How to stop WhatsApp to share Mobile Number with Facebook

It’s been around more than two years that Facebook has officially acquired Whatsapp to expand the digital marketing landscape. Despite Whatsapp CEO Jan Koum said that user privacy wouldn’t suffer, the services are about to get a little bit friendlier with their data sharing.

Whatsapp has changed its privacy policy; in its new privacy policy it gives permission to share data, including your phone number, with Facebook. In an FAQ, WhatsApp says it is doing this to:

• More accurately count unique users.
• Better fights spam and abuse.
• Show better friend suggestions and more relevant ads to you on Facebook.

In a blog post, Whatsapp stated the reason behind this data sharing that highlights its plan to test the ways to communicate with businesses.

“Whether it’s hearing from your bank about a potential fraudulent transaction, or getting notified by an airline about a delayed flight, many of us get this information elsewhere, including in text messages and phone calls. We want to test these features in the next several months”.

What can be done to avoid this sharing of information between Whatsapp and Facebook?

There are two ways to opt out the sharing your account information with Facebook for targeting purposes.

Method 1:

On WhatsApp, don’t click Agree when it asks you to confirm you are happy with the change of terms. Instead, click read more. You should then see a check box or control button at the bottom of the screen which says “Share my WhatsApp account information with Facebook to improve my Facebook ads and product experiences”, Uncheck this.

Method 2:

If you have already agreed to the updated terms, you can go to to Settings > Account > Share my account info in the app. Then uncheck the box or toggle the control. But quick, WhatsApp says you only have 30 days to make this choice after agreeing to the new terms.

It seems that you can’t completely opt out this, as Whatsapp says that your information is sent to Facebook for other purposes such as improving infrastructure and delivery systems, understanding how its services are being used, securing systems, and fighting spam, abuse, or infringement activities.

So, it’s clear that somehow few of your information are accessible to the Facebook in a secure and reliable way. The only way to avoid this information sharing is to avoid the use of Whatsapp.

Read more

by Malik korrich ~ vendredi 16 septembre 2016 0 commentaires

How to win against Phishing attacks?

A Phishing email will typically direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has.

Phishing attacks are originated by an attacker from a remote location using some authentic or similar to authentic sources. That tends user to click on their links and disclose their personal information.

The attackers can run a Phishing campaign that takes only five minutes to put together, and within 25 minutes they get the access to corporate data that can lead to an organization-wide breach.

There are some ways to win against these types of attacks.

Check source of Incoming email:

Your bank or other financial institution will never ask you to give your financial detail, passwords or other personal information by email. Never respond to these emails, and in case of any doubt, call your bank for clarification.

Never follow your bank website link from emails:

You should manually logon to your bank’s website, instead of following the provided links through email. It may take you to a dummy page that attacker have created to steal your login information.

Enhance security of your computer:

Being observing is the key to identify the suspicious activities to protect your computer, but you should install a good antivirus solution to block these types of attacks. In addition, also keep your system and antivirus updated to detect latest attacks and malware.

Serve your sensitive data over private and protected websites only:

There are many websites that are not secured, that are acquiring personal details without any security. Avoid such websites and make sure that you are connected to private and secured network and computer before sending your personal and classified information.

Have any doubt? Don’t risk it:

Just in case you have a doubt that the website is acting abnormally or redirecting you towards unnecessary pages, stop there and don’t risk your information. This is the most basic technique to avoid Phishing attacks.

These are some of the basic techniques to overcome and win against the Phishing attacks, but the organizations should also need to create network strategies to restrict users to access only trusted websites. Additionally, emails should be monitored continuously to block malicious links.

Read more

by Malik korrich ~ vendredi 26 août 2016 0 commentaires

Cyber Security Issues: How to Establish Your Own Secure Online Business

Cyber Security and Online Business

In a modern world where the biggest part of society has a constant, uninterrupted access to a global network, the phenomenon of internet business became common. Modern technologies and equipment allow purchasing any item or goods online even more easily than it was with ordinary shops. The possibility to order online has made shopping a matter of few minutes. Meantime, with the whole bunch of possible methods of establishing a company on the internet, one key matter must be a priority. A cyber security is an important issue that should not be overlooked.

Benefits of Online Business Establishment

In the time when anyone can easily get all the requested tools and instruments to establish one's own internet company, it is unwise to forget to deal with cyber security issues in advance. All the businesspersons who tend to establish an online entertainment must deal with numerous aspects and procedures while launching an own business. The timelines and specific characteristics of the organization’s procedure also depend on an exact country. Besides, everyone can use an assistance of an experienced company that may help to deal with different technical and organizational issues. In case you want to open an online casino and need some additional software, an igame software company is the optimal solution for you to deal with an entire thing quickly and easily. In any circumstances, a detailed plan for future internet company’s development will be very useful. Working according to the plan, you will handle all the requested deals on time.

Online Business Establishment Procedure and Security

Once you've made a decision to open a virtual business, no matter whether it is a shop or online casino, you always deal with numerous important technical matters. You have to create your own website, which will allow users to access all your services and get an option to use different payment methods. The website should be safe in order to:
• Provide safety of users personal information and data;
• Assure secure payment methods;
• Protect your own web site from outside attacks;
• Prevent possible programs’ failures.
Dealing with all the above mentioned matters, correctly planned cyber security strategy is required. Business licenses together with legal, technical equipments and software are key matters in protecting your website from outside attacks and ensuring its smooth operation.

Virtual business is an essential and difficult job, where you always must be one-step ahead of your competitors. You must constantly check all the innovations in the cyber security sphere in order to protect your internet company and ensure its productive and smooth operation.

Read more

by Malik korrich ~ vendredi 29 juillet 2016 0 commentaires

5 Basic Tips to Reduce Insider Threat

As cyber attacks are rising consistently, organizations are looking forward to increase their security policies, management and strategies in order to detect and prevent cyber attacks. But there is a lot more sensitive threat relies, among them is the insider threat.

The Insider threat is crucial and should be addressed seriously as other external threats. Here are some easy tips to follow in order to reduce and prevent insider threats:

Securing Data

An organization must secure data, not by only implementing hard encryption techniques, but also controlled access as well as logging and monitoring who touches that data. Before implementing the insider threat program first secure your data and restrict data access. Data can be of millions dollar if exposed to competitors.

Learn From the Past Attack

“If you are experiencing a cyber attack, you are not alone, learn from others”
With each attack, advance your security strategies and put new controls in place to explicitly watch for similar types of attacks so it can be prevented before damaging the company’s assets.

Train Employees

In many cases it has been noticed that employees don’t even know that they are being used against their organization by performing any suspicious activities that are not harmful in nature but sensitive and critical to the organization and beneficial for the competitor. So training should be provided on a regular basis for the awareness of employee about the outcome of their activities.

Use Latest Technologies

Latest technologies play an important role while fighting with cyber security threats. The Centralized logging tool can be used to monitor employee logs, and also notice their nature of emails, whether if they exceed certain specified size of attachments. It can detect many of the insider attacks as well as record employee’s activity log.

Cooperate with Your Employee

One thing to keep in mind to overcome the insider threat is, don’t make your employee unhappy. An unhappy employee can be dangerous to an organization than any outsider. Insiders have all the access to the system; don’t give them a reason to spoil your business.

By adopting these simple tips you can overcome the insider threat easily. Don’t take insider threat leniently; it’s more dangerous than any other attack as they have all the access to enter your system. One bad employee can ruin your whole business, so keep monitoring your employee.

Read more

by Malik korrich ~ mardi 26 juillet 2016 0 commentaires

How to avoid loss of your valuable data? Backup your Data for FREE.

A virulent truth every individual and an organization in this world is the loss of their valuable data. The causes of these data losses can be deleting the files accidentally, virus attack, Mechanical damages, power failure, loss of pen drive, accidental loss. In this modern age of technology, almost every person has experienced at least one of these causes of data loss.

Now the big question, what steps can be taken to recover from these continuous causes of data loss. Data backup is the most important and essential step for businesses and individuals.

You don’t need to have an IT or tech background to take the backup of your data. There are many FREE software available, which are easy to use and provides you a secure and easy data backup solutions.

One of the most dependable and the best solution for data backup is the EaseUS Todo Backup FREE software.  EaseUS Todo Backup is the world’s most popular FREE backup software with over 6,000,000 users all over the world.

The key features EaseUS Todo Backup provides its users are: backup, disk clone and disaster recovery solution, supporting one-click system, files and applications backup.  Todo Backup FREE provides individuals the supported hard disk capacity upto 16 TB.

EaseUS disk clone software is the best and most reliable disk/partition clone software for home and business users. Sector-by-sector copy method assures you a 100% identical copy to the original. Home users can enjoy the FREE version which offers supported hard disk capacity upto 1 TB.

Users can benefit from FREE feature like; Disk/Partition cloning and Sector level cloning (Slow speed). EaseUS backup software is a perfect solution for individuals who would like to secure their data forever. 

Read more

by Malik korrich ~ mardi 5 avril 2016 0 commentaires

Research says 'WhatsApp' is taking its users data.

Latest research has unveiled some most shocking facts about popular messaging app "WhatsApp" which says, the App is collecting all the data from its users phone which include his numbers, call duration and other information like chat and other data. 

 

This research was conducted by the University of New Haven, it explains that, "WhatsApp uses the FunXMPP protocol, a binary-efficient encoded Extensible Messaging and Presence Protocol (XMPP), for message exchange".

 

The messaging app which was found in 2009, which was acquired by Facebook earlier this year has millions of users around the world. Researchers said Decrypting the network traffic isn’t simple, as both access to data on the device and full network traffic is required.

Researchers has decrypted the WhatsApp client connection to the WhatsApp servers before viewing exchanged messages using a bespoke command-line tool they created. 

 

We all know that Obama administration is concerned with the encryption policies of messaging apps. So, collecting and transmitting data from users maybe done on the pressure of NSA officials. Remember LINE has introduced an end-to-end encryption recently which makes a lot of NSA officials angry. 

 

This has been a sort of theft when you see it. The company could face backlash of their users because they are not aware about how WhatsApp is collection and transferring all their chats, phone numbers, pictures, videos and other things they transfer through the app. 

 

A paper about the study, entitled WhatsApp Network Forensics: Decrypting and Understanding WhatsApp Call Signaling Messages, was published in the scholarly journal Digital Investigation. The article was co-authored by F. Karpisek of Brno University of Technology in the Czech Republic, and Ibrahim Baggili and Frank Breitinger, co-directors of the Cyber Forensics Research & Education Group at the University of New Haven.

Baggili said,“Our research demonstrates the type of data that can be gathered through the forensic study of WhatsApp and provides a path for others to conduct additional studies into the network forensics of messaging apps”.

Now the question is how safe you feel while using your favorite messaging app? Because one thing is for sure WhatsApp is keeping your data on its servers and with the high profile security breaches every week. No one can say with confidence that their servers cannot be breached. 

 

In this research there is no mention about Messenger conduction this type of activity, even though both are acquired by the same man. 

Read more

by Malik korrich ~ mardi 27 octobre 2015 0 commentaires

Dell launches end-to-end security features to protect customers

Dell launches new threat protection for enterprises; which will protect them from major security threats. The company launched its end-to-end security features for its all customers on dell world conference this week.

The PC manufacturing giant said that its new features will enable all enterprises to setup a "comprehensive enterprise security strategy". Some top features in new dell security portfolio are:

• Multi-factor authentication which will be expanding the users security for cloud apps. 
• A new approach of detecting and blocking advanced persistent threats. 
• Enhancements to the Dell Data Protection (DDP) suite of data security solutions. 

Dell also launches some very interesting data security solution for its customers. DDP ( Dell Data Protection) portfolio will protect its customers data from any threats during transfer. Here are the 3 features which the DDL introduces:

• Cloud Edition 2.0 : This will allow the companies to encrypt their data and implement policy controls as the data is transferred from endpoints to public cloud platforms. This feature will surround with Google Drive and Microsoft OneDrive for Business in addition to Box and Dropbox. The key of encrypted data will remain in control of the company until it wishes to share it with authorized person. 

• Server Encryption : This DDP feature will protect the companies data from any threat or vulnerability; by providing complete software encryption to both remote and branch office servers. 

• End Point Recovery : This is a highly effective DDP feature which enables you to protect yourself from any data loss. The user just had to select the option of continuous backup for laptops, desktops and tablets.
  

Dell also expanded the Security Analytics Engine included with CAM, to gather information from more sources to further expand the ability to make context-aware security a reality with real-time, adaptive decisions and enforcement.

 

DDP also comes with cloud access manager 8.1; it is a multi-authentication secure access service for cloud based and internal enterprise application. This will be available from the 28th of Oct on web. 

Read more

by Malik korrich ~ jeudi 22 octobre 2015 0 commentaires

Thales acquires Silicon Valley firm.

Thales Group a leading French based multinational has acquired a silicon valley firm 'Vormetric' this week.Thales paid $400 for this acquisition, Vormetric is a leading provider of data protection solutions in physical, virtual and cloud infrastructures.

 In an announcement  CEO Patrice Caine said; "The acquisition of Vormetric is a great opportunity to accelerate the growth of our cybersecurity activities. Combining Thales critical IT systems protection capabilities with Vormetric's know-how in data protection will create a global leader in data security, offering comprehensive solutions for protecting enterprises against cybersecurity threats."

 Thales is one o Europe's leading global provider of trusted cryptographic solutions with a 40-year track record of protecting the world’s most sensitive applications and information. Because Vormetric provides systematic data protection; it will merged well with e-security activities of Thales.

Thales is one of the leading companies in the hardware security models (HMS) market, protecting highly sensitive data of around 19 to 20 worlds leading banks and technology companies.

Thales is planning to provide its clients a comprehensive suite of data protection after completing the acquisition of Vormetric. This acquisition will dramatically increase the  capabilities of Thales Cyber Security. Now they care well equipped to provide all the world's leading companies protection against cyber criminals at the highest level.

Thales is also planning to enter the U.S market which has suffered a large number of security breaches in recent years. Sony hack is one of the biggest of recent time which the world still remembers.

A spokesman for Thales said the firm would retain Vormetric's operation in California, but the development meant growth could occur at the firm's Plantation campus.

Read more

by Malik korrich ~ mercredi 21 octobre 2015 0 commentaires

Security Agencies raise eyebrows over LINE Messenger security update

LINE becomes the first messenger app to introduce the the end-to-end encryption which makes it impossible for the all the top security agencies around the world to intercept any sort of data. Whatsapp and iMessage top two messing apps are still working on this encryption, which is believed to be the next big step for messing apps.

The company makes the announcement on their official blog on Tuesday about its new security feature. This security update will protect LINE users from Hackers and Security agencies who are spying on their citizens in name of state security.

The company named the feature as "Letter Sealing", which will protect all the LINE messages from any unauthorized access during the delivery time. The security update feature is for Android,  iOS and desktop (including Windows and Mac OS X). Android and iOS users can enjoy this latest security feature only on 5.3.0 and later versions.

Keys associated with encrypted content will be stored only on user's devices rather than on a central server. That means there’s no key for LINE to hand over as and when law enforcement come knocking. Which has raised many eyebrows among the security agencies in U.S and Europe. Security agencies believe that such encryption will make it easier for the terrorists around the world to communicate and conduct their activities.

On the other hand this has been a big setback for the other messaging apps, because a lot of users will be switch towards LINE after their latest security feature. With the high profile data breaches occurring everyday users are more towards using apps which offers maximum security.

This security update may prove to be the biggest move for LINE in increasing their market share among the messaging apps.

Read more

by Malik korrich ~ mardi 13 octobre 2015 0 commentaires

Top 5 iPhone Security Apps

Hacking Smartphone's has become a primary case now a days, hackers are now more into targeting the smartphone devices than Computers. Every month we hear a news about new malwares security researchers are discovering, which has already effected the thousands of Smartphone devices. So the question now is, How can you secure yourself from these Malwares or secures data from these hackers.

iPhone users are the latest one who are effected by a malicious Malware name YiSpectre which the Palo Alto researchers has discovered recently. The only way iPhone or any other smartphone users can stop these malwares from entering their devices is by installing the necessary security apps.

In this article the we educate our readers with the top most iPhone Security Apps which can help them not only stop malicious malwares from entering their devices but also secures their phone from any possible hacking attack.

1Password 

At the top of our list is the security app name "1Password", which is also dubbed as Secure Wallet because of its capability of storing the users credit card information securely. This app is very simple to manage. 1Password generates passwords and manages it securely. This software can also work on your Mac. It also alerts users about the insecure apps.

 Norton Mobile Security

This is another powerful security tool for iOS users. This app can help you locate your phone from anywhere with the help of internet connection, that's the reason behind its slogan which is 'Lost Phone Finder'. It also has contact backup that allows you to easily restore contacts across your mobile devices.The backup data also includes photos, files, folders, audio, video etc. 

Find My iPhone

This is one app I highly recommend readers to install in their iOS devices. This app can help you when your iPhone is lost. You can use any other iOS device to find your phone. There have been incidents reported by people about finding their phone using this app. 

LastPass 

If you want your data to be secured from hackers then Lastpass is the best solution for you. Its unique passwords makes it almost impossible for hackers to breach your Apple device. LastPass is an app that integrates with your iPhone/iPad browser and keeps you signed in securely, irrespective of where you are. LastPass stores all your passwords used across devices, expecting you to remember just a single LastPass password.

 Webroot SecureWeb 

If you want to be safe from any web based security threats then Webroot is the app you are searching. With this application installed in your device, you can easily block any malicious websites, analyze search results and check what's safe and what isn't on websites including shopping portals, banking sites etc.

Read more

by Malik korrich ~ mardi 6 octobre 2015 0 commentaires

ICANN found the Exposure of Confidential Information over 300 times

ICANN has admitted  that confidential information had been exposed in a security error on at least 330 occasions. By conducting an audit it was revealed that it had happened 330 times between 17 April, 2013, and 17 March, 2014.

The company reported in March that misconfigured Salesforce software had given every user access to every other user's information, including financial projections, launch plans and confidential exchanges.

The authorized user had to do was tick a box on the advanced search page to be served attachments connected to any of the more than 1,500 applications for new dot-word domains like .blog and .london, over a third of which came from the world's biggest brands. It has impacted 96 applicants. The searches were carried out by 19 users.


CANN's new CIO Ashwin Rangan stated in an interview  that his company does not know if the confidential attachments were downloaded or not. Those impacted "will be informed shortly."

ICANN said it realizes that "any compromise of our users' data is unacceptable," and that it "deeply regrets this incident." It pledged "to accelerate our efforts to harden all of our digital services."

Awfully, it appears to place blame on the users that used the advanced search feature: "ICANN is contacting the user or users who appear to have viewed information that was not their own and requiring that they provide an explanation of their activity. We are also asking them to certify that they will delete or destroy all information obtained and to certify that they have not and will not use the data or convey it to any third party."

ICANN is continuing to investigate the circumstances surrounding the access to this information and has not made a final determination regarding the nature of the access.

ICANN has encountered security breaches several times. In December 2014, the organization admitted that a number of its systems had been infected including the Centralized Zone Data System (CZDS) where the internet core root zone files are emulated.

Read more

by Malik korrich ~ jeudi 30 avril 2015 0 commentaires

SendGrid Encountered Data Breach

On April 9, the New York Times reported that the SendGrid account of Bitcoin wallet service Coinbase was hijacked and used to send out phishing emails.

The company has confirmed more users than it first thought are affected by a security breach last month.
SendGrid revealed that an employee’s account had been compromised and used to access several internal systems on three occasions in February and March.

According to the company, the systems contained usernames and email addresses of both SendGrid employees and customers and the passwords were salted and hashed (a method of scrambling the data to prevent it from being readable to humans).


The attackers were also enabled to accessed servers containing customer contact information and email address lists. Payment data is not at risk because the company does not store or process customer payment card data.

Even though the company said there was no forensic evidence to show that email lists and contact information has been stolen, but the company has reset passwords and asked around 600 customers to generate new digital signatures, known as DKIMs.

“Upon discovery, we took immediate actions to block all unauthorized access and deployed additional processes and controls to better protect our customers, our employees, and our platform. We have been working in collaboration with law enforcement and FireEye’s (Mandiant) Incident Response Team to thoroughly investigate this incident and are taking a number of additional actions to increase our system security,” David Campbell, SendGrid CSO, said in a blog post on Monday.

The hack was first reported earlier this month when the company said a "Bitcoin-related client" was the target of a hack. The New York Times revealed it was used by Coinbase, a virtual currency exchange. The Coinbase account was used to send out phishing emails in bulk, which is said to have entrapped a SendGrid employee's account.

Read more

by Malik korrich ~ mardi 28 avril 2015 0 commentaires

Silicon Valley has Increased Datacenter Connectivity Security

In the past week, US Homeland Security Secretary Jeh Johnson warned that encryption made it almost impossible to find criminals and terrorists and that iPhones will become the "device of choice" for terrorists. Furthermore, the UK's leading counter-terrorism official said tech companies are creating systems that are "friendly to terrorists."

Authorities on both sides of the Atlantic are cracking up for the reason that they will no longer as easily be able to seize your data with or without a warrant.

Since last year, Silicon Valley technology giants such as Google, Apple, Yahoo and others have increased datacenter connectivity security and enacting end-to-end email encryption.


 Apple took a greatest step forward by  encrypting its devices in such a way the government could no longer ask it for data. Google has currently included this option to its own Nexus-branded devices.

The executive chairman of Google, Eric Schmidt said at an event in San Francisco on Wednesday the responses were "proof" that its efforts to lock out the government are working.

Schmidt himself noted at the event that “Companies are required to follow the letter of the law.” That means whenever they are compelled to hand over data, they must adhere to the law. But the drive to "encrypt all the things" means they can't hand over anything because the users themselves have the decryption keys.

These tech companies have little option but to toughen the hatches and lock the government out, as far as when they are pressurized to drop encryption making everyone more vulnerable to hackers and state-sponsored attackers.

However the wistful reality is that people cannot trust the government to put privacy first over its surveillance operations. Instead they will be trusting Silicon Valley giant to look out for them.

Read more

by Malik korrich ~ jeudi 23 avril 2015 0 commentaires

FBI alerts Law Enforcement Officials of being Targeted by Hacktivists

The Federal Bureau of Investigation (FBI) and Crime Complaint Center (IC3) have notified the increasing threats to target law enforcement officials, officers, and agents by hacktivists.

“Law enforcement personnel and public officials may be at an increased risk of cyber attacks,” an FBI release stated.  “These attacks can be precipitated by someone scanning networks or opening infected emails containing malicious attachments or links.”

The Internet Crime Complaint Center has warned that hacking collectives were "effective at leveraging open source, publicly available information identifying officers, their employers, and their families."

"With this in mind, officers and public officials should be aware of their online presence and exposure," the notice read.

The notice particularly warned of doxing (when a person or group will collate personal information on a person, like phone numbers and addresses, and publish it online without permission), which could be used to identify and target an individual.

"Recent activity suggests family members of law enforcement personnel and public officials are also at risk for cyber attacks and doxing activity," said the notice. "Targeted information may include personally identifiable information and public information and pictures from social media Web sites."

The main purpose of FBI is to inform police officers who post identifying information on social media (including images of themselves in uniform) are making more vulnerable to being targeted.

However it is not evident whether there has been a direct threat to target law enforcement officials. The notice did not warn of a specific threat, nor did it name any particular group or individual.

The FBI has also drawn attention to the data collection efforts that could lead to “swatting” which is the process of “calling law enforcement authorities to report a hostage situation or other critical incident” when no such incident exists.

Read more

by Malik korrich ~ mercredi 22 avril 2015 0 commentaires

IBM Designed X-Force Exchange to Foster Cyber Security Intelligence-sharing

Today, IBM has announced a new global cyber threat intelligence sharing platform to make its huge store of about two-decade worth of security and cyber-threat data available to private and public companies.

It is powered by the wisdom and expertise of a worldwide community of cyber security professionals.

Present-day cyber criminals perform their tasks in highly sophisticated, organized and often well-funded networks. They rapidly share data, tools and expertise to launch large, high tech attacks with tremendous ROI. Many of these attacks cannot be detected until after millions of data records or dollars have been stolen.


The company said that it will offer its massive 700-terabyte (and growing) database of raw cyber-threat data and intelligence to companies having demand for it.

"We're taking the lead by opening up our own deep and global network of cyber threat research, customers, technologies and experts," said Brendan Hannigan, general manager for IBM Security. "We're aiming to accelerate the formation of the networks and relationships we need to fight hackers."

The new social platform, the IBM X-Force Exchange, is designed to foster cyber security intelligence-sharing across companies and industries. It features intelligence from the 15 billion security events, database of nearly 100,000 security vulnerabilities, and intelligence on millions of endpoints, systems, web threats and spam and phishing attacks.

As cyber criminals are becoming more skillful to cause threat to our data as well as to our ability to freely take advantage of mobile computing, e-commerce, the Internet and other advance technology. The company claims that by knowing more about the tools, techniques, and activities of hackers, they will be able to stop them.

The company said, “If we can spread cyber threat intelligence as quickly and widely as the ‘bad guys’ do, we have a chance to fight back against this new face of organized crime.”

However, the US government is also trying to encourage the idea of companies sharing cyber-threat data with the government (and vice-versa) in order to reduce the number of cyber attacks faced by the technology industry.

Read more

by Malik korrich ~ jeudi 16 avril 2015 0 commentaires

Target reached Settlement to Reimburse $20 million MasterCard Data Breach

Target Corp is about to reach a settlement with MasterCard Inc to reimburse financial institutions about $20 million for costs incurred from the retailer's massive data breach in 2013.

Target said in a statement on Wednesday that the amount under the settlement with MasterCard Inc covers costs that banks incurred to reissue credit cards and debit cards to customers as a result of the breach.

MasterCard has to coordinate with its bank and credit union partners to settle claims from the data breach. The settlement surrounds at least 90 percent of eligible credit card accounts receiving settlement offers. 

The newspaper reports that the $20 million encompasses costs that banks incurred to its customers as a result of the breach, as well as some of the fraud that resulted from the exposure of customer information.

Target proclaimed that in 2013, at the minimum 40 million credit cards were maltreated by the breach during the holiday shopping season, and the attack might have resulted in the theft of personal information, such as email addresses and telephone numbers, from as many as 110 million people.

Target revealed in a recent financial filing that it has incurred $252 million of breach-related expenses.

The payout would be roughly the same as TJX Cos. paid to MasterCard issuers in 2008 for a data breach that exposed more than 100 million cards to fraud. TJX is the parent of discount retailer TJ Maxx and other chain stores.

The negotiations appeared to be eminently difficult because the Target breach was followed by a wave of other high-profile breaches, including one at Home Depot Corp. that was even larger.

 During the discussions, Target representatives argued that they shouldn’t be compelled to reimburse banks for reissuing cards that would have needed to be reissued anyway due to the other breaches, according to people familiar with the negotiations.

Read more

by Malik korrich ~ 0 commentaires

Mass Surveillance Lawsuit against UK Government taken to Europe Highest Court

A lawsuit over the UK government's mass surveillance programs has been filed with the highest human rights court in Europe as it's public knowledge that the UK government has secretly monitored the communications of the British public.

Amnesty International, Liberty, and Privacy International announced on Wednesday that they have filed a joint application at the European Court of Human Rights after the groups said they "exhausted" all legal avenues in the UK.

The groups made that decision because the UK government had been involved in tapping the communications of millions of people but prior to that there was lack of transparency.


They proclaimed that UK laws, which helped clear intelligence agencies of any wrongdoing, are "in breach of the human rights to privacy, freedom of expression and non-discrimination guaranteed under the European Convention on Human Rights." By filing a complaint with Europe's highest human rights court, the groups hope that "GCHQ is finally held accountable for its unfettered spying on the world's communications."

The challenge comes due to the UK government’s increasing mass surveillance practices and the queries over the legality of these practices. The security services have been found to be in violation of UK law this year exploiting their unlawful approach to the interception of legally-privileged information between client and lawyer. The cases were heard in the secretive Investigative Powers Tribunal, with considerable portions of the proceedings held in secret.

The tribunal also found that the intelligence-sharing relationship between the UK and the US was unlawful before December 2014, because of the secret rules that govern the UK's access to US mass electronic surveillance programs including the clandestine PRISM system.

The court asked whether the group’s complaints were raised before the U.K.’s Investigatory Powers Tribunal, a secret court that can investigate complaints about any alleged conduct by the intelligence services. It is the only U.K. tribunal to whom complaints about the intelligence services can be directed.

The groups however did not go to the Investigatory Powers Tribunal.

Read more

by Malik korrich ~ vendredi 10 avril 2015 0 commentaires

FCC levies $25 Million Civil Penalty on AT&T over Customer Data Breach

The Federal Communications Commission and AT&T Inc (T) have been involved in an aggressive debate and now they have reached a $25 million settlement over the telecommunications giant in response to a data breach affecting roughly 300,000 customers.

A senior FCC official told reporters on a conference call that these breaches resulted in an unauthorized disclosure of names and full or partial Social Security numbers and illegal access to account information of about 280,000 U.S customers of AT&T.

According to U.S. Federal Communications Commission, the employees at call centers sold hundreds of thousands of AT&T customer records, including names and Social Security numbers, to criminals who attempted to use the customer information to unlock stolen mobile phones.

AT&T said in a statement: "We are terminating vendor sites as appropriate. We’ve changed our policies and strengthened our operations."

More than 279,000 U.S. customers of AT&T were affected by the data breaches, originating in call centers in Mexico, Colombia and the Philippines, the FCC said. In addition $25 million civil penalty levied on the No. 2 wireless carrier is the largest data security enforcement action to date.

In October, the FCC imposed a $10 million fine on telecom companies TerraCom and YourTel for consumer privacy breaches.

AT&T has "no reason to believe" that the stolen customer records were used for identity theft or financial fraud, the company said in a statement.

The FCC initiated an investigation into improper disclosure of customer information at AT&T's Mexico call centers in May. Soon after that AT&T informed the agency of additional data breaches in Colombia and Philippines, the official said.

AT&T will notify all affected customers, will pay for credit monitoring in many cases, and hire a data security compliance manager as part of the settlement with the FCC.

Read more

by Malik korrich ~ mercredi 8 avril 2015 0 commentaires

Your data is open to Hackers when sending from SmartPhone to SmartWatch

The growing number of smart devices that interoperates with smartphones could leave text messages, calendar entries, biometric data, and other sensitive user information wide open to hackers, security researchers warn.

That's because most smart watches rely on a six-digit PIN to secure information traveling to and from connected Android smartphones. With only one million possible keys securing the Bluetooth connection between the handset and the smart device, the PINs are susceptible to brute-force attacks, in which a nearby hacker attempts every possible combination until finding the right one.


Researchers from security firm Bitdefender mounted a proof-of-concept hack against a Samsung Gear Live smartwatch that was paired with a Google Nexus 4 running Android L Preview. Using readily available hacking tools, they found that the PIN obfuscating the Bluetooth connection between the two devices was easily brute forced. From that point on, they were able to monitor the information passing between the watch and the phone.

The findings aren't particularly surprising. Six-digit PINs have always contained one million possible combinations. Security engineers have long known that's hardly enough entropy to prevent a determined hacker from arriving at the right sequence of numbers. Still, the research is important because it comes at an important time. With the explosion of relatively new smartwatches and other wearable smart devices, the data traveling over Bluetooth connections is growing ever more sensitive. Smart device manufacturers would do well to create more secure communications channels now, before the devices become ubiquito.

Read full article on Arstechnica

Read more

by Malik korrich ~ jeudi 11 décembre 2014 0 commentaires

NSA Spied on Companies and Groups including U.S Allies

The National Security Agency has spied on hundreds of companies and groups around the world, including in countries allied with the US government, as part of an effort designed to allow agents to hack into any cellphone network, no matter where it's located, according to a report published Thursday.

Armed with technical details of a specific provider's current or planned networks, agents secretly attempt to identify or introduce flaws that will make it possible for communications to be covertly tapped, according to an article published by The Intercept. Security experts warned that programs that introduce security flaws or suppress fixes for existing vulnerabilities could cause widespread harm, since the bugs can also be exploited by criminal hackers or governments of nations around the world.


"Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities," Karsten Nohl, a cryptographer and smartphone security expert, told The Intercept. "Because once NSA introduces a weakness, a vulnerability, it's not only the NSA that can exploit it."

It's not the first time the US agency has been reported to introduce backdoors into widely used technologies. Last year documents provided by former NSA subcontractor Edward Snowden—the same source for documents supporting Thursday's story by The Intercept—showed that the NSA worked with standards bodies to adopt encryption technologies with known vulnerabilities in them. Two weeks later, the RSA division of EMC warned customers to stop using the default configuration of its BSAFE BSAFE toolkit and Data Protection Manager because it contained code reported to contain an NSA-engineered vulnerability.

The program reported Thursday, codenamed AURORAGOLD, has monitored messages sent and received by more than 1,200 email accounts associated with large cellphone operators around the world. One surveillance target is the GSM Association (GSMA), a UK-based group that works with Microsoft, Facebook, AT&T, Cisco Systems, and many other companies to ensure their hardware and software related to cellular technology is compatible. At the same time the NSA has been monitoring the group, other arms of the US government has funded GSMA programs designed to boost privacy on mobile networks.

Read more

by Malik korrich ~ jeudi 4 décembre 2014 0 commentaires