When Enough Is Enough

September 29, 2014 — Leave a comment

It seems that the US financial institutions just enough. They are apparently sick and tired of constant and damaging cyber attacks. So, they have decided to do something about it. It may sound as some kind of a bad joke, but of all the business entities in the world, they can certainly afford it.

So, what they have done? The Soltra is born. It comes as the direct result of a special partnership between the Financial Services Information Sharing and Analysis Center (FS-ISAC) on the one side and The Depository Trust & Clearing Corporation (DTCC) on the other side. Really impressive, indeed.

However, is it enough to ensure the adequate protection for the US finance engines? For what is worth, this is a remarkable change. It is not enough to take hands and dance in a circle hopping for the best. Yet, as soon as you join forces, resources and start information exchange you are on something serious.

The next step definitely worthy of our admiration would be to have the international financial security system launched as soon as possible. That would be something really special, wouldn’t it? If the hackers all over the world can easily unite and work together, so should we. No matter who we are and what we do.

Here Comes FIDO

September 28, 2014 — Leave a comment

If you thought that FIDO is a new Hobbit’s name, then you should do some extra IT Security 101. Without any exaggeration we can say that the FIDO technology and standard is the next big thing in the world of smartphones. It stands for the Fast IDentification Online or simply FIDO.

So, what is this FIDO all about? Well, we are talking about the next generation of mobile payment solutions, which will definitely send to a retirement all password-based payment systems. This so-called biometric e-business is based on the fingerprint technology, eye scanners, and voice recognition systems.

It is supposed to be a win-win situation for us, the proud users of smartphones. On the one side, we will enjoy greater freedom with simplified and more efficient mobile payment technology. On the other side, we would certainly appreciate the significantly improved sense of cyber security.

So, what is still left to do? We need to remind our dearest major IT league players to invite FIDO on their devices as soon as possible. For what is worth Samsung is already there with its Galaxy S5 smartphone. On the other hand, Apple is determined to introduce its ApplePay. Do you feel protected already?

eBay Cross Site A Bitter Bite

September 27, 2014 — Leave a comment

Dear eBay, you should have known better. In this story eBay has not made only one, but actually two serious mistakes. The first one was nothing to do about the cross-site scripting (XSS) weakness. That was something used by the phishers in the worst case scenario for the eBay users themselves.

You were using eBay without a single thought that a current page has been hosted elsewhere. Your login data were given away voluntarily without any awareness about the phisher’s trap. So, what was the second mistake? As soon as this trouble was identified by an IT worker the eBay reacted.

This worker has reported this incident and eBay official response to the BBC. Then, instead of confronting the phishers responsible for this trouble eBay turned its anger on the BBC while desperately trying to cover up the whole thing. And, the rest of this story is a sad well-known story of how the things should not be done in the first place.

When someone with almost limitless resources, such as eBay, misses to apply some of the basic prevention measures, then there is simply no excuse or justification. We sure hope that other major IT league players, who are in a similar situation, will draw some useful conclusions out of this story.

Top Level Domains = Top Level Phishers

September 26, 2014 — Leave a comment

The Internet Corporation for Assigned Names and Numbers (ICANN) has decided to cheer us up with the fresh new extensions, such as .guru, .email and .support. The only trouble here is that the TLDs or top level domains are something irresistible for top phishers just like blood in the water for sharks.

How and what do we know about it? Well, it seems that the very first customers standing in line are the phishers themselves. Yes, busy little bees, they are. Do you remember when the .biz top level domain hit the Internet? The bad guys were the very first customers. Here is one more nice example.

Can you dare to guess what kinds of troubles and frauds you can cause with the skillful missus of the .pharmacy top level domain? The ICANN can focus its attention a little bit more on the security and protection, rather than only on the customer’s satisfaction. There has to be something we can do.

Anti-phishing measures should follow automatically each new release of the top level domain. On the other side, we need to make sure that only the people with justified causes and honest intentions acquire the new top level domains. How to achieve all these things? Well, that is a homework for all of us.

The Broken Chains Of The Home Depot

September 25, 2014 — Leave a comment

Is this a new world record for the biggest commercial security breach? More than 56 million payment cards have been compromised. It is just like you have hacked the entire population of some of the largest European countries such as Germany, France or Italy. Let us focus on the aftermath of these events, shall we?

On the other hand, it would be wrong and unfair to blame it on all on the Home Depot. We can say that the Home Depot is actually a victim of the poorly protected and definitely outdated system. In a certain way we can dare to claim that is very likely that this negative event will have some very positive consequences.

It seems that we have been waiting for something like this to happen in order to seriously examine the possibility of introducing the latest smart payment cards based on the chip-and-PIN technology. Unfortunately, this would be the first time for the US customers enjoy all the benefits of this technology.

All is well that ends well. Can this also be true in the IT security field? Well, itndepends where you stand when a certain change occurs. For the 56 million users it is a weak comfort that this trouble was the very reason for the new protection technology introduction. Better ever than never. How about this one?

Public Interest – Private Security

September 24, 2014 — Leave a comment

This year’s NATO summit passed under the blinding spotlights of the recent events in Ukraine. No wonder so many things associated with this organization went below the radars of our attention almost unnoticed. Yes, cyber boys and girls the NATO had enough time to discuss cyber security, as well.

Are you surprised or intrigued? Or both? The NATO Industry Cyber Partnership (NICP) has obviously decided to thoroughly change some things about its cyber security measures and structure itself. Well, when it comes to this one, we have two important questions to ask. Can you dare to make a wild guess?

The first one is naturally to examine the motivation for this “sudden” and surprising acknowledgment of cyber security’s importance. What went wrong? Or, maybe the NATO prepares itself for something huge. Russia or China, for example? The second question is definitely more important.

Why it has to be a private sector to handle these sensitive things on behalf of the NATO? What is happening with the top government agencies in this field? Should we be worried or flattered? Is this some kind of a recognition for a quality work or an indication of some new waves in the restless cyber sea?

New Law Blade For A Fair Trade

September 23, 2014 — Leave a comment

The US House of Representatives has finally acknowledged something that should have been done years and years earlier. As you probably know the US law has been extremely protective when it comes to the IP (Intellectual Property) field. On the other side, the trade secrets were left on their own.

Now, with this new law the US companies have a unique opportunity to address federal courts in cases associated with the trade secret thefts. So far, only the IP theft cases had the granted access to the US federal courts. What is the motivation for this law? Well, this one just could not be more obvious.

The US companies have approximately 5 trillion reasons for it. Let us not forget to mention the cases of cyber espionage, which are also covered by this law. This is definitely a good news from the business point of view. Yet, there is more than one practical question to be answered in this matter.

The Chinese government will obviously get an additional chapter to discuss. On the other side, if the US government is so thoughtful about the business related interests, what about our privacy related concerns? There is no such a law on the horizon. What do we have to do to change that?

Putinux

September 23, 2014 — Leave a comment

The more serious political and military conflict between the West and Russia becomes, the less likely is that US based IT titans will hold their previous positions in Russia. For what is worth, Microsoft opened the Russian door, and it is more than obvious that it will close them eventually. What is the situation now?

On the one side, Russian government transfers its entire IT infrastructure from Windows to Linux on a massive and an unprecedented scale. On the other side, one serious rumor has it that Russian IT experts are working on their own version of Windows. In this matter, China has set an excellent example.

The game of stubbornness in the IT field has literally become a grotesque one with no signs of improvement. What is next? Nowadays, you have to be a rocket scientist or lucky to find a single Apple’s device in the Russian government. The IT nationalism is an inevitable reality and there is nothing we can do about it.

The most serious challenge is the World Wide Web. It is only a matter of time before the Balkanization syndrome strikes the Internet itself. For the time being, only China has the appropriate capacities to launch its own Internet at any given moment. How far is the Internet made in Russia?

Cyber Threat Alliance

September 22, 2014 — Leave a comment

It brings back the feelings of the good old days, doesn’t it? McAfee, Symantec, Fortinet, and Palo Alto Networks are the heart and bone of the Security Threat Alliance. These four riders are supposed to deliver the apocalypse to the doorstep of some of the most notorious hackers in the cyber world.

The basic premise in this case is actually quite simple and efficient at the same time. If the hackers all over the world can unite, how come we haven’t done the same already? What is keeping us from launching the United IT Security Colors of Benetton? Finally, someone has realized what needs to be done.

The real enemy is out there. The IT security players have finally figured out that there is no point fighting each other. The competitors in the IT security business are not the enemies. Hopefully, these guys can now focus their attention to fixing real problems instead of fighting each other.

The real question is, what is keeping us from making one international security threat alliance? Imagine all IT security experts acting as one. Imagine all IT security companies working on the same task. The trouble is, we need more people with proper motivation than with the unrealistic imagination.

Chip-And-PIN A Safe Win?

September 22, 2014 — Leave a comment

So, what happens when you play a stubborn game in the cyber security field? Well, you do not have to be a rocket scientist to answer this one yourself, do you? Sooner or later, this way or another, you learn the lesson in the most unpleasant and painful way. This is what is happening in the USA.

Why? How? For some unknown reason the USA Shopaholics still hy? How? For some unknown reason the USA shopoholics like to use the classic and definitely outdated payment cards, which run with a magnetic stripe. On the other side, we have the chip-and-PIN payment cards, or simply smartcards.

These smartcards come with the microprocessor chip, which is responsible for all the fun. It is worth mentioning that we do not imply that these smartcards are necessarily too much of a trouble for highly skilled hackers. What we are saying is that you have better chances with the smartcards.

SO, what is preventing the USA to run without a second thought into the safe arms of smartcards. Well, for the beginning the price of chip-and-PIN terminals. Not to mention hundreds of millions of cards, which need to be changed. Eventually, the frustrated customers will make them to do all changes.

IMELA Software Blog

4 out of 5 dentists recommend this WordPress.com site

Month: September 2014