How Data Brokers Threaten Your Privacy and Resell Your Information

Data brokers are buying, sharing and selling your information online.  While you have probably never heard of these companies…. they know all sorts of information about you and have most likely added you into a category such as: Financially Challenged, Democrat, Republican, Expectant Parent, or even Bible Lifestyle.

That’s not all they know. Their database of information includes address, property ownership, income, criminal records, family members, and even hobbies. If you have searched for something on the Internet or make online purchases data brokers know it.

From smart phone apps that spy on you to wearable’s and fitness trackers that record your every heartbeat, more and more of you personal data is tracked and resold to data brokers. Michael Gregg’s new article explores how data brokers threaten consumer privacy.  Read more about this topic at Michael Gregg‘s  Huffington Post article.

Posted in Cyber security, Hacking, IT and Computer Security, Privacy | Tagged , , , , , , , | Leave a comment

The US / Russian Simmering Cyberwar

Russia’s cyber assault on the US election is one of the most provocative acts we have seen against the US from a cyber prospective. It should be clear that cyberwar is an effective tool for Russia’s military and political goals. How should we respond… Read more of Michael’s new article on Huffington Post.

 

Posted in Cyber security, Ethical Hacking, IT and Computer Security | Tagged , , , , , , , | Leave a comment

Is Windows 10 Spying On You or Simply Building a Better User Experience?

Microsoft has come under fire from privacy advocates because many end-users feel that Window 10 is way too intrusive.  While it is true that much of this data is used to enhance user experience, Microsoft’s lack of transparency isn’t doing much to dispel the notion that they are spying on end users, gathering much more personal information than needed, and making it way too difficult to opt out. If you’re wondering what kind of data Microsoft collects from Windows 10 users, it includes:

  • Personal information about your browsing habits and what you’re doing on your computer
  • It borrows bandwidth from your computer without asking for shared downloads, much like a peer to peer network
  • Per the end user license agreement (EULA), it can scans for illegal games (xbox)
  • Forced updates

To get a better idea of what Microsoft is doing with Windows 10, you’ll need to read the end user agreement. It’s about 12,000 words, so you may want to have your lawyer handy as you are going through it!

If you want to reduce the amount of spying that Windows does, you will need to open Settings and click on Privacy. There, you’ll need to navigate through 13 different screens to disable the first layer of data collection. You will also need to visit https://choice.microsoft.com to opt out of personalized ads. This won’t keep you from seeing ads; it’ll simply block ads targeting you based on your browsing history.

Even after all of these changes, Windows 10 will continue to send information to Microsoft. To further block its ability to spy on you, consider downloading Windows 10 Tracking Disable Tool from Majorgeeks.com. This tool blacklists many of the IP’s that Windows 10 sends the tracking data to. To further reduce data aggregation Windows 10 users should also consider installing ghostery from www.ghostery.com.

So, while you can reduce the amount of spying that Windows 10 does by default, the OS is designed in such a way to make the process very difficult for the average user which is unnecessary.

Posted in Hacking, IT and Computer Security, rogueware | Tagged , , , , , , , , | Leave a comment

Why Ethical Hackers Are In Strong Demand

Ethical hackers are in strong demand because modern cyber attacks can be highly focused, targeting your online assets and intellectual property. Especially in this BYOD (bring your own device) era, security breaches must be avoided. It’s like a hole in the wall of your office or a hole in the fence at your property line. The malicious hacker get easy entry. If it is your proprietary data that they are helping themselves to, losses can mount quickly.

Then, there are those Internet vandals too, known as hacktivist. Hackers doing critical damage just for the fun of it, hacktivist are despised in the real world; they should be online as well. Again, cyber security experts can set up a line of defense before the vandals , the hackers, ever attack.

And, these guards can step in to repair damage after its occurred as well. They can plug the hole in the fence before it completely gives way. And, just as that miscreant may leave footprints as he makes a hasty retreat, cyber criminals may leave a trail as well.

Why not take steps to stop the troublemakers before they ever arrive at your online address? There is no better place to be pro-active than in cyber-security. It is possible to hire experts that can test for vulnerabilities in your cloud-based and other systems.

Avert a potential disaster, and enjoy peace-of-mind that will allow uninterrupted attention to growing your enterprise.

For further assistance, either before or after the fact, please contact us today.

Posted in Cyber security, Ethical Hacking, Hacking, Training and Education | Tagged , , , , , , | Leave a comment

The Prevalence of Cyber Crime

While many people acknowledge the prevalence of hacking and cyber crime, many, including businesses, do not take the necessary steps to ensure their cyber security. Even though there have been so many big cyber hacking cases exposed such as Target, Home Depot, Sony, and Anthem.  Then there is the other side of hacking, the part that no one see’s. Because much of hacking is undetected, it is difficult to estimate the total number of people that have been hacked, though it is safe to say that almost everyone has been affected by cyber crime of some sort. Professionals urge both people and businesses to consider the effects of cyber crime, hoping that they will take more serious steps to prevent destructive hacking.

A article by by NBC News discusses how even experts of cyber security struggle to keep hackers away. While the experts use high tech security for their businesses, they are forced to use low tech equipment for their personal use. Of the widespreadness of hacking, former Homeland Security Secretary Michael Chertoff stated,
“There are two types of people: those who have been hacked, and those who don’t know they’ve been hacked.”

Because of their knowledge and experience with hacking, many cyber security experts have become obsessed with preventing cyber crime. Eugene Kaspersky, owner of the anti-virus software company Kaspersky, admits to being paranoid about cyber crime, and even uses a six year old Sony Ericsson cellphone because it is more difficult to hack, according to the article.

Although many businesses have already taken the steps for their cyber security, others are still lacking and are putting themselves at considerable risk. The constant skepticism from experts about cyber security signals that everyone should take cyber crime seriously. While people who do not have sufficient cyber security can be damaged by hacking, businesses that do not have sufficient security put themselves at even more risk, as they have more data to lose, more information to depend on, and more money at stake.

If you’re interested in cyber security and would like to protect your business from cyber crime, contact us.

Posted in Cyber security, Ethical Hacking, Hacking | Tagged , , , , , | Leave a comment

The CISSP Exam Update and Eight Domain Rewrite for 2015

For individuals considering the (ISC)² CISSP exam, you need to be aware of a major update that will go into effect April 1, 2015.  Gone are the ten domains that have been with us for many years. Here are the current ten domains.

1. Operations security

2. Telecommunications and network security

3. Information security governance and risk management

4. Software development security

5. Cryptography

6. Security architecture and design

7. Access control

8. Business continuity and disaster recovery planning

9. Legal, regulations, investigations and compliance

10. Physical (environmental) security

According to the ISC2 website, “refreshed technical content has been added to the Official (ISC)² CISSP CBK to reflect the most current topics in the information security industry today.” These changes include reordering the domains and reducing the current ten domains to eight.  Listed below are the eight CISSP domains:

1. Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity)

2. Asset Security (Protecting Security of Assets)

3. Security Engineering (Engineering and Management of Security)

4. Communications and Network Security (Designing and Protecting Network Security)

5. Identity and Access Management (Controlling Access and Managing Identity)

6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)

7. Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery)

8. Software Development Security (Understanding, Applying, and Enforcing Software Security)

Exam candidates have been asking what they should they do, keep studying or wait for the new exam? Keep studying! IT/cyber security has not changed overnight.  It’s more of a steady evolution.  While the topics are being reorganized, everything you have or are learning will still be relevant. Over the next few days and weeks, I will be comparing the current ten domains to the new 8 domains where I can get started on the update to the CISSP Exam Cram. I will post more about these changes to the new April 15, 2015 version of the CISSP exam. Stay tuned…

Posted in Cyber security, IT and Computer Security, Training and Education | Tagged , , , | Leave a comment

Credit Card Hacking: 10 Things You Should Know About Smart Cards

The United States likes to think of itself as a technology leader yet has not adopted smarts cards as a replacement for magnetic strip credit cards. Smart cards are easy to identify because of the small electronic chip found on each card. The U.S. has fallen behind in this area and is using old technology. Americans deserve better! The loss of personal information and credit card data has been too great. If this is not reason enough for the U.S. to consider upgrading its credit card infrastructure, consider the following:

  • Magnetic credit cards are an old technology – It’s not hard to find the equipment to steal the information encoded in your credit card.
  • Credit cards are easily cloned – It’s an easy process for hackers to clone most of the credit cards that are in your purse or wallet.
  • Skimmers are widely available – Anyone with basic search skills can find and buy this equipment.
  • Underground markets sell blank cards – Once a hacker has your credit card information, there are websites that sell blank or pre-embossed credit cards.
  • Many places in Europe do not accept them – Thinking about traveling to Europe? If so, you may be surprised to discover that many European retailers will not accept magnetic strip credit cards. These retailers accept “pin and chip” only.

Smart Cards - Pin and Chip Credit Cards

Europe has fully adopted smart cards. Smart cards started to become more popular in Europe in the 1990s. The ones used in Europe use the Europay, MasterCard, and Visa (EMV) standard. This standard is used to make sure that smart cards, point of sale (POS) terminals, and automated teller machines (ATMs) authenticate all credit and debit cards using these cards. Smart cards have been tremendously successful in preventing fraud worldwide and makes it much harder for hackers to clone smart credit cards. EMV cards have the ability to securely store information in the chip on the card to send and receive sensitive financial data in a secure manner. While the technology is not perfect, it is better than what we currently use in the U.S. With this in mind, why hasn’t the U.S. moved to this technology?

  • Smart cards cost more than magnetic strip cards – Smart cards are expensive. They can cost as much as five times the cost of a traditional credit card.
  • Smart cards require new technology – Remember replacing that old TV years ago and getting your first flat screen? Much the same is required here; for smart cards to be supported, retailers will need to buy new technology. This is not the kind of stuff retailers buy every day and in today’s tight economic market, no one is in the mood to spend money on infrastructure.
  • It is not just the retailers that will need an upgrade – For smart cards to truly work, consumers will need to replace the old plastic cards with new ones. Someone will need to pay for that, too!
  • No one likes change – Sure, you left MySpace and moved on to Facebook, but smart cards are foreign to many consumers and people don’t always easily embrace change.
  • Smart cards are not the only game in town. Smart cards are competing against digital wallet technologies which many industry insiders see as the next big thing. Picking the winner is much like placing bets on VHS or Betamax.

While smart cards do address some of the problems with credit cards, they are not perfect. Point of sale payment systems are still the Achilles’ heel of all credit card technologies. Whatever your view of smart cards may be, you will be seeing more of them in the future. New credit card standards that will be introduced in 2015 will begin to reshape how most customers pay for goods and services and smart cards will start to be mandated at that point.

Posted in Cyber security, Ethical Hacking, IT and Computer Security | Tagged , , , , , , , , , , | Leave a comment

Research Shows Businesses are Prime Targets for Cybercrime

High profile security breaches such as Target, Snapchat, and Neiman Marcus often make headlines. However, research shows that both large and small businesses are targets of cybercrime.

Verizon published a data breach investigations report that looked at 621 confirmed incidents of cybercrime among their customers in the 2012/2013 time frame. Close to half of the cyber attacks occurred at smaller companies with the rest affecting larger firms. While larger firms have the resources to perform penetration testing, code review, and vulnerability testing, smaller firms typically just don’t have those kinds of resources.

Cybercriminals are also using small businesses as pathways to larger companies. Small businesses that are partners or suppliers of large corporations often offer an easy path into the larger company’s network. Attackers frequently design malware that uses the smaller company’s website as bait to break into their larger partner’s SQL database. One technique that is on the rise is ram scraping. Cybercriminals also employ the tactic of “lying in wait.” While many used to attack quickly, they are now more prone to waiting until the moment is right. As an example, waiting until the busiest shopping season.

However, small businesses are not always the stepping stone. They have valuable information as well. They often store customer credit card information (PCI data), intellectual property, and vital data about their own finances.

Don’t become complacent in thinking that you do not have anything a cybercriminal would want. Follow the basic principles of security including technical, physical, and administrative controls. Even basics like using good passwords and updating your anti-virus software shouldn’t be overlooked. Prevention is key. Superior Solutions has a team of professionals trained to recognize vulnerabilities. Let us evaluate your security and lower your chances of becoming a victim. Contact us about your cybersecurity strategy.

Posted in Cyber security, Hacking, IT and Computer Security, Training and Education | Tagged , , , , , , | Leave a comment

Everyone Needs to be Responsible for Cyber Security

The threat of cyberspace attacks are a significant concern for businesses and individuals. The Internet is a great resource for finding information and to make a purchase. However, the use of personal data when online is a valid concern for cyber security initiatives. There are many risks that are present when using the Internet for business or pleasure.

One risk that is a constant presence online is phishing, SMiShing, and/or spear phishing. This risk involves the use of email or SMS messages and web pages that attempt to trick users into providing personal information. Remember that no bank, credit union, a government agency and all major businesses do not send emails asking for personal information.

A second risk to online users is the installation of spyware. This can occur when a user visits a website that runs a script to install a software program. Protection from spyware is provided with antivirus and anti-spyware. Ransom-ware has been one of the big attack vectors this year.

A third risk is the use of social media. Users of social media sites need to be aware of information posted online that may compromise their identity. Information can also be used by hackers to break into a computer system.

A fourth risk to business and home users is password protection. Users need to use strong passwords that others cannot easily guess. Passwords are needed for many secured sites online, such as banks and cloud computing companies. Passwords should be sufficiently long, not written down, and unique for each website or URL.

Three important aspects of security that need to be remembered each time the Internet is accessed. One will be to stop before you open your web browser. The second is to think about how personal information is being provided online. The third is to connect online and be responsible with online data. If you have a small business, then proper IT security training for all staff is needed.

Finally, make sure that you have a backup of personal data and ensure that your systems are protected against a cyber security breach. If you have any questions about cyber security and how you can protect yourself or your business, then contact us for more information.

Posted in IT and Computer Security, Training and Education | Tagged , , , , , , , | Leave a comment

Grammar Undercuts Cyber Security When Using Long Computer Passwords

Certain long computer passwords may not provide as much cyber security as previously thought. A new study reports that passwords based on grammatical structure give away vital clues that make them more vulnerable to being cracked.

Researchers at Carnegie Mellon University developed a grammar-aware algorithm that outperformed other leading methods when tested on passwords that were grammatically structured and contained 16 or more characters. The algorithm alone was able to crack ten percent of the more than 1,000 passwords studied. The authors concluded that password strength cannot be determined by the number of words or characters present when grammar is involved.

The effects are based in part on the way grammar reduces the options for combining words or using them in sequence. Also relevant is the fact that different parts of speech exist in very different numbers, declining from nouns to adjectives to verbs to pronouns. As an example, the study discovered that the five-word phrase “Th3r3 can only b3 #1!” is easier to figure out than the three-word phrase “Hammered asinine requirements.”

The findings are interesting given that much of the general advice about creating strong passwords tends to place the greatest emphasis on length. While Facebook still specifies only a 6-character minimum, many security professionals now advocate for 12 or more.

Other common guidelines still hold true for creating robust passwords. Use upper and lower case letters. Combine letters with other characters such as numbers, symbols and punctuation marks. Avoid making references to your name, birthday, social security number or other personal information. Make up a different password for each website you visit. It is also important to change passwords frequently.

Superior Solutions, Inc. focuses on network security services and cyber security training. Contact us for more information on security audits, network vulnerability assessments, IT security training and other security solutions.

Posted in Uncategorized | Tagged , , , , , , | Leave a comment