Bello: An Unpleasant Hello

October 15, 2014 — Leave a comment

One of the most prestigious universities in the world has just been hacked. The IT department of University College London has announced or better to say admitted that almost 25,000 students and staff member emails got spammed and compromised. That is not a lesson you want to teach your students.

All the troubles started with a simple Bello in the spam emails. How come none of the youngest and brightest students could not see it coming? Well, you do not expect a spam email from the University’s President or the top managers, do you? So, what happened to the top IT security standards?

When you are on the top, you are supposed to be on the top of many things, including the cyber security, as well. These types of institutions are all about the prestige. Why risk it all for an appropriate software solution, which could have prevented it in the very first place? That was a simple question.

You do not have to be a rocket scientist to ensure the proper cyber protection. All you need to do is to do some thinking on time, and to include some preventive measures. There is no point crying your academic tears over the spilled cyber milk. You need to make sure it does not happen again. Right?

Symantec 1 & Symantec 2

October 14, 2014 — Leave a comment

Hey, what is happening? What is the meaning of all this? First, HP and Symantec decides to cut it in two. Why? Wait, we can understand what is happening with HP, but how about Symantec? HP Inc will deal with computers and printers. On the other side, HP Enterprise will focus on servers and Internet services.

Now, let us see what is the Symantec’s master plan? The first Symantec will handle the IT security stuff, as usual. The other, second, remaining, or call it what you want Symantec will be focused completely on the information management. Here is the catch. Does this mean there is no use to provide IT security services anymore?

Can you imagine a thing like the Kaspersky Lab and Kaspersky coffee? Enough is enough, and we demand to hear some answers. What is the use of information management, if you cannot ensure the protection of this information? For the sake of all of us, we sure hope Symantec knows what it is doing.

Huh, after these splitters, how about some mergers for a change? We are supposed to grow and combine, rather than to split. There is no way we are going to buy that this one will improve our security. What a lovely news for the hackers. They are definitely not into this splitting stuff. There is no malware cut in two. You always get the whole thing.

Why Does My Linux HeartBleed?

October 11, 2014 — Leave a comment

If you thought that the HeartBleed has been the worst thing that can happen in the cyber world, you should better think twice. Why? Because we thought that the Linux was supposed to be the cyber land of the free. Wrong again. There is a HeartBleed version designed especially for the Linux world.

This vulnerability has a very nice and appropriate name. It is called the ShellShock. Compared to it, our good old HeartBleed seems like a kid’s toy. If you are up to full and unprecedented control, then the ShellShock is the right hacking thing for you. With this one you get the both worst scenario things.

Not only the keys to all rooms of your house, but also all remote controls for all of your devices. So, where should we go next? Both Windows and Linux are seriously compromised. The only what is left “untouched” are the mobile platforms, such as Android, IOS and Windows Phone. Is this enough?

How long before our mobile heart begins to bleed here, as well? How long before we experience the new mobile shock within or outside the shell? Can we fight the future for a change, at least once? How hard could it be? Otherwise, the only reasonable remaining option for us would be to get back in the caves.

Call Of Cyber Security Duty

October 10, 2014 — Leave a comment

No matter how hard you try, it seems you cannot unlock the mind of a hacker. Why? Well, you can try to predict the certain type of behavior, but they keep surprising you with the things they steal or hack. Here is a controversial case of the cyber theft, which makes it almost impossible to put all pieces of the puzzle together successfully?

So, what happened? It turns out that an extremely skillful hacker has paid a devastating and uninvited visit to both Xbox One and US Army systems. He or she, or eventually them, get into the possession of the Apache helicopter simulation program. Including the pre-release of the latest Call of Duty game.

The estimated value of these stolen goods, which can be classified as the top intellectual property stuff, is more than $100 millions. On the other hand, you can stop wondering. It makes a perfect sense that someone would like to steal the simulation program for one of the best military helicopters in the world.

However, what is with the Call of Duty pre-release? Maybe, our hero needs to relax after the hard work in his office? For the makers of this planetary popular game, this is not a funny story. In the real life hacking is not a video game. Once you end up in jail, you cannot restart the game from the beginning.

Award Down The IT Security Boulevard

October 9, 2014 — Leave a comment

The Americas Information Security Leadership Awards has announced its winners for the fourth time. The great thing about is that the American in its title does not refer only to the North America, but also to the Central and South America. So, when you say the American Award it includes both continents.

This is exactly what we need. We need something traditional, encouraging and inspirational at the same time. On the other hand, this something should include the word international in its title. As long as we have American or European prefixes, we cannot expect a major improvement in this field.

For what is worth, we are appreciating and we are grateful for these types of rare IT security awards. We just wish for more of these awards with the wider scope. The hackers themselves seem to be less nationalistic oriented and more open to the idea of an international cooperation. We should follow.

This is how we should do it. A little bit of awarding here and there. Then, a little bit of bug bounty programs, as well. If we appreciate enough our efforts and time invested for the IT security, then we can be rewarded with something more valuable that the awards themselves. The fully functional IT Security, for a change.

Unpatched = Unprotected

October 8, 2014 — Leave a comment

How many times we have to repeat it? How many evidences we have to submit in order to convince you? About what exactly? Our main point is quite a simple one, and apparently extremely difficult to accept. The human factor is the worst cyber menace you have ever witnessed and heard about.

In the absolute and surprising majority of cases you can easily ensure the remarkable level of the proper IT security. How? With the regular updates and use of patched systems. Yet, we keep missing to update and continue to use the unpatched systems. Why? Either we are totally reckless or lazy.

Either way we are in trouble. On the other hand, your friendly neighbor hacker only needs one vulnerability to pay an unexpected and unforgettable visit. We could have easily avoided or at least decreased the chances of facing this cyber trouble. All what we needed to do was to invest a little bit of our time.

No one can make you to comply with these simple and effective IT security rules, but also there is no one you can complain once you get hurt. The cyber doctors have given you a fair warning including a vaccine. It is your fault, if you think that you have something else more important to do.

The BlackEnergy On The Run Again

October 6, 2014 — Leave a comment

Who or what is the BlackEnergy? Well, to be quite honest, no one can tell for sure. We can only speculate. However, we can make a wild guess, which sounds extremely reasonable. From what it is known, the BlackEnergy has humble DDoS beginnings. Then, all of a sudden everything has changed for this group.

They have become more sophisticated. In addition, it is more than indicative that the primary targets were in both Ukraine and Poland. This somehow strangely coincides with the recent political and military confrontation in Ukraine. That is why the rumors about the state’s support were born.

But, which state? Well, you do not have to guess twice, do you? Russia is the usual suspect in this story. This does not imply that the USA and other NATO allies do not have cyber black ops teams of their own. Yet, when you have the government’s fingers involved, then the things become even more serious.

What is the point if we keep fighting the cyber menace, which has a state’s support and origin? Solving of all political crisis in the world will not eliminate all cyber threats. Nevertheless, we can certainly decrease their numbers. The most dangerous hackers are the ones wearing state’s uniforms.

Former Employees – Future Worries

October 5, 2014 — Leave a comment

You do not have to be a rocket scientist to know that former employees should not have the access to the company’s IT infrastructure as once they used to do. Yet, you would be surprised to find out in how many cases we forget to lock the IT door after someone leaves a company this way or another.

Why? It seems that we worry much more about the contract, social security, cancellation period, and all other more important issues that IT security in these cases seems like a trivial thing. We do not have time to clean the cyber working space after our former colleagues, but we do not forget the other things.

Believe it or not, there is a higher probability that your former employee will “hack” your company than any hacker you can possibly think of on this planet. The worst thing about it is that we leave an open door. Any unauthorized access is potentially extremely dangerous for your company or business.

This includes cases, when your former employee feels nostalgic about his old company’s account or wants to do you harm because he was fired. It only takes a couple of minutes to change passwords and adjust new security settings. Yet, we miss to act accordingly. This is how our former employee becomes our future hacker.

Microsoft Online Services Bug Bounty Program

October 3, 2014 — Leave a comment

Here is a nice way for you to earn $500, or even more. Microsoft has launched the Bug Bounty Program for its online services. The awards begin with the amount of $500 and increase accordingly. Yet, you are required to focus your findings on the MS online services alone. And, there is one more thing.

You need to identify a problem as precisely as possible and offer the most suitable suggestion in order to resolve it successfully. Microsoft will carefully evaluate your contributions and award you accordingly. It comes without saying that is a good and highly recommended activity for any IT player.

This brings us back to the good old days when we had a promising abundance of the bug bounty programs and competitions. Those were the days, weren’t they? It seems that we needed some time to start appreciating again the benefits of these recently undermined ways of improving the cyber security.

We sure hope that other players of the major IT league will join the party, as well. This is an extremely efficient solution for our cyber troubles, which we often take for granted. Luckily, there is a sign of positive changes on the horizon. So, what are you waiting for? The grandpa Microsoft dares you.

When Enough Is Enough

September 29, 2014 — Leave a comment

It seems that the US financial institutions just enough. They are apparently sick and tired of constant and damaging cyber attacks. So, they have decided to do something about it. It may sound as some kind of a bad joke, but of all the business entities in the world, they can certainly afford it.

So, what they have done? The Soltra is born. It comes as the direct result of a special partnership between the Financial Services Information Sharing and Analysis Center (FS-ISAC) on the one side and The Depository Trust & Clearing Corporation (DTCC) on the other side. Really impressive, indeed.

However, is it enough to ensure the adequate protection for the US finance engines? For what is worth, this is a remarkable change. It is not enough to take hands and dance in a circle hopping for the best. Yet, as soon as you join forces, resources and start information exchange you are on something serious.

The next step definitely worthy of our admiration would be to have the international financial security system launched as soon as possible. That would be something really special, wouldn’t it? If the hackers all over the world can easily unite and work together, so should we. No matter who we are and what we do.

IMELA Software Blog

4 out of 5 dentists recommend this WordPress.com site

Malware