Month: August 2014

Top Hackers’ Destinations This Summer

August 12, 2014 Leave a comment

image

The things have changed this summer. So far, Java has been the most favorite destination for hackers during the warmest period of the year. However, according to the findings of the Bromium Labs  it seems that the hackers have found the next big summer hit – the good old Internet Explorer.

What is so special about the Internet Explorer? Well, you should probably know by now that ensuring the technical support for the outdated versions is definitely the Achilles’ heel for Microsoft. Windows XP cannot count on the support including Internet Explorer 8. No support + no updates = no protection.

The trouble with Microsoft users is that they are unadorably loyal and surprisingly stubborn. Every now and then, Microsoft urges them to move to the latest versions available. Nevertheless, they keep using older versions of both Windows and IE while demanding the continuous support regardless of the circumstances.

And, here it goes. While the two sides are arguing, in our case Microsoft and users, the third party takes an advantage of the situation. The hackers just could not wish for more. Stubborn and reckless users, who are swimming in the unprotected waters. Hunting season is on. Update or suffer, there is no third option.

Simpler, Better, Hacker…

August 11, 2014 Leave a comment

image

To have an idea that the most successful hackers are top rocket scientists, who at one moment turned to the dark side is at least to say childish. In most of the cases they are educated fools with money on their minds. What is even more important to say they need a helping hand. Who could that be?

Unfortunately, when it comes to the cyber trouble you cannot believe how many times we are the accomplices of our own misfortune. The hackers themselves, on the other side, are practical people who look for the imperfections of the system and the negligence of the users. That is the catch.

Instead of whining about the endangered privacy and compromised cyber security, we can question our own behavior and habits for a change. At least what we can do is to make hackers work harder for their dirty profit. Do not leave them an open door and do not act as if it is not going to happen to you.

We all know these simple truths, and we keep forgetting them all the time. How strong and devastating a cyber blow into your face has to be in order for you to start learning and applying some basic IT self defense techniques? Be a quick doer and a careful listener in this one, will you?

Microsoft vs China

August 11, 2014 Leave a comment

image

The golden road to the Chinese market is definitely covered with thorns. Google has had the honor to experience it first hand on behalf of the first group of the US based IT hunger of extra profit. It seems that Microsoft now has to hit the Great Wall in China, literally and mercilessly.

The Chinese authorities first paused the decision about introducing Windows 8 on its government’s computers. Then, they have decided to pay an unexpected visit to all major Microsoft’s offices all over China. You can rest assured that these were not entirely friendly talks about the weather and local food.

China has a nice alibi for all of these actions. It rides on a wave of the growing global concern closely associated with the spying controversies. However, you do not have to be a rocket scientist to see for yourself that something simpler is making all the noise here. Can you give your best shot?

It all comes down to the question of business and money, sooner or later, this way or another. The USA will pressure China with its accusations about the technology espionage, and China itself will fight back with the suspicions about the political spying activities. This is light years away from the win-win situation for both.

Gimme Your Source Code, Or…

August 10, 2014 Leave a comment

image

We got ourselves an additional chapter in the bloody book of Ukraine crisis. This time the Russian government demands the source codes from the leading IT companies, which wish to do business on the Russian soil. So far, only the Microsoft showed the unreserved readiness to cooperate.

On the other side, Apple and SAP are having some second thoughts about it. The Russian government is deadly worried about the spying threat. It seems that in all software made in the USA they see the NSA and CIA signature. So, what is the response of the US based companies in this matter?

It seems that Apple and SAP are not willing to cooperate. The Russians were so kind to remind them of Microsoft’s flawless cooperation over the last couple of years. This is a nice test for US companies to evaluate how important is their business in Russia. Something similar Google has been experiencing in China.

It all comes down to numbers, eventually. If you want to play a game of profit in the certain country, you have no other choice than to embrace the local rules more or less willingly. In the Russian case a fragile balance between the economy and politics has to be achieved this way or another.

Smart Cars. Ingenious Hackers.

August 10, 2014 Leave a comment

image

The cars are getting smarter with each new day. We are literally surrounded with smart things. Everywhere you look there is smart this and smart that. Unfortunately, the hackers themselves are smart enough, or very often much smarter. The series of misfortunate events with the Tesla cars has brought to our attention the trouble of car hacking.

Nowadays, it is possible to hack a car just like any other smart device such as a smartphone or computer. The hackers have an opportunity to gain access or even control over your car through wireless tools in it such as radio, Bluetooth, navigation, and similar. What can we do about it? How safe are we in fact?

These kinds of things make you wonder, do we need an antivirus for our own cars? It is an inevitable paradox. The more sophisticated are cars become, the easier it gets to hack them successfully. Hacking on wheels – maybe this should have been the more appropriate title for our post?

For what is worth, we have some new details to take care about the next time we choose our favorite car. We are not talking only about the driver’s and traffic safety, but also about the IT security, as well. It seems that your car’s equipment just got itself an additional category. More job for IT security experts, as well.

Careless iPhone Whispers

August 6, 2014 Leave a comment

6_2177_imela_3

The Open Whisper Systems, which are well-known for their safe calls app RedPhone, have come up with a new one. This time we are talking about the free encrypted calls you can make on your iPhone all over the world. You do not have to guess twice the Signal app is fully compatible with the RedPhone.

This app is simple and safe to use. In addition, you do not have to worry about complicated passwords. Both you and your contact will get a pair of words. If these words match between the parties, who are communicating, you are good to go. If not, then there is someone uninvited trying to mess your things up.

The Signal runs the ZRTP, which is a security encryption protocol developed by Phil Zimmermann. He is also known as the father of the Pretty Good Privacy (PGP) system. On the other side, it is worth mentioning that the Signal is initially designed to be an open source platform.

The Open Whisper Systems have some ambitious plans with this one. In the next stage, they plan to include Signal’s version for the text messages, as well. Definitely some good news for iPhone users. We only hope that Apple will close all open backdoors first. You know what we mean with this one, don’t you?

Cross Ideas With IBM

August 6, 2014 Leave a comment

6_2177_imela_2

Maybe, this takeover is not one of those you are getting used to admire with top brand names and hundreds of millions of dollars at stake. For what is worth, the IBM has acquired one of the most promising Italian IT security startups with an indicative name – the CrossIdeas.

These Italians specialize for the most problematic moment in data processing, which includes your access to apps and data. Securing and evaluating the way you are accessing both apps and data can easily turn out to be the next big thing in the IT security field. The access risk management is the other name for it.

The IBM plans to additionally strengthen its Identity and Access Management structures and offer with this takeover. The main idea is not to allow a poor security policy to become a huge security risk. You do not have to be a rocket scientist to figure out yourself how important is to eliminate a threat at the very doorstep of your IT infrastructure.

On the other side, this can be a strong encouragement for the startups in the IT security field. It seems that a good idea for IT security measurements can easily turn out to be as profitable one as any other new cyber concept. This is definitely a win-win situation for both IBM and CrossIdeas.

Cyber War Games by Deloitte

August 4, 2014 Leave a comment

6_2177_imela_1

Here is something you do not expect to see in a company, which is a synonym for white collars and strict formality. For what is worth, the Deloitte Cyber Risk Service has introduced the new cyber war-gaming and simulation service. What does it do and what is supposed to solve in the first place? Well, Deloitte brings the cyber war into your company.

The main purpose of this simulation activity is to test your defense readiness and vulnerability points to a cyber attack as the closest possible to the real life situation. So, what is the catch with this one? Why do we have to pay Deloitte to play cyber war games? How come we cannot do it on our own? Deloitte has a nice answer to these questions.

Deloitte’s cyber war games are carefully designed and earth shaking events, which include all segments of your company, including top management and CEOs including all people involved in crucial business process execution. In addition, its scenarios are the closest to the real thing you will ever get to your business.

It comes without saying that is always better to simulate a cyber attack than to participate in one or experience it first-hand. Deloitte has an offer of top class cyber wars and simulations that are crying for some attention and honest appreciation. Better to go into a virtual war with Deloitte, than into a real one with merciless hackers.
 

E-Mail + E-Guilt = Real Punishment

August 3, 2014 Leave a comment

image

t is not too late, for all of you who are reading this post to think twice before write or send an email in the future. Unfortunately, all we needed was one federal judge to say emails are the legitimate evidence target. The police can treat them in the same way as they are already doing with our hard drives.

Just imagine a situation where someone knocks at your door informing you that there is a warrant, which allows him to keep and examine your emails. All what you have written or received in your inbox can be used against you as the legitimate evidence at the court of law. How do you feel about this one?

Without any exaggeration we can say that we are completely surrounded. First, our smartphones, and now emails. The federal government obviously has an intention to turn all elements associated with our privacy into bulletproof evidences. What is next? Do you dare to guess?

What are we supposed to do? To buy old typing machines just like Germans are doing after the recent spying controversy? To use pigeons messengers? Seriously? When we will have a courage to say enough is enough? Maybe, they will use these posts as the evidence in the near future? Who knows?

IOS Secure Insecurity

August 3, 2014 Leave a comment

image

It seems that the endless debate about the security prestige between Android and IOS just got an additional intriguing chapter. We have all witnessed how every now and then some of the Apple’s representatives likes to point out the security imperfections and vulnerabilities associated with Android.

The opened IOS backdoor allowed us for the first to seriously question its security strength. For what is worth, IOS sees to be properly strong on the outside threats, and unforgettably weak on the inside. We are talking about the enemies from within. Confused?

Apple’s mobile software is intended to be used for maintenance purposes only. Who is to deal exclusively with these types of works is another question? Maybe, some of the NSA agents would be more than interested to pay a surprising visit to your iPhone’s data.

The Apple’s users are disturbed with a proper reason. On the other side, Apple’s marketing machinery will do its homework in this case with a series of justifications and calming press releases. However, the damage is already being done. The Apple has lost its self-claimed aureola of flawless safety. For how long?