Tuesday, 31 March 2015
Monday, 30 March 2015
Anonymous - The 5th of November, Are you ready?
from Cyber Security Dojo http://ift.tt/1oBikcP
via IFTTT
The number one e-commerce security issue is fraud: Christopher Young
Intel Security’s senior VP on cyber security, the McAfee acquisition and the debate over sharing sensitive company information with govts
Mumbai: Intel Security, the $3 billion unit of the $56 billion Intel Group, is sharpening its focus on protecting mobile devices, which it believes is the fastest-growing computing platform. Christopher D. Young, senior vice-president and general manager of Intel Security talks about how the company’s $7.6 billion acquisition of McAfee Inc. five years ago, has helped its growth, Intel’s security solutions for wearables and other devices and the debate over sharing sensitive company information with governments while enforcing security controls. Edited excerpts from an interview: How serious are companies about security? Security can be broadly characterized into three parameters: protecting, detecting, responding. Till recently, the primary focus area of most of the security industry was about protection. However, we are now seeing a clear shift to detection and recovery, given that all the new technologies customers want revolve around these two pillars. Faster time to recovery is the number one focus for our customers today, in terms of advanced malware detection, intelligence tools and analytics tools. Another significant change is the priority that security is being given by enterprises today—evolving from an afterthought to a boardroom discussion, with companies willing to spend a considerable amount on security today. How is India placed in terms of company and individual security? According to Intel Security, in India, of all the attacks, 34% occur in the financial sector and 34% in the IT sector—two of the biggest industries in the country. Interestingly, ransomware or malware is the single highest type of attack accounting for 11% of all attacks, and we think this points to the need for better gateway products that stop the efficacy of ransomware. The second most common of attacks are autorun worms, which take advantage of unpatched systems, accounting for 10% of all attacks. On the consumer side, 48% of all attacks are autorun viruses, which points to the fact that both enterprises and individuals in India are not patching their systems with the latest updates. With e-commerce booming, what are the possible security threats looming ahead? The number one e-commerce security issue is fraud. A lot of the fraud starts with somebody stealing a consumer’s credit card number, bank information, credentials, etc. They do this by putting malware on a person’s device and then watching what the person types to steal credentials. So a lot of money is being lost in e-commerce. However, consumers can do a lot more to protect their systems like making sure their systems are patched, that they have malware cleaner or block malware, and keep stronger passwords. We work with law enforcement agencies and try to message our customers so that they don’t download fake updates. But ultimately, customers need to be more vigilant. What does Intel Security recommend after a company gets attacked? Currently, the security industry is very fragmented. It’s not uncommon for me to talk to a customer who uses 50 different security companies to provide different parts of their security infrastructure. However, if an enterprise were to use a single company or fewer companies to provide their security needs, dealing with recovery after an attack could be a much more efficient process, as it involves fewer systems talking to each other. For example, Intel Security has the ability to cater to at least 80% of an enterprise’s security needs, including a firewall, an IPS (PS stands for Intrusion Prevention System), endpoint security, security gateways for email, browsers, etc. We provide all these products with a connected architecture so that they can share threat information, making it much simpler for the security analyst to solve the issue, saving time and complexity. In this way, we estimate that the number of people involved in alleviating an attack can be cut by at least 30%. Securing mobile devices is equally important. What does Intel Security suggest? On the consumer side, we offer free anti-malware solution for Android devices; so, anybody can go to our website and download it, and it’s one way we believe we can help consumers protect themselves against malware on the mobile device, which is the fastest growing platform in computing. On the enterprise side, we have developed a whole new set of tools, technologies and services that can help our customers become faster in detecting and responding to a threat. Besides, we also have anti-malware for these devices, secure data storage, secure data vaults that will help you encrypt your data on phones and tablets to store them in the cloud. What about protection for wearables? For the Internet of Things (IoT) specifically, we have gateway solutions, application controls, etc., to protect data that gets generated on wearables and other such types of devices. We bundle security with the gateway application that connects the wearable to the cloud and we can provide good controls that way. Companies and governments are yet to reach an agreement over stronger security controls and compromising privacy of individuals… Reaching a compromise on encryption between private companies and the government for surveillance is going to be largely situational. Security and privacy have a complex relationship with one another—most of the times you need good security to ensure privacy. But sometimes, in order to deliver good security, you need to break privacy. The only way to get the balance right is for an organization to apply security and privacy controls to their context. What about cyberwar between nations? It’s a very complex problem to solve when your whole geopolitical system is literally based on geography, when cybersecurity challenges the very notion of any government of any country because it’s not bound by land. We need to have a United Nations-like model for cybersecurity with enforcement being part of it. We are still early in that discussion, but US president Barack Obama has finally started talking about it.
Source: http://ift.tt/1DljYeZ
from cyber security caucus http://ift.tt/1DljXYB
via IFTTT
EC-Council and CSI Partner to Add Cyber Security Education to School Curriculums
The Computer Society of India and EC-Council are coming together to add cybersecurity education to school curriculums all across India, based on the foundational EC-Council program, Certified Secure Computer User (CSCU).
The Computer Society of India and EC-Council are teaming up to increase cybersecurity awareness curriculum in schools across India. The goal of the program is to expose students to the subject of cyber security at a young age as a prospective career choice in order to help satisfy the growing demand in India for cyber-security professionals. As a side benefit, even students who do not end up having a career in cybersecurity will learn valuable cyber security skills – skills seriously lacking in the general public.
Cyber security isn’t just lacking in the general public – it’s a problem in the IT industry as well. India, a country recognized for its technological industry, itself was found lacking when EC-Council analyzed its programmers’ skills through the Code.Uncode competition. EC-Council found that just under one percent of India’s computer engineers had basic skills in secure coding.
India houses 1,125,588 primary schools and 181,404 secondary schools with most of the schools in metro areas like Delhi NCR, Mumbai, Chennai, Bangalore, Hyderabad, etc. The issue of cyber-crime is a rising concern and to tackle it efficiently and effectively, defense has to start early. School students have to be trained on the basics of cyber security. Knowledge of cyber security is no longer just a requirement for IT professionals, but a set of skills every citizen using computer should have.
About EC-Council
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. EC Council is the owner and developer of the world-famous E-Council Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), Certified Security Analyst (ECSA), License Penetration Tester (LPT) programs, and various others offered in over 60 countries around the globe. These certifications are recognized worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, and the US Government National Security Agency (NSA) and the Committee on National Security Systems (CNSS) certifying EC-Council’s Certified Ethical Hacking (CEH), Network Security Administrator (ENSA), Computer Hacking Forensics Investigator (CHFI), Disaster Recovery Professional (EDRP), Certified Security Analyst (E|CSA) and Licensed Penetration Tester (LPT) program for meeting the 4011, 4012, 4013A, 4014, 4015 and 4016 training standards for information security professionals and most recently EC-Council has received accreditation from the American National Standards Institute (ANSI).
For more information about EC-Council, please visit http://ift.tt/VT9izl.
About CSI:
The mission of CSI is to facilitate research, knowledge sharing, learning and career enhancement for all categories of IT Professionals, while simultaneously inspiring and nurturing new entrants into the industry and helping them to integrate into the IT community. The CSI is also working closely with other industry associations, government bodies and academia to ensure that the benefits of IT advancement ultimately percolate down to every single citizen of India. To help achieve these goals, the CSI has several Special Interest Groups (SIG’s), and various initiatives pertaining to affordable computing and the spread of computer literacy.
Source: http://ift.tt/19AV119
from cyber security caucus http://ift.tt/1ErlcW8
via IFTTT
Anonymous - The Secrets of Scientology Full Documentary
from Cyber Security Dojo http://ift.tt/1BHv1IV
via IFTTT
A Day in the Life of a SSCP - Chuck Gaughf
from Cyber Security Dojo http://ift.tt/1a9OJH8
via IFTTT
Sunday, 29 March 2015
Anonymous - Wikileaks Full Documentary
from Cyber Security Dojo http://ift.tt/1oS5ln6
via IFTTT
Saturday, 28 March 2015
Friday, 27 March 2015
Thursday, 26 March 2015
The underworld of the internet: The UAE’s struggle with cybersecurity
Mohammad Amin Hasbini, senior security researcher at Kaspersky Lab, speaks about cyber security. Antonie Robertson / The National
Cyberattacks are rampant in the UAE, the second most targeted in the Middle East last year. With so many children online from an early age, parents must ensure they remain protected from bullying and manipulation.
Every day, the UAE comes under attack in ways that many of us never see and the youngest and most vulnerable are targets.
Despite the country’s relatively small population, it was the second most attacked Middle East country online last year, a new survey shows.
At blame is the proliferation of devices that now form an inseparable part of our daily lives, says Mohammad Amin Hasbini, a senior security researcher with the software provider Kaspersky Lab, who conducted the survey with B2B International.
“As you know, we are all using multiple devices,” says Mr Hasbini. “Every one of us now has at least five devices at home.
“Some of the statistics mention that over 60 per cent of children above 3 to 4 years old have smartphones.”
Children, he says, have better access to smartphones than laptops and computers because they are portable and because parents like to be able to contact their children at all times.
“We are living in an advanced society and internet penetration and fast internet services are available to everyone,” says Mr Hasbini.
“That’s another indication that we need to follow up on what is happening, and we need to follow up on our children because threats are there and we need to act on them.”
But it is not just children who are naive when it comes to cyber security. The report also found that more than half of UAE respondents use free public Wi-Fi, with only 31 per cent of them taking precautions.
This is particularly lax, given that 2.5 million of the attacks last year were network attacks, which Mr Hasbini says make users vulnerable to “script kiddies”.
These are amateurs who download and run scripts developed by other programmers to attack websites and people, redirecting them to malicious websites, stealing information and generally causing havoc.
Meanwhile, nine in 10 people said they trusted computers and smartphones to store corporate, personal and financial data, while 42 per cent used unsafe methods to store passwords.
This haphazard approach puts users at risk of phishing, where “bad emails” contain links to malicious websites.
These mimic popular websites and lure users into entering their usernames and passwords, which criminals can then use on the real websites.
These lures can be sent through SMS, email, social networking sites and any other form of contact. “These are very active and very dynamic,” says Mr Hasbini, and “very difficult to monitor and detect”.
Another type of attack that is on the rise is ransomware: malicious files that encrypt the documents and files on people’s computers so they cannot access them.
Given how much information people store on their computers and devices, most are likely to pay a ransom to recover these files, says Mr Hasbini.
Some ransoms may be set as high as €1,500 (Dh6,035) and unless people have good security, they may have no other way to recover their files.
Kaspersky detects and analyses 325,000 malicious files every day. But it is not just computers that are at risk. The company detects 28,000 unique files a month just for the Android operating system.
“You receive a link via SMS on your device,” Mr Hasbini says. “This link then installs a certain application that starts monitoring all your traffic, stealing all your photos, all your data, all your passwords, and then these will be used in many bad activities.”
Perhaps, to those without children, a more ominous threat is the risk of financial attack. Many people use smartphones to access banking and government services, and even those who are familiar with financial threats are at risk.
from cyber security caucus http://ift.tt/1GtHPbS
via IFTTT
Wednesday, 25 March 2015
Tuesday, 24 March 2015
Monday, 23 March 2015
Sunday, 22 March 2015
Perry Opening Statement at Hearing on Unmanned Arial System Threats
from Cyber Security Dojo http://ift.tt/1BmjDl8
via IFTTT
Saturday, 21 March 2015
Anonymous - Web Warriors Full Documentary
from Cyber Security Dojo http://ift.tt/1BjgZg0
via IFTTT
Friday, 20 March 2015
Thursday, 19 March 2015
Wednesday, 18 March 2015
Are Cybersecurity Stocks Still Hot Or Lukewarm?
Last month, cybersecurity stocks emerged as some of the market’s top gainers.
They have since faded a bit, but watch this video as we check back in with Palo Alto Networks (NYSE:PANW), Vasco Data Security (NASDAQ:VDSI) and CyberArk Software (NASDAQ:CYBR) to see how they’re doing.
Source : http://ift.tt/1B0ebEj
from cyber security caucus http://ift.tt/1F3SLgJ
via IFTTT
Anonymous - THE FATE OF HUMANITY
from Cyber Security Dojo http://ift.tt/18DYZpP
via IFTTT
Tuesday, 17 March 2015
Monday, 16 March 2015
QR Codes Become Cheap Cybersecurity Applications
QR — or quick response — codes are widely used for marketing, connecting customers to information online via a smartphone scan, for example. Barcodes and QR codes are also used to identify a computer chip. To protect data on a chip, researchers at the University of Connecticut (US) are proposing the integration of an optical mask with these codes and to encrypt information using quantum imaging. Thus, if pirates were to produce a counterfeit product using identical codes, they would also need access to these optical masks for authentication.
To optically encode an QR code, the scientists place a phase mask, potentially as simple as Scotch tape, on top of a QR code. “Using a laser, we can then illuminate the QR code, which will produce a unique pattern,” explains Dr Bahram Javidi, professor in the electrical and computer engineering department at Connecticut. “If there is no phase mask, a different pattern would be produced.” The mask scrambles the QR code design into a random mass of black-and-white pixels. The optically encoded QR code is verified through the optical mask’s signature via statistical analysis.
Eventually, this advanced 3D optical masking method combined with extremely low-light photon counting encryption could transform ordinary QR codes into a high-end cybersecurity application that would be extremely difficult to duplicate. The right key not only authenticates a chip but also reveals detailed information about that chip and its specifications.
Unlike commercial QR codes, Javidi’s advanced versions can be scaled as small as microns or a few millimeters and could replace the electronic part number that is currently stamped on most microchips.
“Our proposed method allows for a non-invasive approach to authenticating an object,” Javidi points out, adding that his team is currently unaware of any comparable security practices that involve placing an optical phase mask on a barcode or a QR code with the encrypted information.
Being able to simply scan an optically encoded QR code with a laser could become a cheap and quick way to authenticate an object. The light technology is also non-invasive and does not damage the product.
Although Javidi says the method does not prevent tampering of an object, it could make it easier for a company or manufacturer to identify a counterfeit product. Furthermore, the technique could find employment beyond QR codes, e.g., in medication and consumer goods.
Source: http://ift.tt/1Cm0Nj7
from cyber security caucus http://ift.tt/1Cm0PHW
via IFTTT
Thursday, 12 March 2015
Hacking Fears Boost Cyber Security Shares
One of the most watched industries this year has been cyber security as several high-profile cyber attacks have drawn attention to the fact that hackers seem to be one step ahead of the programs protecting companies’ data.
Not only have private firms been spending more on new security tools to keep their customer data safe, but cyber security businesses are also being granted large government contracts in order to thwart hacking attacks from foreign countries as well.
Threats Rise
On Wednesday, a survey showed that security threats against American, British and Canadian companies are quickly rising and businesses are struggling to keep up.
The move toward cloud-based computing has created an entirely new range of cyber security threats that most firms are not prepared to deal with.
Additionally, a lack of training among employees has made it easier for hackers to get inside company databases through workers’ personal phones and computers.
Investors Get On Board
Investors have also taken notice of the industry setting shares of cyber security companies on fire over the past couple months. FireEye Inc. FEYE 2.38% saw its fourth quarter revenue jump by 150 percent last year and shares of CyberArk Software Ltd CYBR 6.98% have increased by more than 40 percent so far this year.
A relatively new ETF has emerged in the sector called PureFunds Cyber Security HACK 0.94% in order to give investors a way to play the sector as a whole; FireEye, CyberArk and Infoblox Inc. BLOX 1.7% make up the fund’s largest holdings.
Related Link: How Contract Management Helps Hedge Against Financial Services Cyber Threats
A Bubble About To Burst?
Many worry that the recent rise in cyber security share prices can’t be sustained. However, some analysts say the rise has been warranted as the firms aren’t just trading on headlines.
The hacking attacks like those carried out at Sony Inc. SNE 1.08% and Anthem Inc. ANTM 2.13% not only dominated the news, but genuinely boosted security firms’ balance sheets.
FireEye was hired by both companies to clean up the aftermath of the attacks, while other firms saw an influx of new corporate customers looking to prevent similar situations.
Also, with more and more businesses taking their data online, the threat of a breach is set to keep rising— making the demand for security firms likely to continue.
from cyber security caucus http://ift.tt/1ArvLAU
via IFTTT