Apple iOS 5.1 released, updates security

Apple released the iOS 5.1 software update which comes with a variety of improvements and bug fixes.

CFNetwork
An issue existed in CFNetwork's handling of malformed URLs. When accessing a maliciously crafted URL, CFNetwork could send unexpected request headers.

HFS
An integer underflow existed with the handling of HFS catalog files.

Kernel
A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges.

libresolv
An integer overflow existed in the handling of DNS resource records, which may lead to heap memory corruption.

Passcode lock
A race condition issue existed in the handling of slide to dial gestures. This may allow a person with physical access to the device to bypass the Passcode Lock screen.

Safari
Safari’s Private Browsing is designed to prevent recording of a browsing session. Pages visited as a result of a site using the JavaScript methods pushState or replaceState were recorded in the browser history even when Private Browsing mode was active. This issue is addressed by not recording such visits when Private Browsing is active.

Siri
An attacker with physical access to a locked phone could get access to frontmost email message.

A design issue existed in Siri’s lock screen restrictions. If Siri was enabled for use on the lock screen, and Mail was open with a message selected behind the lock screen, a voice command could be used to send that message to an arbitrary recipient. This issue is addressed by disabling forwarding of active messages from the lock screen.

VPN
A format string vulnerability existed in the handling of racoon configuration files.

WebKit
A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins.

A cross-origin issue existed in WebKit, which may allow content to be dragged and dropped across origins.

Multiple cross-origin issues existed in WebKit.

Multiple memory corruption issues existed in WebKit.

Tips for Network and Internet Security

Computers, staying vulnerable on account of having the two wired and wireless connections, are already a sufferer to be able to internet security threats. Nevertheless, you’ll be able to enhance your internet along with network security by means of handful of steps and generate a network that can’t be hacked simply by anybody.

We can notice wonderful attempts being carried out by many people companies to enhance their internet and also network security. It is been recently occurring due to the progress of high speed internet services and wireless internet connection containing enticed many hackers to get into it and misuse that. That is why, one can find numerous prone computers throughout the world, being bombarded simply by spyware, virus as well as malware triggering numerous instances of security problems, identity fraud as well as cyber crimes.

The initial step you need to decide to use increase your internet and network is by putting in a new firewall. Any firewall registers just about any unauthorized conversation that will tries to occur in any network as well as any illegal connection to access the particular internet. Firewall may give consumers options to permit or perhaps refute any interaction which may seem unsafe for the computer.

Spyware tend to be destructive packages which rob very delicate information like usernames, passwords, personalized and also banking data. Viruses are usually computer programs that have to be able to multiply and trigger significant harm to the device’s functionality. Hence, additionally it is extremely important to setup a great antivirus and also antispyware in addition to that firewall on the computer. Make certain your current antivirus, antispyware as well as firewall plans are generally updated often.

It is vital to make use of high quality passwords that cannot be cracked by simply any kind of hacker. Usually do not download any data or software from the to never be trusted websites. Tend not to download email accessories in case you are unsure with regards to its supply. If you feel your PC will be afflicted by a spyware, you need to take a look at the particular genuinely of any website login site before you decide to distribute your own password onto it. An individual may deploy additional software that may repair mistakes inside your computer’s pc registry. They’re many of the simple ways you can utilize to enhance the internet as well as network security.

McAfee Antivirus Software – Troubleshooting Solutions Virus In Your Computer

Computer viruses are very dangerous because computer viruses can steal your personal identity and password, so the hackers can get financially. The virus will be hidden on the system so that you will never notice. For those of you who frequently shop online, of course there is a threat to you on that bank account details can be found and tracked by the virus. You can prevent yourself from this crime by purchasing software antivirus. McAfee exists to eliminate all such threats.

McAfee anti-virus software program is simple to setup and configure. You will get great security against every latest computer virus. McAfee anti-virus antispyware intelligent make use of that can remove malware in your laptop or computer. McAfee anti-virus protection is very helpful to protect many different computer viruses for example keys, pirate loggers as well as Internet Trojan viruses.

Quite a lot of free antivirus software, but will not be as good antivirus tool you pay. McAfee automatic alerts to protect computer users when there is an effort that was done by a suspicious file to run, by giving the option to block files at the gateway. Computer viruses constantly always designed to defeat anti-virus software, so McAfee is always put through updates with the latest virus definitions so that your machine will be protected against all types of latest viruses.

Tips On How To Choose a Good Antivirus Software

A great antivirus is essential plan for all those computer owners, however viruses typically propagate from the internet, there are several additional avenues computer masters who don’t use the internet could get computer viruses especially by means of removable drives like flash drives. This as a result means that a person regardless of where you happen to be however employing a computer should purchasing antivirus software.

It is therefore important for each 1 or severe computer owners to not acquire free of charge antivirus software’s but purchase one coming from a real merchant. Even so one should consider extra care just before purchasing a great antivirus given that several anti – infections are generally more serious as compared to viruses on their own. It is also important to have a very full list of antivirus software to help you inside selection before you make an order.

An individual ought to deploy a great antivirus which provides live encoding in a way that you happen to be guarded if you are browsing or perhaps doing your perform. That is beneficial to everybody seeing as there are numerous infections which slip straight into each of our computers without each of our understanding if we are browsing on the particular web. An antivirus which provides live scanning should be able to check out almost all data files and programs because you available these that may provide you with the essential stability.

A good antivirus also need to be able to find distrustful software. Every time a individual is browsing on, there are numerous malicious those who prompt these phones set up applications and pieces of software that may ‘t be risk-free. There’s also periods, once we decide to obtain programs on our own not understanding that they be virus ridden. For this reason you may need an antivirus that can immediately discover dubious programs.

Computer Security Ideas For Protecting Your PC

Computer security has now end up being the most important worry towards the PC people around the world. Every time the computer becomes attached to the Internet, it can be subjected to hazards regarding various varieties. You’ll find cyber criminals called as hackers that are forever in search pertaining to computers with less or even zero security. So if you feel ignorant regarding PC security, then you can definitely effortlessly become a victim of these attack along with finally get losing your own important information as well as information. The best way to shield your computer? Well, right here comes the need for computer security providers. A lot of computer services companies are there within the market that provide PC security support for the computer customers in order to appreciate secure precessing.

In order to obstruct almost all infiltrating attempts of the cyber criminals, you can even use various techniques; just like you may possibly consider adding anti-virus software, anti-spyware program as well as a firewall. These applications play really crucial function throughout safeguarding your current PC in opposition to episodes. There are numerous anti-virus software programs available on the web. The majority of the good antivirus software companies offer their particular tryout version. It is possible to install his or her trial version before deciding on your paid one. If the application gives good protection, and then choose the paid version. IT should be taken into account which paid variations will be more beneficial to protect your own PC as compared to the trial versions.

Similar to antivirus programs, it’s also advisable to make use of anti-spyware program along with firewall. The following a lot of totally free programs can be found. You can select these or even obtain one. If you download the particular software, it is obviously suggested in order to download coming from a good along with genuine website. In numerous cases, websites including this specific software integrate spyware as well as adware. So instead of performing good, you may placed your PC into a significant issue.

Should you be a new comer to the actual site of computer , nor have got good thought regarding PC security, the actual best solution is to find computer security services from your dependable company. The reason why? There are plenty of factors that cause this kind of. Your first as well as primary point is basically that you might not understand which usually antivirus program is going to be perfect for your own computer as well as which usually firewall you should utilize. Of course, if you wish to download a free program, you might not understand that web site you can get it safely. Due to this explanation, it ‘s better to find the help of the best tech support vendor.

Intro to Next Generation Firewalls

The traditional stateful firewall filters traffic based upon ports and protocols. For example, blocking or allowing the entire port 80 for HTTP traffic or port 443 for HTTPS traffic. It’s an "all-or-nothing" approach.
Newer firewall technology can also filter traffic based upon the applications or traffic types traversing these ports. For example, you could open port 80 for only select HTTP traffic, for those specific applications, sites, or services you allow. Think of it as blending the firewall and quality of service (QoS) functionalities into one solution.

These application-aware firewalls are commonly cited as a next-generation firewall (NGFW) but they are, basically, a form of a unified threat management (UTM) solution. However, the term UTM is usually applied to products that lack the true application-awareness and are targeted towards the SMB market. UTM products usually offer additional functions over traditional firewalls, such as antivirus, antispam, or even intrusion prevention systems (IPS).

The fine-tuning of traffic provided by NGFWs can help in both security and bandwidth control aspects. Since they’re smarter and provide deeper inspection, they have the potential to catch more malicious activity. They can also serve as content filters and provide QoS functions, so higher priority applications receive higher priority bandwidth. Along with the general need for better overall security, NGFWs are in demand due to the increase of cloud services and outsourced software as a service (SaaS) providers.

Common characteristics 

Here are the common features of most NGFWs:

Standard firewall features: They include the traditional (first-generation) firewall functionalities such as stateful port/protocol inspection, network address translation (NAT), and VPN.

Application identification and filtering: This is the chief characteristic of NGFWs. They can identify and filter traffic based upon the specific applications, rather than just opening ports for any and all traffic. This prevents malicious applications and activity from using non-standard ports to evade the firewall.

SSL and SSH inspection: NGFWs can even inspect SSL and SSH encrypted traffic. They can decrypt traffic, make sure it’s an allowed application and check other policies, and then re-encrypt it. This provides additional protection from malicious applications and activity that try to hide using encryption to avoid the firewall.

Intrusion prevention: Being more intelligent and with deeper traffic inspection, they may also be able to perform intrusion detection and prevention. Some next-gen firewalls might include enough IPS functionality that a stand-alone IPS might not be needed.

Directory integration: Most NGFWs include directory support (i.e., Active Directory). For instance, to manage authorized applications based upon users and user groups.

Malware filtering: NGFWs can also provide reputation-based filtering to block applications that have a bad reputation. This can possibly check phishing, virus, and other malware sites and applications.

What gives 

Keep in mind when comparing vendors they have varied approaches to implementing application-aware firewalls. The number of specific applications they can detect varies. Some may support as many as 5,000 applications, or as few as 800.

Additionally, the ability or process of how to identify new or unknown applications also differs among vendors. The depth of application awareness varies, as well. Vendors can offer what you might call sub-application or application-function awareness. They can, for example, distinguish between multiple applications hosted on the same site. Another example: you might block the sharing capabilities of an instant messenger while still allowing the ability to chat.

The vendors

Here’s a review of the technology behind some of the enterprise-level next-generation firewall vendors:
Palo Alto Networks: This is one of the first vendors to release an application-aware firewall. Their proprietary technologies include App-ID, User-ID, and Content-ID: App-ID classifies known and unknown applications traversing any port and protocol via clear-text or encrypted SSL or SSH connections; User-ID adds support of user and group policies via most all enterprise directories on the market in conjunction with the network-based User-ID agent; and Content-ID provides the real-time content inspection and filtering, URL filtering, and IPS functionality.

Barracuda Networks: Their Barracuda NG Firewall series combines NGFW and VPN technologies. It features application controls, intrusion prevention, Web filtering, antivirus, antispam, and network access control.

Juniper Networks: Their AppSecure software suite adds NGFW capabilities to their SRX Services Gateway. The application-awareness is provided by the AppTrack component. The AppFirewall and AppQoS components provide the traffic control and policy enforcement. Then the AppDoS and IPS components provide protection against attacks and malicious activity.

Evaluating the Security of Sliced Data Storage in the Cloud

Storage slicing is an innovative storage technology offered by companies including Symform and Cleversafe. The technology works by breaking chunks of data up into multiple slices, encrypting them, adding extra bits for redundancy (in a similar fashion to RAID), and then distributing the slices to multiple storage devices -- often in separate geographical locations. Only a proportion of the slices needs to be retrieved in order to recreate the original block of data, thus ensuring that the data remains available even if multiple storage devices fail completely.

With Cleversafe, your sliced data resides in your own private cloud, or on rented storage systems in one or more data centers. Symform's system is more unusual in that it uses the concept of storage sharing – in which slices of your data are stored on the storage devices of multiple other Symform customers. In return, you are obligated to make a portion of your own company's unused storage capacity available to host slices of other Symform customers' data.

The advantage of the data dispersal approach is that the volume of storage space needed is usually well below what is required by traditional replication methods. For companies with large amounts of data, this can mean a significant savings in storage requirements. And by distributing the slices in multiple locations, the underlying data is protected in the event of multiple storage device failures or even a disaster disabling an entire data center.

Storage slicing clearly offers benefits in terms of storage optimization and business continuity preparedness, but what about security? How can you be sure your data is well protected when it is dispersed to multiple locations? Symform's system in particular, in which your data is stored on other (unknown) organizations' storage devices, should surely set alarm bells ringing.

In fact, both companies have built comprehensive security features into their services, and while Symform and Cleversafe take different approaches, both claim to offer high levels of security for your data.

How It Works

Symform's system works by breaking your data into 64MB chunks, and encrypting each chunk with strong AES 256-bit encryption using a unique key. Each encrypted chunk is divided into 64 1MB fragments, and 32 parity fragments are then generated and added using a RAID algorithm to make 96 1Mb fragments. These fragments are then distributed randomly to 96 different storage nodes -- storage made available by other Symform users. The keys for the AES encryption are managed by Symform itself in a distributed database the company calls Cloud Control.

If your organization has experience with encryption key management, then there is no reason why you can't also pre-encrypt your data using any algorithm you choose, before the data enters the Symform system. This can offer an additional layer of protection, but if you lose the key then your data will be permanently lost.
To put the security of Symform's system in perspective, let's imagine that your company stored its data unencrypted in a single data center. A hacker managing to infiltrate the data center in this situation could easily get access to your data. You could add a level of security by encrypting your data -- but if you stored the key in the same data center and the hacker accessed the key, then he would also be able to access the data.

Using Symform's approach, even if hackers were to infiltrate Cloud Control and access the keys for every block of encrypted data, they would encounter an additional barrier: to access the data they would need to retrieve 64 fragments of a given block from 64 different unknown locations. Even if this were achievable and the original data block reassembled, this might still not be enough if the data has been pre-encrypted by the customer.

A more likely scenario is that a hacker might gain access to one of the data fragments stored on a Symform customer's storage device. But the fragment by itself is useless: it contains what appears to be random data, and it has just one sixty-fourth of the information needed to reconstitute a block of the original data, which would anyway be encrypted at least once, and possibly twice.

Cleversafe's approach to data security is slightly different. Cleversafe uses a variable level of redundancy that you select. For example, you could choose to have your data split into sixteen slices, with only ten needed to reassemble the original data. When a file enters the system ,an integrity check value is added to it and it is then encrypted with AES, using a random 256-bit key. A hash of the data plus the key is then added to the encrypted data to create a data package, which is then divided into sixteen slices. These slices are distributed and stored on separate storage devices at the same or separate locations. To reassemble the package, it is necessary to retrieve at least ten slices, and once this has been done it can be decrypted using the key that gets reassembled along with the rest of the package.

As additional security measures, all traffic between a client machine and a storage device is protected using Transport Layer Security (TLS), and each storage device uses digital certificates to prevent "rogue storage nodes" from being added to the system.

With Cleversafe's system there is no central key repository that could be compromised because fragments of each key are distributed with each slice, and the key can only be reassembled by retrieving a threshold number of slices. This can only be done using Cleversafe Accesser software or client software and an Accesser hardware appliance, after authenticating yourself on to the system. Anyone accessing individual data slices on any storage device would only see apparently random data, with no clue as to where the other slices are located. And without the other slices, it is not possible to reassemble the key.

Clearly, as the owner of the data you need to be able to access it whenever you need to -- and with the correct authorization credentials to use either Symform's or Cleversafe's systems you can reassemble your data from distributed slices. A hacker with those same credentials could reassemble it too. But what is also clear is that an unauthorized user faces an insurmountable challenge in trying to steal your data by accessing the distributed storage devices themselves.

How to Secure Your Facebook Business Page

Do you manage a Facebook Page for your business or organization? If so, you're probably aware that many of the same security issues that plague personal profiles also apply to Pages. But what you may not know is that there are several additional security issues that you should be thinking about when managing a Facebook Page.

The top areas you should be thinking about include: Securing your Page, locking down your admin accounts, and securely managing apps, comments, posts, and abuse.

In this article, I’ll discuss each of these areas and give you some tips on keeping your company's Facebook presence as secure as possible.

Configure Your Page for Maximum Security

To review and manage your Page settings, you must first log in with your personal Facebook account. Once you're logged in, click the arrow in the upper right corner and select your page. Now you'll be using Facebook as your Page (rather than as yourself), and you'll be able to review and update your page settings and permissions, admin accounts, and featured settings. You can also access these settings by clicking the Edit Page button in the upper right when viewing your Facebook Page. You'll want to periodically review these settings, as Facebook often makes changes and additions in these areas.

On the Your Settings page, it's a good idea to enable the setting  labeled Always comment and post on your page as [Your Page Name], even when using Facebook as [Your Personal Name]. Doing so will help hide your personal Facebook account from your Page's visitors, which is a good idea in case your personal account gets hacked. On this page you'll also likely want to enable the email notifications so you can regularly keep tabs on postings and comments left by the public. If you have other people set up as Page admins, keep in mind these settings are unique to each admin. It's a good practice to make sure all admins are following a consistent policy with regard to these settings.

On the Manage Permissions page, pay close attention to the Posting Ability, Moderation Blocklist, and Profanity Blocklist settings.

On the Manage Admins page, make sure you keep the list of admins up-to-date and remove anyone who no longer needs access.

On the Featured page, it's a good idea to stay away from designating any of your admins as Featured Page Owners, because the act of exposing your admins' personal accounts could make your Page more vulnerable to hacking. Furthermore, your admins might inadvertently post content on their personal profiles that would not be appropriate for your Page visitors.

Protect Your Admin Accounts

Remember, admin access to your Page content and settings is managed via personal Facebook accounts. Any person that is set as an admin for your Page can login with his or her personal Facebook account credentials to manage the page. This means that if an admin's personal Facebook account becomes compromised, then the hacker automatically has admin access to the Page content and settings as well. (Unfortunately, admins can't mitigate this risk by creating multiple Facebook accounts: It is a violation of Facebook’s Statement of Rights and Responsibilities to maintain more than one personal account.)

To help keep their personal accounts secure, all Page admins should be familiar with and follow the tips and best practices listed on the Facebook security page and in the downloadable Facebook Security Guide. Some of the steps you can take to secure your personal account include: Making your profile and content private, and enabling SSL connections. You should also carefully review which apps have access to your account and disable all the ones you can live without.

Manage Apps, Comments, and Abuse

Facebook apps let you add custom functionality to your Facebook Page, which can help create a more compelling experience for your visitors. For example, you can use the Hosted iFrame app to add custom tabs to your Facebook Page.

But before you add a Facebook app to your Page, make sure to read the app reviews and carefully review the list of permissions requested by the app. Some apps may pose privacy risks while others may be completely malicious. Review your app list periodically and remove those you don't use.

If you allow posting by visitors (as specified in permissions), you can always remove posts and comments from your page that you deem inappropriate. Simply view your page, hover over the post or comment, and you’ll find a small icon for deleting it. If you accidently remove or hide a post, you may be able to recover it by clicking the Wall link on your Page and selecting Hidden Posts.

You can also remove or permanently ban troublemakers from your page. When removing a post or comment, you’ll be asked whether or not you want to just delete the content or delete and ban the user.
To help protect your business or brand, you should periodically search Facebook for any third-party pages or profiles about your organization. Users could create hate groups and imitation pages about your organization or brand for malicious reasons.

If you do find inappropriate content you can report it to Facebook. Even if you find a username of a page or personal profile that infringes your rights, you can report that as well.

Lastly, you might want to check Facebook’s official Privacy for Page Admins info. If you have specific questions regarding pages or their security, consider posting them on the Facebook Pages Forum. And it bears repeating that you'll want all page admins to follow good security practices when using their personal accounts as well, so be sure to check out the general Facebook Security page too.

Quantum computer

           "A quantum computer is any device for computation that makes direct use of distinctively quantum mechanical phenomena, such as superposition and entanglement, to perform operations on data."

In a classical (or conventional) computer, information is stored as bits; in a quantum computer, it is stored as qubits (quantum bits).

The basic principle of quantum computation is that the quantum properties can be used to represent and structure data, and that quantum mechanisms can be devised and built to perform operations with this data. Although quantum computing is still in its infancy, experiments have been carried out in which quantum computational operations were executed on a very small number of qubits.

Research in both theoretical and practical areas continues at a frantic pace, and many national government and military funding agencies support quantum computing research to develop quantum computers for both civilian and national security purposes, such as cryptanalysis. If large-scale quantum computers can be built, they will be able to solve certain problems exponentially faster than any of our current classical computers (for example Shor's algorithm).

Quantum computers are different from other computers such as DNA computers and traditional computers based on transistors.

Some computing architectures such as optical computers may use classical superposition of electromagnetic waves, but without some specifically quantum mechanical resources such as entanglement, they have less potential for computational speed-up than quantum computers. The power of quantum computers Integer factorization is believed to be computationally infeasible with an ordinary computer for large integers that are the product of only a few prime numbers (e.g., products of two 300-digit primes).

By comparison, a quantum computer could solve this problem more efficiently than a classical computer using Shor's algorithm to find its factors.

This ability would allow a quantum computer to "break" many of the cryptographic systems in use today, in the sense that there would be a polynomial time (in the number of bits of the integer) algorithm for solving the problem.

In particular, most of the popular public key ciphers are based on the difficulty of factoring integers, including forms of RSA.

These are used to protect secure Web pages, encrypted email, and many other types of data.
Breaking these would have significant ramifications for electronic privacy and security.

The only way to increase the security of an algorithm like RSA would be to increase the key size and hope that an adversary does not have the resources to build and use a powerful enough quantum computer.

It seems plausible that it will always be possible to build classical computers that have more bits than the number of qubits in the largest quantum computer.

Top 10 Tips To Keep Your Computer Secure

Thinking of spending your normal life without this amazing device is really annoying. So, in other words, we can say that life becomes quite unmanageable in the absence of computer. But, computer without internet connection seems to be useless and boring. As we all know, internet connection is great source of keeping you update with lots of information and is the greatest mean to answer your queries. Other than these, internet is greatest mode of entertainment and recreation like playing games and much more.

Just because of so much interesting facts are attached to a computer with internet connection, it plays significant role in our life. Therefore, loads of people spend most of the time on their PC. Though the computer with internet connection is quite useful but it also has numerous security risks. And, it proves to be quite hectic to get your system rid off such harmful attacks. Such attacks not only prove to be hazardous for your system but also just because of them your secrets and private information can be damaged or stolen. Therefore, it is advisable to almost all computer users with internet connections to go for safety measures for security of your computers. 

Here are top 10 computer security tips:

1. Use of Antivirus Programs: The most effective and basic tips for computer security is to go for Antivirus protection programs. It is quite wise decision to have anti-virus software on your computer for the protecting your computer from the known viruses. But for new viruses, keep in mind to update your anti-virus program daily.

2. Avoid opening unknown emails or attachments: To safeguard your computer from hazardous viruses, it is strictly advisable not to open any suspicious emails with any sort of attachments. It will be wise decision to delete such mails and even its attachments. But, keep in mind, to delete such mails without opening them.

3. Not to download unsure files: Beware of the files like screen savers, games, freeware, etc. To save your computer, be sure of scanning the download before running them.

4. Use of firewalls: The best way to protect your computer is to make use of firewalls!! As the name suggests, firewall is just like a barrier between the outside wall and your computer. Basically, firewalls are of two types – Hardware firewalls and Software firewalls. 

5. Make use of strong Computer Password: For safety measures, it is must to keep your computer safe from any unauthorized person. For this purpose, use of computer password is recommendable especially, when the computer is not coming in use. Just try to choose the toughest password with use of special characters, lower or upper case or numbers so that the chances of being hacked lessen. 

6. Back-up your computer files: To overcome the problems like losing of computer data or stealing of important information, it is best suggested to back up your important files on CDs or other disks. It is the best means to keep your records safe and unrevealed. 

7. Make sure of disconnecting Internet when no more required: Connecting with Internet is just akin to two-way highway road, so it's better to get disconnected from internet when you are not doing anything online. This will keep your computer safe from accessing by any other computer. 

8. Avoid using floppies for transferring files between PCs: The most common way to transfer files from one computer to another is use of floppies. But did you know it is the simplest way to harm your computer system without much effort? So, make habit of scanning such floppies before transferring any files from them.

9. Avoid use of unnecessary toolbar or gadgets: Most of the time, use of unnecessary toolbar or gadgets creates great problem for your computer. So, it’s better to delete them!!

10. Use of authenticated security software: Beware of fraud or malicious security software!! Such software is of no use for your computer security.

Hackers breached NASA systems thousands of times in 2010-2011: federal report

WASHINGTON—NASA said hackers stole employee credentials and gained access to mission-critical projects last year in 13 major network breaches that could compromise U.S. national security.
National Aeronautics and Space Administration Inspector General Paul Martin testified before Congress on the breaches, which appear to be among the more significant in a string of security problems for federal agencies.

The space agency discovered in November that hackers working through an Internet Protocol address in China broke into the network of NASA’s Jet Propulsion Laboratory (JPL), Martin said in testimony released on Wednesday. JPL, one of NASA’s key labs, manages 23 spacecraft conducting active space missions, including missions to Jupiter, Mars and Saturn.

He said the hackers gained full system access, which allowed them to modify, copy, or delete sensitive files, create new user accounts and upload hacking tools to steal user credentials and compromise other NASA systems. They were also able to modify system logs to conceal their actions.

“Our review disclosed that the intruders had compromised the accounts of the most privileged JPL users, giving the intruders access to most of JPL’s networks,” he said.

In another attack last year, intruders stole credentials for accessing NASA systems from more than 150 employees. Martin said his office identified thousands of computer security breaches at the agency in 2010 and 2011.

The agency “ reported 5,408 computer security incidents that resulted in the installation of malicious software on or unauthorized access to its systems” he testified.

The hackers ranged from individuals trying to boost their skills to criminal groups and — possibly — spies, the report said. Suspects have been arrested in China, Estonia, Great Britain, Italy, Nigeria, Portugal, Romania and Turkey.

Martin also said NASA has moved too slowly to encrypt or scramble the data on its laptop computers to protect information from falling into the wrong hands.

Unencrypted notebook computers that have been lost or stolen include ones containing codes for controlling the International Space Station, as well as sensitive data on NASA’s Constellation and Orion programs, Martin said.

A NASA spokesman told Reuters on Friday the agency was implementing recommendations made by the Inspector General’s Office.

“NASA takes the issue of IT security very seriously, and at no point in time have operations of the International Space Station been in jeopardy due to a data breach,” said NASA spokesman Michael Cabbage.

General Computer Maintenance Tips:

Keep all of your working files in one folder.                                                                                                       
           The My Documents folder is offered by Windows expressly for this purpose. The benefits of keeping all your files in one place are multiple. One, you know where all your files are, two, it's easy to back them all up at once, and three, your machine will run faster.

Don't put your personal files on the root of the C:drive.                                                                 
             
          If you store a large number of files in the root folder, you could corrupt your disk file table which could lead to a "NTLDR is missing" error message when you boot the computer. Very bad. If you have personal files on the C: drive now, move them to the My Documents folder.

Uninstall programs that you are not using.
          
         But don’t just delete the program. Remove it correctly so you won’t cause Windows errors. Go to Start, Control Panel, Add or Remove Programs. Find the program you want to remove in the list, and click the Remove button.

Eleven Tips to Keep your Computer Running Smoothly

1. Never, never, turn your computer off with the power switch until Windows has shut down. 

                The one exception to this rule is when your computer locks up and your hard drive is not running (hard drive light is not blinking). In this situation, you can turn the power off without harmful effects to the hard drive. As cutting the power can also result in lost data or Windows files, you should only do this when you have to.

Following this rule will prevent permanent hard drive defects caused by the hard drive heads contacting the surface of the drive disc, and it will prevent a host of Windows problems.
Whenever possible, recover from crashes by pressing the Ctrl + Alt + Delete keys at the same time. Press them again to reboot your computer.

2. I highly recommend that you purchase an UPS 

                  (uninterruptible power supply) for your computer. This will keep your computer from crashing during power outages, and will protect your computer from low and high voltage occurrences.

An UPS is far superior to a surge protector and will save your computer from almost any type of power disaster. (See #1 above for what happens when your computer crashes.)

This is an especially important thing to have if you live or will be living in old houses or apartments. The reason for this is the electrical work in apartments like those can often have faulty wiring that may short out resulting in a damaged computer or loss of information for you. Why have a surge protector when you could put that money towards a UPS? 

3. Backup, backup, backup, 

                 any data you cannot afford to lose to at least two separate physical drives. So backup data to external hard drives, USB/thumb drives, CD-RW's etc.

The time to backup is when you create something you can't afford to lose. Don't wait until tomorrow.

If you have mistakenly deleted any files, documents, photos, or even crashed your hard drive, and you want to recover your data, please see our article, "Best Data Recovery Programs for Windows and Macs".

4. Run Scandisk and Defragment at least once a month. 

                  This will keep your hard drive healthy and prevent crashes. Alternatively, purchase a disk utility program and use it to keep your hard drive healthy. These programs are part of Windows and can be found at Start/Computer then Right click on the drive you want to fix. Choose Scandisk or Defragment from the menu.

5. Never unplug peripherals from the computer when it is powered up. 

                Unplugging with the power on can short out the connector socket or the motherboard. The only exception to this rule is if you know a peripheral is "hot pluggable". If you do not know what "hot pluggable" means then ignore this exception.

6. Do keep at least 300 MBs of your C: drive free for Windows to use. 

              If you use Windows XP, Vista, or WIndows 7 then you should have 400-600 MBs of free space on your C: drive.

If you do not have enough free space you will choke Windows and it will start dumping data to your hard drive (or designated virtual drive), or it will just get really, really, slow (you will see your hard drive light on all the time and your computer will be locked up until the drive stops spinning).

Use the ADD/Delete tool in the Windows Control Panel to delete unneeded programs from your drive.

You can also use disk/utility cleaning programs and speed-up programs to get rid of clutter on your hard drive and to speed up your system, we recommend using a PC speed up program like PC Cleaner. See our review of PC Cleaner for more information.

7. Do not let a lot of programs load up when you start your computer. 

            They use valuable memory and Windows Resources (Windows internal workspace).

All programs in your Windows System Tray (in the lower left of your screen) are running on your computer. Close them if you don't need them or run them and configure them not to load when you boot up.

Other programs running in the background can be found by pressing Ctrl + Alt + Delete at the same time. 

8. Do use an antivirus checker regularly.  

              Everyone should have an antivirus checker that boots up when their computer starts. The best type of protection is continuous monitoring from a dedicated anti-virus program (for example Ad Aware Pro, Panda AntiVirus Pro, BitDefender Total Security, Spyware Doctor with AntiVirus). Also, make sure the anti-virus program is set to update automatically. These programs must regularly update their virus definitions to provide the best defense against new viruses and other malware..

9. If you have a high speed Internet connection, you need a firewall program.

               A firewall program keeps those who want to hijack your computer from gaining access to your system. You really do not want someone else running your computer.

All current versions of Windows come with a built in firewall program. You can access the Windows firewall at Start/Control Panel/Internet Connections/Windows Firewall. This program should always be running unless you choose to use a different firewall program.

For additional protection, you should consider Internet security software that has firewall programs and other web security tools built-in e.g. PC Tools Internet Security, Panda AntiVirus Pro, and BitDefender Total Security have firewall, antivirus, and other security programs bundled together in one package.

Case in point: When I am online 10 hours or more with my DSL connection, my computer is usually attacked by a hacker at least once.

Do not think you are safe from hackers!! Hackers use search programs to seek out computers at random. Get a firewall program and use it.

10. Keep track of the software disks you receive 

               with your computer and new peripherals. These disks contain valuable software drivers and programs for Windows and are needed when Windows must be reloaded. Keep these disks and your Windows software disks in a safe, dry, place -- you never know when you will need them.

11. Make sure Windows Update is set to Automatically Update your computer. 

               Windows is frequently updated by Microsoft to prevent virus and malware attacks, to improve Windows performance, and to provide new features. Access Windows Update at Start/Control Panel/System/ Security/Windows Update.

Benefits and Risks of Free Email Services

 "Although free email services are convenient for sending personal correspondence, you should not use them to send messages containing sensitive information"

What is the appeal of free email services?

Many service providers offer free email accounts (e.g., Yahoo!, Hotmail, Gmail). These email services typically provide you with a browser interface to access your mail. In addition to the monetary savings, these services often offer other benefits:

• accessibility - Because you can access your account(s) from any computer, these services are useful if you cannot be near your computer or are in the process of relocating and do not have an ISP. Even if you are able to access your ISP-based email account remotely, being able to rely on a free email account is ideal if you are using a public computer or a shared wireless hot spot and are concerned about exposing the details of your primary account.
• competitive features - With so many of these service providers competing for users, they now offer additional features such as large amounts of storage, spam filtering, virus protection, and enhanced fonts and graphics.
• additional capabilities - It is becoming more common for service providers to package additional software or services (e.g., instant messaging) with their free email accounts to attract customers.

Free email accounts are also effective tools for reducing the amount of spam you receive at your primary email address. Instead of submitting your primary address when shopping online, requesting services, or participating in online forums, you can set up a free secondary address to use (see Reducing Spam for more information).

What risks are associated with free email services?

Although free email services have many benefits, you should not use them to send sensitive information. Because you are not paying for the account, the organization may not have a strong commitment to protecting you from various threats or to offering you the best service. Some of the elements you risk are

• security - If your login, password, or messages are sent in plain text, they may easily be intercepted. If a service provider offers SSL encryption, you should use it. You can find out whether this is available by looking for a "secure mode" or by replacing the "http:" in the URL with "https:" (see Protecting Your Privacy for more information).
• privacy - You aren't paying for your email account, but the service provider has to find some way to recover the costs of providing the service. One way of generating revenue is to sell advertising space, but another is to sell or trade information. Make sure to read the service provider's privacy policy or terms of use to see if your name, your email address, the email addresses in your address book, or any of the information in your profile has the potential of being given to other organizations (see Protecting Your Privacy for more information). If you are considering forwarding your work email to a free email account, check with your employer first. You do not want to violate any established security policies.
• reliability - Although you may be able to access your account from any computer, you need to make sure that the account is going to be available when you want to access it. Familiarize yourself with the service provider's terms of service so that you know exactly what they have committed to providing you. For example, if the service ends or your account disappears, can you retrieve your messages? Does the service provider give you the ability to download messages that you want to archive onto your machine? Also, if you happen to be in a different time zone than the provider, you may find that their server maintenance interferes with your normal email routine.

Understanding Firewalls

"When anyone or anything can access your computer at any time, your computer is more susceptible to being attacked. You can restrict outside access to your computer and the information on it with a firewall".

What do firewalls do?

Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary Internet traffic. Firewalls can be configured to block data from certain locations while allowing the relevant and necessary data through. They are especially important for users who rely on "always on" connections such as cable or DSL modems.

What type of firewall is best?

Firewalls are offered in two forms: hardware (external) and software (internal). While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type you use.

• Hardware - Typically called network firewalls, these external devices are positioned between your computer or network and your cable or DSL modem. Many vendors and some Internet service providers (ISPs) offer devices called "routers" that also include firewall features. Hardware-based firewalls are particularly useful for protecting multiple computers but also offer a high degree of protection for a single computer. If you only have one computer behind the firewall, or if you are certain that all of the other computers on the network are up to date on patches and are free from viruses, worms, or other malicious code, you may not need the extra protection of a software firewall. Hardware-based firewalls have the advantage of being separate devices running their own operating systems, so they provide an additional line of defense against attacks. Their major drawback is cost, but many products are available for less than $100 (and there are even some for less than $50).
• Software - Some operating systems include a built-in firewall; if yours does, consider enabling it to add another layer of protection even if you have an external firewall. If you don't have a built-in firewall, you can obtain a software firewall for relatively little or no cost from your local computer store, software vendors, or ISP. Because of the risks associated with downloading software from the Internet onto an unprotected computer, it is best to install the firewall from a CD or DVD. If you do download software from the Internet, make sure it is a reputable, secure website (see Understanding Web Site Certificates for more information). Although relying on a software firewall alone does provide some protection, realize that having the firewall on the same computer as the information you're trying to protect may hinder the firewall's ability to catch malicious traffic before it enters your system.

How do you know what configuration settings to apply?

Most commercially available firewall products, both hardware- and software-based, come configured in a manner that is acceptably secure for most users. Since each firewall is different, you'll need to read and understand the documentation that comes with it to determine whether or not the default settings on your firewall are sufficient for your needs. Additional assistance may be available from your firewall vendor or your ISP (either from tech support or a website). Also, alerts about current viruses or worms (such as US-CERT's Cyber Security Alerts) sometimes include information about restrictions you can implement through your firewall.

Unfortunately, while properly configured firewalls may be effective at blocking some attacks, don't be lulled into a false sense of security. Although they do offer a certain amount of protection, firewalls do not guarantee that your computer will not be attacked. In particular, a firewall offers little to no protection against viruses that work by having you run the infected program on your computer, as many email-borne viruses do.

Trojan virus tricks Apple Mac users to steal passwords

Apple Mac users have been warned that a new Trojan virus is capable of infecting their computers and stealing passwords to services such as Google, PayPal and online banking. 

 

The new malware is a "particularly insidious" strain of Flashback, a Trojan virus first discovered in September, and is said to be increasing the infection rate.

It tries to take covert control of Macs using three methods. Two exploit vulnerabilities in Java, a software language commonly used by websites to deliver interactive elements, and require no intervention from the user to succeed.

If Java is not installed or all its security patches are up-to-date, however, the new variant, Flashback.G, attempts to trick users into installing it by presenting a fake security certificate that looks like it comes from Apple, according to Intego, a computer security firm.

"Most users won’t understand what this means, and click on 'Continue' to allow the installation to continue," the firm said.

Mac users running the most recent version of OS X, Snow Leopard, are most at risk, because Java was included as part of the installation package for the first time.

"It is therefore essential that anyone running OS X 10.6 update Java immediately," Intego said.
Users running previois versions of OS X, such as Lion, may have installed Java themselves, however, and should also ensure it fully updated.

"Nevertheless, many Macs are getting infected by the social engineering trick of the bogus certificate purporting to be signed by Apple, as shown in our screenshot above. If you see this, don’t trust it, and cancel the process," Intego warned.

If a Mac is infected, certain applications such as Safari and Skype will frequently crash.

The Flashback Trojan caused a stir because cyber criminals rarely target Macs compared to Windows PCs. According to security experts it is showing increasing sophistication with each variant, suggesting Apple's growing market share is making it more worthwhile to invest time an money in creating Mac-specific viruses.
Nevertheless, according to the security firm McAfee, there were more than four million new Windows malware strains in the fourth quarter of 2011, compared to fewer than 50 that targeted Apple computers.

x.o.ware Launches ExoNetwork Security Products

The ExoNetwork is a small device that creates a personal cloud that provides secure access from an unencrypted wireless network.

    Network security specialist x.o.ware Inc. introduced the ExoNetwork, a secure exoskeleton for small and midsize business (SMB) networks that protects a local network from unauthorized access and extends security to anywhere users access the Internet, even over unsecure public networks.

The company also introduced the ExoKey, a USB appliance that provides encrypted remote access to everything connected to the ExoNetwork, even if a user is accessing it from an insecure location, such as a coffee shop hotspot.

The ExoNetwork is a small device that creates a personal cloud that provides the owner with control and secure access from any unencrypted wireless network, using the Virtual Private ExoNetwork server (VPEx) that is integrated into the ExoNetwork. Unlike other solutions in which users connect network storage devices and must learn a procedure for configuring their routers and VPNs, storage attached to the ExoNetwork is automatically and securely accessible from the ExoNetwork.

Features include a VPEx server that implements two-factor security with a unique 256-bit key for each user for hardware-based encryption processors employing 256-bit AES encryption, integrated network storage with seamless security and high-performance dual-WAN interfaces. The ExoKey features an encryption processor that can store encryption keys and perform encryption in hardware and the ability to perform all the encryption in real time. This helps ensure keys are never exposed to malware and performance is not impacted by the encryption/decryption that is normally done in software on the host computer.

The ExoKey also features registration with one or more VPEx servers so that it can be used in any computer without having to register each computer with the server. The ExoKey also provides portability to secure remote access, and it leaves no trace of encrypted sessions on the remote computers. The technology includes a socket for a microSD card, which can store encrypted user data, using keys that are never accessible to anything other than its on-board processor. The ExoKey can also be used by network administrators, not only to encrypt traffic to and from their network, but also to control access to the network. The VPEx server in the ExoNetwork can be configured to only grant access to devices using an ExoKey, ensuring that only registered users can traverse the network.

"We are entering a new era where wireless networks are more frequently unencrypted to fulfill their role in the mobile network; therefore, the security must be implemented at the source of the data (i.e., the end points)," said Ken Goldsholl, CEO of x.o.ware. "At x.o.ware, we are addressing one of the biggest obstacles to ubiquitous security—the user interface—which is typically so complicated that people don't enable security and are unable to fully utilize all of the capabilities of most network access devices. Our easy-to-use technology is solving this need by simultaneously providing advanced functionality, the highest performance in its price class and unmatched security."

 

There can only be one! New 'Highlander' virus steals EVERYTHING from your computer, even other viruses Read more: http://www.dailymail.co.uk/sciencetech/article-2102731/There-New-Highlander-virus-steals-EVERYTHING-viruses

Computer security experts are warning of a new virus which logs users' online activities, steals bank information, downloads malicious software and seizes control of your computer.
The virus, which has been christened Ainslot.L, even searches for competing viruses on the computer and removes them, earning it the nickname 'Highlander'.
Luis Corrons, technical director of computer security company PandaLabs, explained: 'It eliminates all competition, leaving the computer at its mercy.
'It reminds us of the popular ‘Highlander’ movies, "There can be only one".

 

Highlander starring Christopher Lambert as Connor MacLeod: A new virus has earned the nickname 'Highlander' because it eliminates other viruses on users computers

The Highlander film franchise chronicles an ages-old battle between immortal warriors, who are all competing to be the last left and gain the powers of all the others.
Ainscot.L is what is actually known as a 'bot', a piece of software that surreptitiously takes control of computers connected to the internet, adding them to its 'botnet'.

Indian hackers planning new offensives on Bangladeshi sites

While more than 26,000 Indian sites have been hacked by the Black Hat Hackers and their international supporting cooperating forces, Indian hackers are reported taking preparation for making a fresh attack on Bangladeshi sites within next 72 hours. It is learnt from various sources that, Indian hackers this time may try hacking into websites of Bangladeshi financial institutions as well as online banking system. They also are targeting websites of Bangladesh Police, Rapid Action Battalion and Bangladesh Armed Forces. Meanwhile Bangladeshi hackers have penetrated into more than 27 websites of various departments of Andhra Pradesh on late hours of Thursday. The hackers broke into one of the government servers and hacked those websites. The websites which were hacked include those of departments of commercial taxes, general administration department, horticulture, factories, gazette notifications and government orders.

The Indian officials said the hackers did not deface the pages or steal the information but only added additional pages with their message. State Information Technology Minister Ponnala Lakshmaiah said there was no loss of data. He told reporters that one of the 50 government servers was hacked and 27 websites supported by the server were affected. Indian government denied reports that the data relating to the state budget was stolen. The officials said none of the websites had data relating to 2012-13 budgets, which is to be presented in the state legislature Friday. Finance Minister Anam Ramnarayan Reddy denied that the website of finance department was hacked. He denied that the budget was leaked. The minister said the budget would be posted on the website only after it was presented in the budget.

Meanwhile as retaliation of India's silence in protecting the Israeli diplomats in New Delhi who were recently attacked, an Israeli hacker group named who got by name IDF-TEAM has already extended support towards Bangladeshi Black Hat Hackers. While Indian authorities are in greatest ever threat following the continuous hacking of their sites, it is learnt from various sources that, Indian intelligence has already warned the government of a "severe offensive" on their air traffic control system, which may cause "devastating fate for the airlines operating within Indian airports". Indian intelligence think, in case of such offensives by the Bangladeshi Black Hat Hackers and its international supporters, India's aviation industry will witness worst ever fate with possible death of hundreds of people. Sensing such threat from the Bangladeshi hackers, a team of Indian cyber specialists as well as members of the "Cyber Crime Prevention Team" and "Central Bureau of Investigation" has secretly arrived in Bangladesh on Thursday evening. This team came under various camouflages of businessmen and tourists. But a highly placed source hinted to Weekly Blitz that, Bangladeshi high commission in New Delhi, Tariq Karim as well as the foreign minister are fully aware of the arrival of these people, who will start working in identifying "strategic information" on the Bangladeshi hackers. The foreign ministry as well as telecommunication ministry are going to give "silent directives" to Bangladesh Telecommunication Regulatory Commission [BTRC] and Bangladesh Telecommunication Company Limited [BTCL] to "extend all out cooperation" to the Indian team. Some of the Bangladeshi IT experts are also reportedly collaborating with Indian authorities in identifying the information of the Bangladeshi Black Hat Hackers or its international partners. Front-ranking Bangladeshi IT expert Mustafa Jabbar recently said, "Hacking into Indian sites would bring dire consequence to Bangladesh". It is also learnt that a leading private television channel in Bangladesh, which has collaboration contract with an Indian TV channel is also going to start massive campaign against Bangladeshi Black Hat Hackers and its international partners. Such initiative of this channel was taken following specific request from New Delhi as well as some of the members of Indian intelligence network.

A group of alleged Bangladeshi hackers named 'Black Hat Hackers' and their counterparts such as Anonymous and others from a number of countries including Pakistan, Saudi Arabia, Indonesia, Malaysia and United Arab Emirates have already taken more than 26,000 websites in India, which includes some of the important sites such as the website of the Border Security Forces [BSF] etc. It is also learnt that Indian hackers have already hacked into five websites of various ministries in Bangladesh and are now making frantic bid in hacking into the sites of Bangladesh Telecommunications Company Limited [BTCL] as well as some other key websites. According to the alleged Bangladeshi hacker announcement on various social networking sites, the cyber war is continuing in protest of severe brutality and murder of Border Security Forces [BSF] on India on Bangladeshi civilians for decades. Chief of categorically ruled out the possibility of stopping such notoriety though Indian Home Minister as well as the Prime Minister made number of false promises assuring Bangladeshi government of stopping any form of acts by BSF which goes against basic norms of human rights as well as responsibility towards any neighboring country. Bangladeshi government did not confront such statement of the BSF chief. Though it was already reported in the media that hackers from Pakistan, Indonesia, Saudi Arabia, Malaysia and United Arab Emirates are cooperating with the Bangladeshi hackers, it is also learnt that, several hacker groups from China, Sri Lanka, CIS countries and few nations in the West have also joined hands with the Bangladeshi side. It is even assumed that hackers from some of the African countries may also join the Bangladeshi side in days. Bangladesh hackers are even trying to hack into Indian aviation and naval sites, which may cause severe damage to the country, if the hackers are successful in hacking into any of them even for some minutes. In similar way, account in Indian banks may be totally garbled by the hackers causing serious problem to Indian financial institutions.

Microsoft store in India hacked, usernames and passwords leaked

        If you were of the thinking that incidents of hacking were predominant abroad, then you're sorely mistaken; read on.

Reportedly, the latest victim, in a long series of hacks is the high-profile website of the Indian Microsoft Store. The store suffered a hack, carried out by a team of hackers called 'Evil Shadow Team'.

WPSauce first reported about the incident, and according to a statement in the report, "It has been hacked by EvilShadow team – 7z1&Ancker. From the tiny little flag and blog links, it looks like the hackers are from China. Their motivation is unknown at this point."

 

8
inShare

Share on Tumblr

Mumbai: If you were of the thinking that incidents of hacking were predominant abroad, then you're sorely mistaken; read on.
Reportedly, the latest victim, in a long series of hacks is the high-profile website of the Indian Microsoft Store. The store suffered a hack, carried out by a team of hackers called 'Evil Shadow Team'.
WPSauce first reported about the incident, and according to a statement in the report, "It has been hacked by EvilShadow team – 7z1&Ancker. From the tiny little flag and blog links, it looks like the hackers are from China. Their motivation is unknown at this point."
In a later update to the report, it was learnt that the database of the Microsoft Store India had been exploited and the passwords were saved in plain text. Shortly after the website was compromised, the site was taken offline, indicating that Microsoft had seized control of their online store once more.

This comes in as bad news for those who have their usernames and passwords associated with the website, as it is now available for anyone to access. As a precautionary measure, those who have the usernames and passwords linked with this website should immediately change it. Also, those using the same password for any other web service should change it.

The website reports that when the online store was hacked, the site had the picture of the Guy Fawkes mask. This picture is usually associated with hacker group, Anonymous who are known for their high profile hacks on major corporations and government organizations the world over. The latest high profile victims of Anonymous were websites that were associated with the CIA as well as UN websites.