eBay Cross Site A Bitter Bite

September 27, 2014 — Leave a comment

Dear eBay, you should have known better. In this story eBay has not made only one, but actually two serious mistakes. The first one was nothing to do about the cross-site scripting (XSS) weakness. That was something used by the phishers in the worst case scenario for the eBay users themselves.

You were using eBay without a single thought that a current page has been hosted elsewhere. Your login data were given away voluntarily without any awareness about the phisher’s trap. So, what was the second mistake? As soon as this trouble was identified by an IT worker the eBay reacted.

This worker has reported this incident and eBay official response to the BBC. Then, instead of confronting the phishers responsible for this trouble eBay turned its anger on the BBC while desperately trying to cover up the whole thing. And, the rest of this story is a sad well-known story of how the things should not be done in the first place.

When someone with almost limitless resources, such as eBay, misses to apply some of the basic prevention measures, then there is simply no excuse or justification. We sure hope that other major IT league players, who are in a similar situation, will draw some useful conclusions out of this story.

The Broken Chains Of The Home Depot

September 25, 2014 — Leave a comment

Is this a new world record for the biggest commercial security breach? More than 56 million payment cards have been compromised. It is just like you have hacked the entire population of some of the largest European countries such as Germany, France or Italy. Let us focus on the aftermath of these events, shall we?

On the other hand, it would be wrong and unfair to blame it on all on the Home Depot. We can say that the Home Depot is actually a victim of the poorly protected and definitely outdated system. In a certain way we can dare to claim that is very likely that this negative event will have some very positive consequences.

It seems that we have been waiting for something like this to happen in order to seriously examine the possibility of introducing the latest smart payment cards based on the chip-and-PIN technology. Unfortunately, this would be the first time for the US customers enjoy all the benefits of this technology.

All is well that ends well. Can this also be true in the IT security field? Well, itndepends where you stand when a certain change occurs. For the 56 million users it is a weak comfort that this trouble was the very reason for the new protection technology introduction. Better ever than never. How about this one?

Spamistics

September 22, 2014 — Leave a comment

Can a spam email eventually prevail? Well, that is entirely up to us. Let us see what our fellow users in the USA, UK, France and Germany are doing about it. First, let us deal with numbers, shall we? On the other hand, be prepared to accept an additional trouble in this story – the malicious URLs.

Yes, busy little IT bees the spam trouble strongly appreciates the company of the malware related URLs. If you are living in the UK and you get spammed, the chances are five to one against you that your spam will get you infected with malicious URLs compared with your friends in France or Germany.

The funny thing about this story, though, is that bad URLs do not go necessarily with bad emails. Therefore, in the UK the chances are bigger that you will get both spams and malware URLs. Nevertheless, in France and Germany you will get less spam in the first place compared to the UK situation.

What is happening with the USA in this spam story? Well, they are somewhere in between the UK and Germany/France statistical situation. While using your email in the USA you will get a little bit of both. So, where is the country where you can be spam and malicious URLs free? Any ideas?

London Business Bridge Is Falling Down

September 18, 2014 — Leave a comment

Finally, someone has realized what is going on. You do not have to be a rocket scientist to know for sure how cyber attacks can seriously cripple your business. If you know, why do not you do something about it? This is an excellent question for the London Chamber of Commerce and Industry (LCCI).

According to its disturbing findings the so-called hacker’s taxes take £21 billion give it or take from the UK small and medium-sized enterprises (SMEs). You should also take into account that the average price for a skillful hacker’s attack in this case is somewhere between £50,000 and £100,000 per year.

So, what is wrong with this picture? You can do your best, but you cannot find the provider of the IT security services, who can charge you this much for an entire year. That is the moral of this story. Compared to the post festum damage the investment in an appropriate IT prevention is a symbolic one.

Then, how come we keep avoiding to make this very first affordable and necessary step? It is going to happen to someone else, but not me. I do not have time or resources to do it. I do not have qualified staff for these operations. It is time consuming. It is too expensive. So, what is your excuse?

Malvertising, What Is That?

September 16, 2014 — Leave a comment

Yeah, what is that? It sounds so familiar, but we are not quite sure what is it exactly. Is malvertising a bad online advertising? For what is worth, any kind of online advertising is annoying and malicious from the users’ personal point of view. Yet, this is something completely different. What exactly?

Well, malvertising is something you get when malware and advertising fall in love. As a result, you got yourself a malware, which spreads almost like an advertisement. The most dangerous thing about this new method is the use of the legitimate software and ways to spread the malware content.

And unfortunately, this is only the beginning of bad news. Some of the most important major IT league players are involved unwillingly. Yes, the things are that much serious. Let us mention Amazon, YouTube and Yahoo. Is this enough to give you the unforgettable headache and sleepless nights?

So, what can we do about it? As always, to know is almost a half way to cure something. Now, we know where our enemy moves and how. This is supposed to be more than enough to do something about it. We only need to find someone skillful enough to do a proper and quick job. Right?

It’s Raining Cats, Dogs And Malware

September 14, 2014 — Leave a comment

You can rest assured that the cyber crime’s hand is a long one with surprisingly skillful fingers. When it comes to the modern day hackers you simply cannot exaggerate. However, this one is a little bit hard to swallow without the bitterness, even for the most pessimistic IT security pessimists.

We have completely neglected what is happening above our heads. The impressive army of weather satellites flies around carelessly and without the proper cyber defense on the ground. Yes, you heard that one correctly. Potential troubles in the sky may have solid ground origins and causes.

You may ask yourself, who in the world would try to hack the IT infrastructure of the weather satellites? And why? Better think twice. These satellites can come in handy for the spying purposes. You can do some spying and later offer your findings for a nice price. Does this one sound like a good hacker’s plan?

What can we do about it? Well, there is so much to do it. We should begin by paying some additional and absolutely necessary IT security attention in this field. You cannot control both bad weather and bad hackers, but you can certainly predict their actions. IT and weather security are all about proper predictions. Right?

Cyber Jihad

September 14, 2014 — Leave a comment

The FireEye has always one if its investigation eyes on the state sponsored and supported hacker’s groups. This time they eager to take us to Syria. What is happening down there? Allow us to introduce you with the Syrian Electronic Army (SEA), which is also known as the Syrian Malware Team (SMT).

These talented guys, according to the depressive findings of the busy littke bees in the FireEye, are having the time of their lives while playing with the improved version of the BlackWorm. This one has an official title the Dark Edition, which is a funny thing to hear. Malware is supposed to be dark by default.

As you probably know the good old BlackWorm is actually the RAT or Remote Access Trojan. It is worth mentioning that the old version had some “basic” damage options such as restart and shutdown function. With the new and improved version you can do whatever you like. Sky is the limit.

You can mess up with the firewall. You can adjust the account’s settings to suit you. In addition, you can move through the network as if you are on the highway. It would be nice to find out where the Syrian bad boys are planning a party and who is on their menu list. Cyber Jihad. What a nice term with the bad karma. Indeed.

HealthCare Hack Was Fair?

September 9, 2014 — Leave a comment

Here come our Uncle Sam and he says to us, I have a bad and a good news. Which one you want to hear the first? The bad news is that someone hacked into the HealthCare website. The good news is that no serious or obvious damage has been done. At least what we know or speculate about.

Seriously? Are we supposed to buy this? How in the first place you can hack one of the most important government sites in the country? Maybe, this was an action of some teenage or newbie hacker, who was eager to get some recognition and respect among his or her friends. Some other option?

Russian or Chinese state supported teams were practicing a little bit. Let us stop here, or else. We will get hurt even without the real damage. Or, as a comforting thing we can sing a song, how fragile we are. Now, when we are done with signing let us do some thinking. What can we do about this one?

First things first, the IT security should be among our top priorities. We mean real priorities, not only priorities on our list of wishes. Otherwise, who knows what is next. We may wake up in some other country in cyber terms one fine day. We sure hope that the lesson is being learned properly.

Hackers Do Care About The Healthcare

September 7, 2014 — Leave a comment

Malware is a disease, call a doctor. Under some other circumstances this could have been a nice slogan for some IT security service provider. However, we are eager to discuss something else with you. Why, all of a sudden, the hackers have become so healthcare systems focused?

Maybe, they understand that the health comes first and business second? No, it is not a time for jokes. Yes, it can be that simple. The hackers are.educated fools with the money on their minds. They want to get the most in exchange for their invested money, time and efforts. Very rational indeed.

Now, we can understand their logic and motives with this one. The healthcare data centers are the endless seas of opportunities for hackers. Each healthcare system is an El Dorado of personal data. Just imagine what you can do in the black data market with millions and millions of personal data?

In order to avoid serious medical conditions of healthcare users, who can really get ill when they found out about hacking of their personal data, something needs to be done for real. These systems require serious and efficient IT security therapies for a long and healthy life of all of us. Cheers.

Small Business – Big Trouble

September 7, 2014 — Leave a comment

Why would anyone attack our website? We are a small company. Hackers go after large and important business subjects. How many times have you heard an argumentation like this from a small business owner? Unfortunately, too much and too often. Oh dear, these words can get you into trouble.

For hackers there is no such thing as a target too small to attack. Who knows what is in their minds and what kind of a scheme they have prepared for your computer or website? You do not have to spend more money than it is your business worth in the first place for the IT security measures and solutions.

However, you would be surprised how a symbolic investment in this field can have a tremendous influence on your cyber security situation. If you do not want to make a voluntary investment for the IT security purposes, then you must pay to someone to clean up your malware caused mess.

As simple as that. And yet, we keep forgetting or avoiding to apply this simple rule. Until eventually it is too late to talk about prevention, and you are left with no other option than to consider the expensive cyber treatment. Small business needs small IT security in order to avoid big troubles. Remember this one.

IMELA Software Blog

4 out of 5 dentists recommend this WordPress.com site

Malware