So how exactly doe one get hacked? Here are some common security plunders that lead to exposing yourself to that personal data breach.
-Out dated software – Exposes users systems to security flaws that previously been fixed.
-To Trusting a public – Users giving out personal information through email phising and social engineering.
-Poor password management – Using simple passwords or the same password on multiple accounts.
-Too much exposure on Social Media – Provides material for phishing attacks and scams
-Not using available security solutions – Users not taking advantage of available anti-virus software or keeping it up to date.
-It won’t happened to me – Than who are the victims out there. Your data is valuable. Great info from Security Blogger Brian Krebs on this.
-Unattended devices (physical security) – Theft isn’t the only threat. All your goodies are on that cell phone.
-Open hotspots – Free wifi can be costly. Data is not encrypted unless using SSL) using Https.
I will be going into detail on these and other personal security vulnerabilities in upcoming post. Stay Tuned.
For some inexplicable reason I like to carry a usb drive on my key chain chocked full of tools that may be needed and at a moment’s notice. Resulting in the predictable loss of a drive every several months or so. Years back this used to cause me almost unbearable angst. What log files or other data did I have on that drive and who would have access to my coveted technology secrets? I have been saved however from an early grave by implementing a couple fundamental security practices.
The first, and most obvious, is to make certain anything on my precious usb drive is also on my desktop or cloud storage and a part of my backup strategy. Secondly, as a rule mobile data storage should be encrypted whenever possible. I would like to expand more on the later.
Any sensitive data stored on mobile devices such as flash drives, cell phones, tablets and laptops should be encrypted. This should be a particular point interest for employers in this world of BYOD (Bring Your Own Devices) to work. There are a multitude of methods to accomplish this. Vista and beyond professional additions of Windows come with “bitlocker”. Bitlocker gives you the ability to encrypt files and drives with industry standard encryption. If you don’t have the select versions of Windows there are a variety of freeware and pay products available for whatever flavor of your operating system. Lifehacker and GFI can provide some examples. As always, do your homework and see what meets your needs and budget.
Be safe. Get that good night sleep even when that usb drive wonders off.
Here are a few suggestions to help business protect their sensitive data.
1. When at all possible don’t store sensitive information on your own internal servers. Leave it to the professional. Reputable cloud services can invest a lot more money in protecting data then the typical small business owner.
2. One of the simplest however often overlooked security measures is using a quality anti-virus solution. Don’t settle for “freeware” or the cheapest product.
3. Use reputable payment processing services if you handle credit card transactions. It’s what they do. They have the infrastructure to more effectively protect financial data then the average small business.
4. Employee awareness is fundamental to protecting your business. The most technical and expensive security solutions drastically lose their effectiveness when employees and managers to do not follow fundamental security practices such as password management and email discipline.
5. Make use of the added security tools provided by cloud and software services. The few seconds it takes for two step verification can save lots of heartache downline.
6. Review your current security practices and polices regularly to make certain they work in an ever changing technical landscape. If you don’t have established policy and procedures, today is the time to start getting that in place.
7. Lastly, do your homework and research. There is an abundance of information available online for ways to better protect your business. If you don’t have the time have someone else in your company take care of it or outsource. Remember the saying “an ounce of prevention worth a pound of cure” saying.
The Apple Appstore in China was infected by a development programming tool dubbed “Xcodeghost”. The malicious program installs a backdoor when programmers use it compile applications. Below is the list of top 25 apps affected. It should be noted this list is not all inclusive and affected apps are being discovered.
• DiDi Taxi
• 58 Classified – Job, Used Cars, Rent
• Gaode Map – Driving and Public Transportation
• Railroad 12306
• China Unicom Customer Service (Official Version)*
• CarrotFantasy 2: Daily Battle*
• Miraculous Warmth
• Call Me MT 2 – Multi-server version
• Angry Bird 2 – Yifeng Li’s Favorite*
• Baidu Music – A Music Player that has Downloads, Ringtones, Music Videos, Radio, and Karaoke
• DuoDuo Ringtone
• NetEase Music – An Essential for Radio and Song Download
• Foreign Harbor – The Hottest Platform for Oversea Shopping*
• Battle of Freedom (The MOBA mobile game)
• One Piece – Embark (Officially Authorized)*
• Let’s Cook – Receipes [sic]
Heroes of Order & Chaos – Multiplayer Online Game*
• Dark Dawn – Under the Icing City (the first mobile game sponsored by Fan BingBing)*
• I Like Being With You*
• Himalaya FM (Audio Book Community)
• Flush HD
• Encounter – Local Chatting Tool
First there was the hack of “Adult Friend Finder” and now “Ashley Madison”. Adult Friend Finder, which boast over 64 million users was hacked in March exposing the secrets of 3.5 million users. Included in the hack along with sexual preferences were user names, passwords, birthdays and zip codes of some members. More on the story from CNN here.
Ashely Madison caters to married folks who want cheat. The hackers, according to krebsonsecurity, are threatening release customer information that includes secret sexual fantasies along with credit card transactions, names, addresses, employee documents and emails. Ashely Madison has more than 37 million users that could be affected. According to CBS News the personal details of 2 subscribers has already been released.
Keep in mind when using sites of this type (no moral judgements) they are inviting targets for those looking to do wrong. Contain within is a treasure trove of information that could be damaging if released and potentially profitable to the “would be” blackmailer. One would expect these sites to be secure and private however, as evident in the spate of government and financial institution breaches a site that can’t be hacked is rare.