduce infrastructure costs. Schools are encouraging students to use commercial cloud services for sending emails, storing and sharing documents, and for other educational purposes. By outsourcing email and data storage services, school districts are saving a lot of money that was earlier spent on server space, hardware, software, and technical support. Continue reading…
Posted by Kalyani M. on May 6, 2014
Credit card hacks and data breaches are on the rise these days. Recently, retail giant Target became a victim of a massive data breach that affected millions of customers. Cyber criminals are also using the cloud environment for launching cyber attacks. As more businesses are moving towards adopting cloud-based services, the risk of security breaches increases.