RSS

Blog posts tagged with 'Security'

How Safe Is Your Web Browser?

How safe is your browser keeping you? Not something we think about in our day to day activities on the web. Register to a new website and your browser asks you if you would like to save the login information, out of sheer convenience most of us would say sure, go ahead. Not realizing the potential security risk they may have just put themselves in.

In the computer world there are four major browsers that almost everyone uses, we have Chrome, Internet Explorer, Firefox, and Safari. All of these browsers have the ability to save login details for website, and some can even go as far as saving credit card information, for easier shopping. But anyone that has access to your computer can gain access to all of your data. Using password revealers is nothing new to the industry, but if you feel the need to walk away from your computer and leave it up, anyone is able to come up behind you and reveal all of your stored login information from your browser with ease.

Another method that could be used for attackers is by using some types of malware that would be able to use a script to recover the stored passwords database, which if there is no master password stored in the browser for the rest of the password, it will most likely be stored in plain text. These database files resides on the PC in the browsers files structure. If the browser is unpatched or out of date this type of an attack would be common.

One other method that could be used is by an attacker using, what is called an XSS hole. XSS is short for cross-site scripting, and this can be used by an attacker by luring the user to go to a malicious website via email, or by phone, and clicking on a link that sends the XSS code to the browser to retrieve the stored passwords, stored cookies, user data, history, and others.

So as you can see there are multiple ways that attackers are able to retrieve your saved passwords from your browser without you ever really knowing. My recommendation would be to first, do not use the autocomplete or auto-save features in your browser and disable them. If you must use them make sure that the computer, and browser are always updated, and if the browser supports it, set a master password on your saved passwords list.

Tracy Hazelton
System Technologist
StormsEdge Technology

The Unseen Identity Theft - Part 2

How cyber criminals use keyloggers

One of the most publicized keylogging incidents recently was the theft of over $1million from client accounts at the major Scandinavian bank Nordea. In August 2006 Nordea clients started to receive emails, allegedly from the bank, suggesting that they install an antispam product, which was supposedly attached to the message. When a user opened the file and downloaded it to his/ her computer, the machine would be infected with a well known Trojan called Haxdoor. This would be activated when the victim registered at Nordea's online service, and the Trojan would display an error notification with a request to re-enter the registration information. The keylogger incorporated in the Trojan would record data entered by the bank's clients, and later send this data to the cyber criminals' server. This was how cyber criminals were able to access client accounts, and transfer money from them. According to Haxdoor's author, the Trojan has also been used in attacks against Australian banks and many others.

In February 2006, the Brazilian police arrested 55 people involved in spreading malicious programs which were used to steal user information and passwords to banking systems. The keyloggers were activated when the users visited their banks' websites, and secretly tracked and subsequently sent all data entered on these pages to cyber criminals. The total amount of money stolen from 200 client accounts at six of the country's banks totaled $4.7million.

At approximately the same time, a similar criminal grouping made up of young (20 – 30 year old) Russians and Ukrainians was arrested. In late 2004, the group began sending banking clients in France and a number of other countries email messages that contained a malicious program – namely, a keylogger. Furthermore, these spy programs were placed on specially created websites; users were lured to these sites using classic social engineering methods. In the same way as in the cases described above, the program was activated when users visited their banks' websites, and the keylogger harvested all the information entered by the user and sent it to the cyber criminals. In the course of eleven months over one million dollars was stolen.

There are many more examples of cyber criminals using keyloggers – most financial cybercrime is committed using keyloggers, since these programs are the most comprehensive and reliable tool for tracking electronic information.

Increased use of keyloggers by cyber criminals

The fact that cyber criminals choose to use keyloggers time and again is confirmed by IT security companies.

Reports note that in recent years, the company VeriSign has seen a rapid growth in the number of malicious programs that have keylogging functionality.

One report issued showed that almost 50% of malicious programs detected by the company's analysts during the past year do not pose a direct threat to computers, but instead are used by cyber criminals to harvest personal user data.

According to research conducted by John Bambenek, approximately 10 million computers in the US alone are currently infected with a malicious program which has a keylogging function. Using these figures, together with the total number of American users of e-payment systems, possible losses are estimated to be $24.3 million.

Most modern malicious programs are hybrids which implement many different technologies. Due to this, any category of malicious program may include programs with keylogger functionality.

For the complete read and all it's helpful tips, click HERE!

Zachary T. Brown
Marketing Director
StormsEdge Technology

Virtual Desktop

Are you considering going virtual for your workplace? When the time comes to start replacing an old infrastructure one topic that consistently comes up is virtual desktops. This is that crucial moment in time where you ask yourself the question, “what is truly the best fit for achieving our business goals and becoming a more productive team?

Once you find yourself asking this question, it’s during this time you begin considering several factors such as cost, flexibility, scalability, and security. The advantages to moving to virtual desktops outweigh the cons in most cases. Some of these advantages include available from virtually anywhere over an Internet connection, this means laptops, tablets, phones, or even another computer. Because you are now running virtual you have access to your information at any time, instead of having to go back to the office because that’s the only datacenter your information resides.

Cost is another big decision maker, but we have got you covered there as well. The overall cost of going virtual is much lower from reducing the amount of electricity that is consumed to software licensing, to I.T Support. Below is an average cost comparison between a traditional PC vs. a virtual desktop

Because no computer is safe from failing at some point or another, you will need to consider the amount that is spent to support or repair these computers in the case that something goes wrong. How much would you say your company spends on IT support and maintenance per PC? Now how would you like to significantly reduce that number? How Because the Virtual desktops can be managed at the datacenter without having to pay someone to come out to your location every time something goes wrong. Security Patches, software, and updates are applied companywide without taking down one machine at a time throughout a workday, thus losing employee productivity.

Arm yourself with more information HERE and see how a Virtual Desktop can be one of the most cost effective, secure, and most productive method to upgrade your network would be to consider Virtual Desktops for your business.

 

Tracy Hazelton
System Technologist
StormsEdge Technology

Beating Hackers At Their Own Game

Taking Your Security To The Next Level

Most computer users fail to think twice about the security of their computer. The typical line of belief where they say “well, that would never happen to me” can only go so far.

Truth is, hackers have thousands of tools at their disposal to take advantage of you including tools such as keystroke loggers. Keystroke loggers record every single keystroke you type on your computer...this includes your private email messages, bank account password, and your credit card number! If you are connected to the Internet through a high-speed connection, you’re at risk.

Do I have your attention yet?

While I hope reading that scared the pants off you, as long as you follow these simple precautions, the risk of anything like that happening decreases significantly

Never Share Passwords:

Pick strong passwords and keep them private. Never share your passwords or passphrases with friends, family, or computer support personnel.

Do Not Click Random Links:

Do not click any link that you can't verify. To avoid viruses spreading by email, think before you click. If you receive a message out of the blue, with nothing more than a link and/or general text, DO NOT CLICK IT! If you doubt its validity, ask for more information from the sender.

Beware Of Email Or Attachments From Unknown People:

Never open an attachment you weren't expecting, and if you’re unsure who the sender of an attachment is, delete the message without reading it. If anything, to open an attachment, first save it to your computer and then scan it with your antivirus software; check the program's help documentation for instructions.

Do Not Download Unfamiliar Software Off The Internet:

Many programs appear to have useful and legitimate functions, however, many times sites can contain spyware, which will damage your operating system installation, generate pop-up ads, and report your personal information back to the company that provides the software.

Log Out Of Or Lock Your Computer When Stepping Away, Even For A Moment:

Forgetting to log out poses a security risk with any computer that is accessible to other people (computers in public facilities, offices, etc.) because it leaves your account open to abuse. Someone could sit down at that computer and continue working from your account, damaging your files, retrieving personal information, or using your account to perform malicious actions. Just remember to log out of or lock your computer whenever you leave it.

Remove Unnecessary Programs Or Services From Your Computer:

Uninstall any software and services you do not need.

Treat Sensitive Data Very Carefully:

For example, when creating files, avoid keying the files to Social Security numbers, and don't gather any more information on people than is absolutely necessary.

Remove Data Securely:

Remove files or data you no longer need to prevent unauthorized access to them. Merely deleting sensitive material is not sufficient, as it does not actually remove the data from your system.

 

Zachary T. Brown
Marketing Director
StormsEdge Technology
 

Protecting Your Passwords

Simple, Yet Effective Ways To Protect Your Passwords

1. Don’t share them with anyone

Yeah, so this one is obvious, but because it hap­pens all the time it needs repeating: don’t share your pass­words! All of the per­sonal secu­rity tips in the world won’t help you if someone else has one of your pass­words and is able to act like they’re you online.

2. Use strong passwords

A pass­word that is easily guess­able is not much better than nothing at all. Attackers give con­sid­er­able effort in order to try and dis­cover new ways to make pass­word guessing more effi­cient, and so it pays off to select strong pass­words that are resis­tant to these efforts.

3. Don’t use the same pass­word everywhere

It’s tempting to come up with a strong pass­word, and then use the same one in mul­tiple places, like for log­ging into Twitter or your email. But if your pass­word is broken or acci­den­tally exposed by one of these ser­vices, attackers can often go and try to use the pass­word at a number of other ser­vices with your public login infor­ma­tion, most often an email address.

4. Con­sider using a pass­word manager

It’s not easy to remember a large number of strong pass­words. The last time I counted, I had more than 50 accounts with dif­ferent ser­vices, and despite the value of the pre­vious tips, it’s dif­fi­cult to have that many different password if you’re in a sim­ilar sit­u­a­tion, you might con­sider using a pass­word man­ager, such as LassPass or KeePass.

5. Con­sider using two-factor authentication

A great way to pro­tect your infor­ma­tion is to take advan­tage of the so-called two-factor authen­ti­ca­tions when pos­sible. Google, Twitter, and Face­book all pro­vide these capa­bil­i­ties, where the idea is to require two pieces of infor­ma­tion as proof of iden­tity: your pass­word, plus sometimes one of those annoying “text verification” schemes for instance.

Pass­word safety is easily overlooked but is crucial in pro­tecting your per­sonal infor­ma­tion. Still want more helpful tips? Click HERE!

Zachary T. Brown
Marketing Director
StormsEdge Technology

Hosted Exchange Advantages

Hosted Exchange is an advanced productivity solution featuring enterprise-class email, as well as shared calendaring, tasks, and contact capabilities. It enhances employee communication and collaboration for businesses and organizations of any size.

Some of the benefits to hosted exchange are:

Email Anytime, Anywhere – Be able to access your mail, contacts, and calendar from any internet connected device, worldwide.

Lower Costs – No need to purchase your own infrastructure that can be extremely costly, plus the headache of trying to set it up, or paying someone to do it for you. No energy cost to run your own server.

Latest Technology – With a hosted exchange you no longer have to worries about the large costs that are associated with keeping the latest versions, security patches, and hotfixes, leave that to the service providers.

Security - Exchange's default connection to Outlook (RPC over HTTPS) creates a secure connection between your Outlook client and the Exchange server, meeting and surpassing the most pressing security requirements.

Want to see exactly how much money you could save? Check out these charts!

Tracy Hazelton
System Technologist
StormsEdge Technology

Newsletter