Archive for category Security
If knowledge is power, and the Internet is the superhighway of information, then hackers are the BAMFest surfer-pirates in the whole wide world wide web. Some are more powerful than others however, and any hacker will tell you there is a pecking order to hackerdom. Here is a list of hacker hierarchy:
Hackers are coming up with more and more ways to gain control over information on the internet. There are dozens of reasons for hackers to do what they do, but here is a list of how they do it, and how to prevent them.
1. Cross site scripting (XSS)
The most commonly exploited security vulnerability in web applications. The weakness arises when an application does not validate or encode user data before the information is sent to a web browser. Hackers implement malicious script in a browser and gain access to user sessions, web sites, conduct phishing, and/or release malware.
Measuring the effectiveness and success of your security program can be quite difficult without the aid of auditing; particularly in terms of how well it protects data from outsiders and how well your users adhere to policies and procedures. It is very interesting then, that it is not entirely too uncommon to find organizations that conduct this aspect of security loosely or not at all. It is also not atypical to find that violations are only discovered when the occurrence of a serious breach of confidentiality takes place or when a whistleblower’s complaint escalates the issue.
For some time now, one of the ongoing movements in enterprise environments have been toward single sign-on systems (SSO). As an important priority in many organizations, the implementation of these systems bears review. Also critically important is the determination and scrutiny of the process towards implementing these solutions. In some such constructs middleware or intermediate environments are implemented, in others, this can also creep into identity integration constructs. Across all cases, it can be summarized that these authentication systems can be extremely beneficial to organizations with the appropriate scope, approach, and delivery in mind.
Risk is a part of any IT environment. Quantifying and even further – managing it, well that’s another matter. In recent client discussions the matter of risk has come into question during discussions about cloud and cloud services. The tradeoff between risk and enablement has been discussed in the past quite profusely and I admit to being on the risk side of the camp for quite some time, even writing about it at some point.
You may have seen our post from almost a year ago with an infographic explaining 8 levels of IT security in data centers. It is very important to make sure any cloud computing servers you are using are secure, especially for business purposes. Nonetheless, with cloud computing and rapidly advancing technologies, viruses, malware, and spyware seem to be getting more prevalent and smarter. “As more workers become virtual, cloud computing offers compelling ways to share information, but as workers connect, you never know what is going to be on their home PC.” At this point in time, it is not uncommon for one to experience the misfortune of being attacked. Rootkits viruses are becoming more common, and they are among the most difficult to clean from computers. This is because they hide their “presence from administrators by subverting standard operating system functionality or other applications” (Wikipedia). Anyone who has experience battling a rootkit knows that it can sometimes feel like you are at war with your computer under harsh conditions with little time for food or sleep. Oftentimes, viruses and malware scanners will discover and repair attacks on your computer, but they miss the rootkit in itself, which will then re-initiate the attacks on your computer. Here are four of the best freeware programs to bolster your rootkit fighting power and hopefully give you what it takes to achieve victory and win back your computer!
Chief executive officers, physician leaders, and boards of directors wield a number of responsibilities, quite often seen as more important than information security. Yet it’s important that leadership views information security in the same way they do other crucial tasks that help the organization function. All too often however, organizations at best appear to favor focusing strictly on compliance, as opposed to overall security.
The use of Polymorphic Malware by cyber criminals is on the rise. A recently cited report from Symantec regarding this trend stems from some of these exploding statistics. Malware of this type is known as polymorphic because it is described to constantly change in nature, making the detection and removal of infections a very difficult task. The code in such polymorphic malware retains its function through its evolution, but the code itself is known to change various characteristics and methods such as changing filenames, encryption, compression techniques, signature changes, among others.
A recent survey of consumers conducted by Xerox indicated some surprising results in regards to consumer perception of electronic health records (EHRs). Among other findings, the main concern cited in the report was the threat of hackers stealing information. The article states:
“Nearly 80 percent of respondents who have concerns about digital medical records indicated stolen personal information by a computer hacker to be their number one worry, followed by the threat of lost, damaged or corrupted records at 64 percent and the misuse of information at 62 percent.”
Results also indicated the following:
Malwarebytes is the company behind the most advanced anti-malware protection and removal software in the industry. This growing company has a unique story rooted in the experiences of founder and chief executive Marcin Kleczynski. As the story goes, Marcin’s own PC had gotten infected with malware and he turned to community resources to try and fix his machine. Frustrated with the amount of effort this had taken, Martin took to writing his own program known as Rogue Remover. This software was distributed to friends and colleagues and officially formed the company and product now known as Malwarebytes. Distributed by the “freemium” model, the company relies on the performance of its product as evidenced by its community ratings. This grass roots approach is what makes this company unique. Reputation and expert referral has led the company’s product to over 100 million downloads to date with no end in sight, adding users at a rate of a million each month.