Motley cabal of online hacker and librarians. All about online hacking and more ...

Monthly archives for February, 2012

Stronger Authentication to Counter Online Hacking in 2012

Feb23
2012 Leave a Comment Written by blogadmin

As many an online hacking weblog has reported, this past year provided many important lessons in online security and malware protection. Based on these lessons and because of the numerous online hacking attacks and threats in 2011, online security guidelines and systems all over the world are being beefed up in an effort to improve authentication compliance and abide by authentication best practices.

FFIEC Introduces Strong Authentication Compliance Guidelines for Financial Institutions

In January, the Federal Financial Institutions Examination Council (FFIEC) recent updates to its Authentication Guidelines went into effect, requiring up-to-date and strong authentication compliance for financial institutions. The purpose of the guidelines is to “provide a risk management framework for financial institutions offering Internet-based products and services to their customers. Institutions should use effective methods to authenticate the identity of customers and that the techniques employed should be commensurate with the risks associated with the products and services offered and the protection of sensitive customer information” (See BankInfoSecurity for more information).

DoD Beefs Up Security against Online Hacking with new Updates

The Department of Defense (DoD) has also made updates to its authentication program, the Joint Personnel Adjudication System (JPAS). JPAS is a centralized security program that helps protect against unauthorized access to its networks and applications, comply with data protection regulations and enforce security best practices. As of January 21, 2012, non-DoD individuals in the JPAS program must use a digital certificate stored on a USB token or smartcard that has been issued by a DoD-approved External Certificate Authority (ECA).

Both the FFIEC and the DoD took note of the cyberthreat and attack lessons learned in 2011. In order for corporations to follow suit, they must implement authentication best practices that will more effectively keep their data and customer data secure. One of the most important solutions of identity authentication available to corporations today is two-factor authentication or risk-based authentication. Two-factor authentication helps corporations better protect themselves against hackers by requiring two methods of identity verification: a password (something the user knows) and an authentication token (something the user has). Risk-based authentication profiles a user’s device and their behavior to assess the risk associated with their activity and invoke secondary authentication when that activity appears to be unusual.

The popularity of smartphones and tablet devices represents a security opportunity for organizations – more users already have a device that could function as an authentication token to provide a stronger assertion of their identity to a wide variety of parties. Unlike traditional two-factor authentication token solutions, approaches that enable re-use of existing mobile devices are faster and easier to deploy, and more cost-effective to maintain. And, unlike traditional hardware tokens, users are far less likely to forget their mobile device at home. And using risk-based authentication mechanisms that profile a user’s device and behavior can provide similar protection, without any impact to a legitimate user’s experience.

Like this last year, 2012 will be full of cyberthreats and attacks. We can expect hackers will only increase the number and intensity of their attacks. Among the current threats to users of financial institutions is the Zeus Trojan, which the FBI is calling “Gameover” because once the hackers get a user’s financial information, it’s game over. In fact, so far in 2012 Symantec has seen over 200,000 attacks each day from criminals using the Zeus tool kit. The Zeus Trojan, as well as the recent DreamHost attack, prove the urgency corporations should feel about stronger authentication.

As corporations and organizations implement these and other authentication best practices, they’ll not only be keeping theirs and user data more secure, but they’ll also be better equipped to avoid finding themselves the subject of the latest online hacking incident.

Posted in Online hacking

Online Hacking Threat More Pervasive than Ever

Feb17
2012 Leave a Comment Written by blogadmin

 Online hacking, cybercrime, cyber terrorism… these words evoke images of credit card numbers and personal identity details  being stolen from massive electronic databases. At most, the imagination stretches to massive DDoS attacks by online hacking organizations such as Lulzsec and Anonymous.

Online Hacking DoS: Threat to our Basic Needs

Online Hacking Threat More Pervasive than EverScary as those scenarios may be, they pale next to the actual possibilities. Picture how dependant your life is on electric power; from illumination and food storage, every basic amenity of modern life runs on power. The lay person has no idea just how vulnerable our daily water supply, power stations, and gas supply lines are to an online hacking attack. And these attacks are very much a real possibility.

Ill-prepared and Under-informed for an Online Hacking Armageddon

Figures reveal that the Homeland Security Department received and acted upon nearly 116 requestedIn 2010 the Homeland Security Department responded to only 116 requests for assistance from its Control System Security Program cyber experts. By September of 2011 there were 342. All of these attacks didn’t originate domestically, either. On Nov. 8 an IP address originating from Russia attacked an Illinois based water utility company, managing to control a Supervisory Control And Data Acquisition system, resulting in a burnout of the associated pump. These types of real world results to online hacking attacks are not unknown. In 2007 an online hacking attack on a diesel generator caused it so self destruct.

At this time, companies in the sights of these types of online hacking attacks can only prevent between 67% and 76% of these types of attacks. They could prevent more but there’s one thing holding them back: money. Right now these companies spend $5.3 billion on protection against online hacking and other cyber attacks. To reach a 95% prevention rate they would have to increase that amount to more than $46 billion, an increase they say their customers won’t approve.

With the very real and national threat posed by online hacking, some would like the government to step in and foot the bill for these improvements. Others may think that this is a private sector issue and the government need not intervene. However, the decisive battles of the next major war may very well be fought by cyber-warriors on computer screens rather than surgical commando strikes deep within enemy territory. The question is, are we up to countering the threat of online hacking that goes beyond mere pranks?

Posted in Hacking News, Online hacking - Tagged ,

The Phishing Threat & How it is Used for Online Hacking

Feb10
2012 Written by blogadmin

You must be familiar with the term phishing, or phishing scam. It is an online hacking attack where an individual involved in online hacking tricks a victim into giving away secret information such as log-in details, financial data and so on, without the latter realizing the true nature of the scam.

So you can understand the potential use of phishing to online hacking criminals who wish to perpetrate identity theft. Online Hacking:Phishing The term itself originates from phone phreaking, a word that traces its way to early hacking incidents reported in the media and identity theft cases. Though based on a simple underlying concept, perpetrators can weave an elaborate con aimed at ‘phishing’ the identity details of a target. These may then be used to mail bomb another target, other online hacking activity or even to access the target’s financial data.

Online Hacking: How Phishing Scammers Operate

Phishers try to con you into providing them with sensitive info such as email/ login data, which they can then put into their nefarious online hacking skills and use it to make money out of the system.

One very vulnerable target for phishers is your PayPal account. PayPal is a web-based payment processing system that lets you transfer money to and from your PayPal account with your credit or debit card, thus avoiding the risk of revealing your credit card details to every e-commerce website you shop at.

This does make PayPal a particularly meaty target for online hacking. If you wanted to take money out of other people’s PayPal accounts, all you would really need is their email address and password. Then you sign in to their account, and send the money to an account you have set up.

What phishers will do is email PayPal customers with an email that looks like an official email from PayPal. It will have the PayPal logo and format and will look exactly like official PayPal emails to customers. It may even come from an address that looks like PayPal’s official website. It will go on to say it is a random security check or some other technical procedure and that you are required to type in your user name and password. It will then thank you and say the check or whatever other scheme it claims to be is complete. In the meantime, the phisher will have your password and can clear out your account.

While this is a basic example, there are countless variations of increasing complexity that will be used to try and entice customers to give out bank account details, credit card details or other sensitive information. It can often be next to impossible for the average customer to detect that the email or website is not the official one of the company it is supposed to be from and they are therefore very dangerous.

Any suspect email that has even a remote possibility of being a phishing attempt must be immediately notified to the concerned party that is being mimicked; often your bank or credit card company or PayPal account. You need not be a Sherlock Holmes to spot such a scam: no bank or payment processor would ask for your password in an email, so if a purported bank or bank employee requests such information then its time to hit the panic button.

Keep watching this online hacking weblog for the  latest online hacking news.

Posted in Online hacking, Phishing Spam, Spam - Tagged , ,

Malware Protection Tips for the Home User

Feb02
2012 Leave a Comment Written by blogadmin

You don’t need refer to an online hacking weblog to know that it makes sense to invest in malware protection software. The information superhighway that is the internet is a Wild West unto itself in more ways than one; users have always come out chased by hounds.

To begin with, a wide variety of threats, namely online hacking, virus infection, malware infestation etc. stalk any computer user connected to the internet. Malware ProtectionMost new computer systems are accompanied by bundled anti-virus and malware protection software applications. An alarming trend, however, is that a large number of users choose to neglect the very importance aspect of malware protection and end up exposing their computers to the risk of infection once these bundled applications exceed their validity period and need renewal.

Malware Protection : Nip the Risk in the Bud

Failing to install a firewall, forgetting to update the anti-virus software and clicking on suspicious links, apart from poor malware protection efforts, are among the many unhealthy surfing habits of a majority of netizens. Some are not even aware of the nuisance of adware, or the threat posed by spyware.

Not every site you visit will be a safe place. Not every email you receive will contain safe information. Many viruses enter a website when users visit certain websites (predominately pornographic sites). These viruses can also come from certain emails. Keeping these things in mind and ensuring correct surfing habits are the best malware protection you can get; the software applications come in only as a second line of defense.

Programmers of viruses and other malware have written extremely destructive and devious code; some can even disengage the anti-virus software. This may happen even with paid anit0virus software. What’s important is, that the malware virtually has the run of the system now and can wreak havoc on your files.

This was a very rare case, but if you want adequate malware protection, then you must ensure that you check regularly for updates and scan your computer for viruses everyday, which is something that you can tell your anti-virus software to do automatically by scheduling it in advance.

Other Methods of Malware Protection

The use of a spyware extractor like Ad-Aware can help alleviate chances of browser hijacking and to remove all data-mining files from your hard drive. Many sites will add these features to your computer when you visit their website, they gather data on your personal site visitation and apparent preferences.

Not only can this be personally intrusive but it can also slow your computer down and may result in a significant amount of unwanted emails.

Your hard drive is more important that just a hunk of silicon and electronic boards, especially more so if you use it for business; the data is priceless. You can’t afford to have your computer offline while you deal with the devastating effects of a computer virus, online hacking or deleted files? Hence, if you use your computer to store office files, or if you’re a freelancer using the computer as a workstation, you should know how vital malware protection software and other security measures are.

Keep watching this online hacking weblog for more information on malware protection.

Posted in Malware, Online hacking, Security Software - Tagged , , ,
wordpress visitor
© 2011 USRlib.info