Posted 10/28/09 at 01:05:31 PM by Paul Lilly

Mid-sized businesses are finding themselves in a precarious position as of late. Forced to cut back spending because of the ongoing recession, many firms are spending less on security, but at the same time, cyber attacks are on the rise, according to a McAfee report released today.

McAfee surveyed 900 mid-sized businesses around the globe with workforces ranging from 51 to 1,000 employees, and more than half of them reported an increase in security breaches over the past 12 months. The United States, along with India, ranked at the top of the charts with 63 percent of organizations noting an increase in attacks, and only China was higher at 68 percent.

But what's most frightening is how many of those same organizations think they're only a single serious security breach away from being put out of business. Of those surveyed in the U.S., 71 percent said it's a real possibility, yet IT budgets have either dropped or remained the same.

"An organization's level of worry and awareness about increasing threats has not overcome the downward pressure on budgets and resources," said Darrell Rodenbaugh, senior vice president of global midmarket for McAfee, in a statement. "But this creates a vicious cycle of breach and repair that costs far more than prevention."

While most companies note that a single attack could do them in, McAfee notes that most businesses may underestimate the risk. Over 90 percent of those surveyed felt they're protected from cybercriminals and aren't in as much danger as larger businesses.

Read More

Posted 07/17/09 at 08:54:45 AM by Paul Lilly

Last month, a hacker calling himself Hacker Croll infiltrated an administrator's email account who works for Twitter, gaining access to the employee's Google Apps account, where Twitter shares spreadsheets and documents outlining business ideas and various financial details, said Biz Stone, a Twitter co-founder.

After doing so, the hacker sent all sorts of confidential documents to a pair of news blogs: TechCrunch and Korben. While the breach and subsequent sharing of information might have been embarrassing for Twitter, analysts say the attack highlights the bigger problem of people using the same password for ever site they visit.

According to security firm Sophos, 40 percent of Internet users use the same password for every website. And with so many personal details floating around social networking sites, it makes it that much easier for hackers to breach someone's account.

"A lot of the Twitter users are much living their lives in public," said Chris King, director of product marketing at Palo Alto Networks, which creates firewalls. "If you broadcast all your details about what your dog's name is and what hour hometown is, it's not that hard to figure out a password."

This won't come as a surprise to power users, but to avoid being hacked, use strong passwords that combine letters and numbers, change your passwords often, and don't use the same password for every site you visit.

Read More

Posted 06/28/09 at 03:28:41 PM by Justin Kerr

Google has confirmed that the error messages people received on Thursday when searching for details of Michael Jackson’s death, was initially perceived as an attack. Searches between 2:45 and 3:15pm were returned with "We're sorry, but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now."

The error messages lasted for about 25 minutes on Thursday, just long enough for Google to confirm what was actually going on. The search giant noted that the amount of traffic it saw on this topic was unprecedented, as millions around the world scrambled for accurate information, seemingly all at once. Yahoo has also confirmed that it hit an all-time record for unique visitors with over 16.4 million following the story. This blows away the previous record held by the Obama election day, with a paltry 15.1 million uniques.

The outpouring of sympathy online has been astonishing, and I’m sure Google will learn its lesson on this one.

Read More

Posted 02/03/09 at 08:07:46 AM by Pulkit Chandna

After Obama’s website, black hats have now managed to sow the seeds of deceit in Google video search results. Security firm Trend Micro has discovered that that about 400,000 queries trigger Google Video search results that “have a single redirection point, and one that eventually leads to malware download and execution.” The black hats have been able to manipulate search results to their advantage using simple SEO techniques. For this purpose, they have reserved several domains and populated them with keywords.

According to Trend Micro, the malware executable, dubbed WORM_AQPLAY.A, proliferates using removable and network drives. The malware executable is disguised as an Adobe Flash installer. The malware only prompts the user to download the malicious Flash installer when he reaches one of the malefic video websites being run by the black hats.

Read More

Posted 12/29/08 at 05:31:24 PM by Andy Salisbury

According to a recent security study, low assurance digital certificates have become a new gateway for hackers to get to your personal data, by means of a man-in-the-middle (MITM) attack.

The MITM attack consists of a hacker putting themselves between two parties in a dialogue, such as a person and their bank. Once in place they effectively control the conversation to get login credentials or other, far more valuable information.

Generally, untrustworthy certificates will be halted by error messages or warnings that throw up red flags for potential problems, at least to the more internet-savvy. However, more crafty hackers will often add a legitimately issued certificate to the mix, making even the most secure browsers continue on their merry way, as if nothing has happened.

So how can you keep yourself safe online? Well, at time of press there isn’t any kind of listed fix, but just watch yourself and your information. Acting supremely paranoid can’t hurt, can it?

Read More

Posted 09/05/08 at 08:21:49 PM by Pulkit Chandna

After a few eyebrows were raised over Chrome’s highly libertarian end-user license agreement (EULA) – almost a proclamation of a man’s fundamental right to piracy, an amendment or an explanation was inevitable. Chrome’s EULA stated that users were at liberty to use anything posted online through the browser. But Google has amended the EULA. The web juggernaut also downplayed the entire episode as a mistake. Setting the EULA aside, a few chinks in Chrome’s armor have already been sighted. Avi Raff, a researcher, has discovered that Chrome is vulnerable to carpet-bombing a la Safari.

Read More

Posted 09/02/08 at 03:45:22 PM by Pulkit Chandna

Two researchers, Alex Pilosov and Anton Kapela, have concocted a technique to exploit the Border Gateway Protocol (BGP) – internet’s core routing protocol. They demonstrated their technique at the DefCon hacker conference in Las Vegas. The threat emanates from the innate credulity of the routing protocol: the BGP apparently is designed to trust all nodes and can be exploited to redirect insane volumes of internet traffic to malevolent networks.

It can be used for spying at a truly unprecedented scale. No, we are not talking about stalking someone on Facebook but nation-state espionage. Millions of users can be exposed within moments of such an attack. A few solutions have already been propounded, but ISPs seem to be watching quietly from the sidelines.

Read More

Posted 07/02/08 at 11:42:33 AM by Paul Lilly

You wouldn't take a knife to a gun fight, and nor should you do battle with internet baddies using an unsecured browser. Yet despite what should seem obvious, a group of researchers found that surfers are doing just that, and hackers could be happier about it. During the study, the authors discovered a whopping 45 percent of users (roughly 637 million surfers) hopping online not using the most secure web browser version available, making them "an easy target for drive-by download attacks as they are potentially vulnerable to known exploits." And that data doesn't even include potentially vulnerable plug-ins.

But are users the ones to blame for putting themselves at risk? Ultimately yes, however the researchers made comparisons to the food industry arguing that browsers should display an expiration date, such as "145 days expired, 3 updates missed." Nom nom nom.

Read More