Friday, February 26, 2010

Using TrueCrypt for disk encryption

How to use TrueCrypt for disk encryption

You're well aware of the benefits provided by encryption, but many organizations don't have the budget or resources to purchase an expensive encryption tool. In this TechTarget screencast, learn about a free open-source disk encryption tool.

Learn how to use this tool to not only create an encrypted drive, but also a hidden drive as an additional data protection measure.

Wednesday, February 24, 2010

Safe Travels for You and Your Data

Computers in cybercafes and hotels are notorious for having malware on them

You’re a smart traveler. You pack sunscreen and Pepto, locks for your luggage and a pouch to hide cash under your clothes. But what digital precautions do you take?

It’s hard enough to make sure the data you send and receive is safe when you’re at home or at work. But traveling brings a whole new set of hazards: from publicly accessible computers to unprotected wireless networks to crowded and pickpocket-plagued airports.

Luckily, preventing a digital wipeout while you’re on the road is reasonably easy and inexpensive. Here are some of the main things you can do to keep your data out of harm’s way while you wander the world.

Interest and worth reading article on NY times, refer here to read.

Sunday, February 21, 2010

Facebook users now have the option to apply a different access setting to each thing they post

Facebook Boosts Application Privacy Controls

Facebook has made it possible for its members to assign, on the fly, a wider variety of access levels to content they post using third-party applications and Web sites.

Previously, members chose a default privacy setting for content shared via applications, and that setting was then applied across the board to this type of post going forward.

While this default setting remains, members now have the option to apply a different access setting to each thing they post through an application or Web site, on a case-by-case basis, according to Facebook. For example, when using an application that lets members post greeting cards, members can now handpick on whose friends' Walls they want a particular card to appear.

The more granular access controls apply to third-party applications, external Web sites linked to Facebook via the Connect system and Facebook's mobile version. Some client software that lets members perform Facebook actions, such as Seesmic, is also incorporating the new access levels.

This change is consistent with a similar move Facebook made previously to let members assign different privacy settings to every post they make using the site's core features.
The access controls include options such as "everyone," which makes a post visible to all Facebook members, "friends of friends" and "friends."

Social-networking privacy, always a hot topic, has been in the spotlight in the past week due to an outcry over Google's Buzz social feature for Gmail.

Thursday, February 18, 2010

Illegal download of movies and music - You can be tracked

Three Arrested As Police Swoop on Rapidshare Link Forum
An Internet forum which provided links to movies and TV shows hosted on sites such as Rapidshare has been raided by police. Following an anti-piracy group investigation, three alleged operators of the 30,000 member site were arrested, two of which were teenagers. Searches were carried out on members in three other locations.

With 30,000 members Filmowisko was a prominent file-sharing forum. The site didn’t host any illicit material, but like many of its type, linked to movies, TV shows, music and other warez stored on hosting sites such as Rapidshare.

“Forum administrators are not responsible for content written by users. The files placed here by users are only for promotional purposes. After 24 hours you must delete all files downloaded from this forum,” said the disclaimer on the front page of the site before it disappeared.

Polish police and the Foundation for the Protection of Audiovisual Creativity (FOTA) anti-piracy group clearly didn’t think the disclaimer counted for much, and on February 12th conducted raids against the site’s operators.

Refer here to read more details.

Tuesday, February 16, 2010

Criminals are harvesting and selling Facebook users' information

Facebook users 'easy prey'

Facebook users have become easy prey for criminals as more and more people share personal information on the social networking site, says a computer anti-virus company.

Criminals are harvesting and selling Facebook users' information, stealing identities, sending spam and planting viruses, according to AVG (AU/NZ).

People put themselves at risk every day by carelessly clicking on invitations sent by 'friends' to join groups or write on their wall. They put all their personal information including date of birth and photos on their page. They even respond to fake Facebook requests for security details.

To help people stay safe on Facebook, AVG gave 10 tips:

1. Think about who you add: accepting a friend request provides your new mate with access to posts, photographs, messages and background information about yourself. Perhaps go through your list of friends and think about who you really want accessing your stuff.

2. Check privacy settings: Facebook recently got a face-lift, changing default privacy settings. It's worth going through them again - you may be sharing more than intended.

3. Why are you on Facebook? Is it just to share photos? Keep in touch with people? Share links and updates of your activities? Ask yourself what you want to achieve with your profile. It could be better to cut down on information-sharing.

4. Be smart about your password: try not to use the same passwords for all your accounts. Think about the type of security questions you set and where you are sending your updates.

5. Be aware of where you sign in from: When signing in from a different computer, check that it doesn't store your e-mail address and password. It's easy to accidentally choose it to "remember you".

6. Be careful what you say: once status updates and comments are posted, anyone can see, copy, and post it elsewhere. Do you really want people to know you'll be home alone tonight or away on vacation next week?

7. Watch out for phishing attacks: there have been numerous attempts to get users' login and passwords by tricking them with fake Facebook e-mails. Never select any e-mail links asking you to reset your password. Always go directly to Facebook.

8. Take immediate action: If friends start receiving spam from you or status updates appear that you didn't make, your account may be compromised. Immediately change your password. If you can't log into your account, go to the Help link at the bottom of any Facebook page and click on "security" to notify Facebook.

9. Protect your mobile device: Many mobile phones have direct access to social networking sites, including Facebook. Be mindful about who has access to your cellphone and make sure you log off the sites.

10. Monitor suspicious activity: Watch out for suspicious activity on your wall, news feeds and Facebook inbox. Never click on a suspicious link. Look closely, if the link does not look authentic, don't click.

Wednesday, February 10, 2010

Flaw in e-passports that makes them susceptible to identification

e-Passports Threaten your Privacy

University of Birmingham (UB) researchers have discovered a flaw in e-passports that makes them susceptible to identification. The defect is in the design of the radio-frequency identification tag used by e-passports. The discovery makes it possible to detect the passport of a particular person from a distance of a few meters.

An attacker can track the movements of a specific passport by replaying a particular message. The research has shown that there is a flaw that makes it possible to identify the movements of a particular passport without having break the passport's cryptographic key. E-passports have been issued to more than 30 million people.

An e-passport is the most recent generation of passport. It is an identification document combining a traditional passport with a RFID tag capable of performing cryptographic operations, storing biometric data and other personal information. All e-passports have RFID chips embedded into them – these carry personal information such as date of birth, passport number and a photograph, and they respond to any radio signal sent to them.

Cheap and easily available RFID tag readers can be used to send a signal to a passport. University of Birmingham computer scientists have shown that by replaying a particular message, the attacker can distinguish any passport from any other.

An attacker could identify a target by using the reader to send a signal to the target’s passport and then, for instance, build a device that could be left by a door to detect when the target entered or left the building.

Please refer here to read more details.

Friday, February 5, 2010

Chinese hackers are behind an escalating number of global attacks

Hacking for Fun and Profit in China’s Underworld

Internet security experts say Chinese hackers are behind an escalating number of global attacks to steal credit card information, commit corporate espionage, and wage online warfare against other nations. In China, and in some parts of Eastern Europe and Russia, computer hacking has become a lucrative hobby for skilled hackers.

"They make a lot of money selling viruses and Trojan horses to infect other people's computers," says author Scott Henderson, who has spent years tracking Chinese hackers. There are conferences, training academies, and magazines all devoted to providing information about hacking.

In China, there is a loosely defined community of hackers who work independently, but who also sell their services to corporations and the military. One such hacker, going by the code name Majia, says he does not work for a major Chinese technology company because it would limit his freedom, so he must remain underground.

Majia and other hackers keep a tight hold on their hacker secrets, including knowledge of software flaws such as zero-day vulnerabilities, for future use.

Refer here to read more details.

Tuesday, February 2, 2010

Best Practices for Securing Mobile

New Phishing Schemes Target Mobile Customers with Bogus Apps

There are some best practices that cell phone users should keep in mind when using their phone, whether for business or for personal use.

Make No Assumptions - Never assume that voice calls are confidential (like fax or email), especially when calling internationally where some countries' phone operators have no encryption security in place at all. Check your signal, calls on 3G are more secure than 2G but often falls back to 2G when 3G is unavailable.

Ensure Physical Security - Keep your phone safe and do not leave it lying around. Skilled attackers can take just a few moments to install a malicious program, compromise the security of the SIM card or install a special battery with a bug in it, all of which can later be used to help intercept calls.

Protect PINs - Use and protect your phone and voicemail PINs in the same way as your bankcard PIN. Never leave confidential messages in voicemails or send confidential texts. Texts in particular are easy to read on the phone and mobile phone voicemails can often be accessed from any phone with the PIN.

Be Mindful of Malware - Be vigilant to prevent malicious software on your phone. Be wary of texts, system messages or events on your phone that you did not ask for, initiate or expect. Turn off Bluetooth if you are not using it.

Take Precautions - Consider installing antivirus/antimalware software. And if you strongly suspect your calls are being listened to, then turn off the phone when you don't need it and remove the battery as an extreme precaution. Also, use voice call encryption software on your phone to secure your sensitive calls that works worldwide and is as easy to use as making a normal phone call.

The financial institutions are no different to any other organization when it comes to protecting valuable phone calls, and this kind of call interception could also potentially extend to the calls made to the institution by customers inquiring about their accounts. Imagine a high-value customer calls into transfer or wire funds, and the call is intercepted.

Who would be responsible for the theft of that customer's money if a hacker got an account number, password or PIN?

"The responsibility angle is very important, as theft of voice call data is not explicitly covered by regulatory, compliance or best practices that already exist for 'data' (which means non-voice data)."