Heartbleed’s Heartrate

September 3, 2014 — Leave a comment

Here are some extremely disturbing Heartbleed related statistics. Nowadays, the Heartbleed hackers attack 3,47 times per second. So what, one may see? Well, the trouble with the Heartbleed curve is that this menace has become an inevitable race against the time, with the very poor odds in your favor.

Although, the time gaps and discretely opened doors are left open and undefended for a very short time period, this is more than enough for the highly skilled hackers. Before you are able to come up with the life saving update or patch, you can rest assured that your heart has already bled.

And, there is not much you can do about this one. You are doomed to race against the single second of time you have to identify and eliminate a certain security flaw. Now, you see the whole picture. Now, you realize why it is hard to deal with the Heartbleed security threat adequately.

After this amusing, but a little useless lecture, you can ask yourself what can we really do about it? Maybe, the smartest and easiest solution would be to make one of the former heartbleeders to bleed for us, for a change. Otherwise, it is highly unlikely that we win the one second race. For now.

Who Will Guard The Guardians?

September 2, 2014 — Leave a comment

Here is the story. Here is the trouble. One of the top ranking US government officials in charge of the cyber security is arrested. OK. Can you leave with that? Can you accept this fact? As soon as you hear the very reason, you will definitely make up your mind about this one, that is for sure.

This cyber guardian faces some very serious criminal charges directly associated with the most recent case of child pornography. When you hear something like this, it simply leaves an extremely bitter taste in your mouth. It comes without saying that he was using his skills for something unspeakable.

So, what are we supposed to do? To whom can we really believe? Is it necessary to thoroughly scan all IT security experts at key decision making positions? We are heart broken, at least to say. And, we know what to ask. This case has to serve as an example. All circumstances are to be included.

This guy has to get an extra penalty. One regular for the crime itself, and something in addition, because he was supposed to protect us, and not abuse his position in the unthinkable way. We need IT guardians of impeccable professional and personal ethic. There is no other way to ensure top protection.

Russian Cyber Mafia

September 1, 2014 — Leave a comment

Although, this post’s title may sound similar to the Swedish House Mafia, you can rest assured it has nothing to do with music. As a matter of fact, while someone’s fingers were playing the digital music of destruction, the other side was at the very edge of its tears and complete desperation.

So, let us see who are the main characters of our story. On the one side, we have the top Russian hackers. On the other side, we have the very symbol of the corporate America. This is how you end up with a breaking news: JP Morgan was hacked by the Russian hackers. Oh, this one sound terrible.

You know how it goes in the aftermath of this and similar events, don’t you? If a dinosaur such as JP Morgan cannot be safe, what about the IT security of the rest of us the mortals? At least JP Morgan can afford the top class IT protection. They have invented the money as we know it today.

How about a little spending for justified IT causes? The Russian IT school, including its hacker’s department has one hell of a reputation. However, not even they are almighty with the proper IT security measures. Unless something is done with this one, their next address can easily be the White House.

The Heartbleed Can’t Stop Bleeding

August 31, 2014 — Leave a comment

Does it really have to be this way? Once you get a visit of a serious cyber threat, you always have to be on alert. Why can we do it this way? We have identified a new security menace. We will find a cure for it. Now, let us forget about it, and get back to our work. With no fear that a certain malware can trouble us in the future.

Unfortunately, we have to accept the bitter IT destiny. Every now and then, the notorious Heartbleed is to remind us that it is far from retiring. How much more we have to bleed, to be finally free from the Heartbleed, once and for all? It seems that we need more unpleasant reminders, such as this one.

For what is worth, the Chinese Heartbleed warriors are responsible for the unparalleled theft of more than 4,5 million personal patient’s data from one of the largest US hospital chains. Can you imagine that? It is almost like a small state. Now, they can do whatever they want it with no limitations.

When you hear or read something like this, it makes you wonder. What is happening with all those busy little IT security bees in large systems? Have they forgotten to do their job? Or, maybe they think that things like this happen to someone else avoiding them? We are sick and tired of the Heartbleed. How about you?

Jailbreak One More Trouble To Make

August 29, 2014 — Leave a comment

If you have second thoughts about jailbreaking your iPhone, after reading this post, you will definitely leave the things just the way they are. One serious rumor has it that AdThief IOS Malware has its origins in China. On the other side, this malware has an extremely specific goal to achieve.

It steals ad revenues. You do not have to be a rocket scientist to figure it out that this malware switches the recipient address of ad revenues. The things are pretty much serious in this matter. More than 75,000 infected devices and more than 20 million stolen ads. Is this impressive or what?

On the other hand, we have to admit that this malware is not necessarily bad from the user’s point of view. What this has to do with us? Yet, it is only a matter of time before the Chinese hackers realize that they can do some additional account’s IDs and recipients switching. We can be affected next.

We should also hold our horses and do our very best not to exaggerate the things. The main thing is that we can identify a certain cyber threat. The next move is to find the adequate answer for it. We sure hope we will not have to wait too long for the efficient cure. Poor old advertisers. Do you feel sorry for them?

Oops, the UPS Got Hacked!

August 25, 2014 — Leave a comment

No wonder, we have a serious problem about convincing ourselves that we are supposed to feel safe. If the dinosaur system such as the UPS can be hacked, then what can we expect to happen with the other less sophisticated and considerably weaker defended systems? This one makes you wonder.

To make things, being even worse in this situation more than 50 UPS stores in 24 states had some serious issues with the IT security. As a result one percent of all users are very likely to experience some kind of troubles and inconveniences in the future, this way or another. One percent, one may say.

It is not such a big deal. Well, as a matter of fact, it is a gigantic deal. When you have hundreds of millions of users, then even one percentage can be a reason for a serious headache. The guys in the UPS headquarters have plenty of time to discuss what went wrong and eventually why.

Would that be enough? Well, when the gigantic systems fail, then we accept to evaluate our current IT security systems with the highest attention possible. Maybe, some good things will come out of this one, eventually. We sure hope we will not have to wait too long for that. Oops, my dear UPS.

FinSpy Don’t Cry For IOS

August 24, 2014 — Leave a comment

The busy little bees from the Gamma Group has come up with an intriguing report. They have used something called the FinSpy to test the malware resistance strength of Android, IOS, BlackBerry, and some older versions of Windows Phone. The results? Well, they are both interesting and controversial.

It seems that the FinSpy was able to do its dirty work on all of these except the IOS. To be honest, even iPhone could not resist the true force of its malware dark side. However, this malware was able to penetrate iPhone’s only when it was in a so-called jailbreak mode. Intriguing enough, isn’t it?

On the other side, we do not want you to get the wrong impression that with an iPhone is nothing to worry about. The SpyFin is the legitimate cyber weapon used by the government agencies. Every iPhone has an open secret backdoor, which is more than enough to keep you restless about your privacy.

Our word of advice is, do not trust to results published by numerous surveys. Do not even trust your own smartphone. As a matter of fact, you should follow the golden NSA rule. If you have nothing to hide, then you have nothing to worry about. It’s really that simple. For your own good, do not be stubborn about this one. Will you?

Ex Workers + Current Access = Future Troubles

August 23, 2014 — Leave a comment

At the very core of every major serious cyber trouble, there is and always be a human related factor or error. Would you be so kind to write down this simple rule a couple of hundreds of times, for your own cyber well-being. Here is something to include in the field of corporate IT security.

You will be surprised to find to which extent ex-employees still have limitless access to almost all of the companies IT infrastructure. In the absolute majority of all cases the people in charge of HR or IT administration are simply lazy to do all what is necessary. Do not jump to the wrong conclusions.

We are not saying that as soon as you leave your company, you will become a vigilante hacker. Yet, who is stopping you to take an advantage of the situation. It is almost impossible to resist when you have a chance for some payback to a company, which fired you in the worst possible moment.

Just as you are required to clean your working desk, someone also has to clean your cyberspace after you. Eventually, the last thing you need is to be blamed for some hacker’s attack on your ex-company, which used your old data. Let bygones by bygones, focus on a new job and new passwords. Right?

Troubles Come In A Legit Disguise

August 18, 2014 — Leave a comment

It seems that modern hackers like to read the old books about the military strategy and the art of war. How else we are supposed to explain the sudden change of concept in the master design of the most malicious software? If you examine modern malware, you will notice an intriguing phenomena.

There is no need to attack the system, when you can skip it undetected. Why bother fighting, when you can do your job with a proper disguise. And, this is how we reached the point that top malware looks and works like a completely legitimate software. You realize that something is wrong when it is too late.

The new RAT or Remote Access Trojan for Android really does not have problems when it comes to a successful disguise in both paid and free apps. The more popular a certain app becomes, the more likely is that it carries an uninvited guest with it. So, what are we supposed to do in order to defend our Android territory?

Well, you do not have to be a general to know that new weapons on the battlefields simply call for new strategies and defense measures. If these malicious troublemakers can disguise themselves, then we can and should find a way to scan them properly before they hit the walls of our digital fortresses. Right?

Top Hackers’ Destinations This Summer

August 12, 2014 — Leave a comment

The things have changed this summer. So far, Java has been the most favorite destination for hackers during the warmest period of the year. However, according to the findings of the Bromium Labs it seems that the hackers have found the next big summer hit – the good old Internet Explorer.

What is so special about the Internet Explorer? Well, you should probably know by now that ensuring the technical support for the outdated versions is definitely the Achilles’ heel for Microsoft. Windows XP cannot count on the support including Internet Explorer 8. No support + no updates = no protection.

The trouble with Microsoft users is that they are unadorably loyal and surprisingly stubborn. Every now and then, Microsoft urges them to move to the latest versions available. Nevertheless, they keep using older versions of both Windows and IE while demanding the continuous support regardless of the circumstances.

And, here it goes. While the two sides are arguing, in our case Microsoft and users, the third party takes an advantage of the situation. The hackers just could not wish for more. Stubborn and reckless users, who are swimming in the unprotected waters. Hunting season is on. Update or suffer, there is no third option.

IMELA Software Blog

4 out of 5 dentists recommend this WordPress.com site

Malware