Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

The landscape of our own personal data security has changed

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

August 5, 2013

On many levels, Edward Snowden’s revelations about the activities of the various security organizations in the U.S. have not come as a real surprise, yet they still were a wake-up call on how the overview of our own personal data security has changed in the past year, and it's mostly caused by the mobile segment.

Multiple devices and increased mobility have meant that we have looked for new methods to ensure that we have access to our data wherever and whenever.

It's also increasingly uncommon to find a homogeneous household in terms of manufacturer or operating system. It's now fairly common to find Windows, OS X, Android, iOS and even Linux devices all within a single household. Throw in digital cameras and a couple of smart TVs, and it's no wonder that we have a situation that makes data sharing in a secure fashion more and more problematic for the average person.

So file-syncing and sharing products such as Dropbox, SkyDrive and GoogleDrive are pretty much inevitable consequences of this. The everage user now has a broad selection of these services-- some are free and some paid for, but pretty much all of them are insecure. In fact, some are even a whole lot worse than you'd expect.

Of course, it would be nice if the operating system manufacturers could agree on a standard which included encryption of data in-flight and at rest with a simple and easy-to-use key-sharing mechanism.

But even with that, we would probably still not trust it any more, but it might at least provide us an initial level of defence, for what it's worth anyway.

Some of us have already started to look at several ways of adding encryption to the various cloud services they use. In the past, some used TrueCrypt, but it's not seamless and can be complex for nothing. But this is becoming more feasible as apps such as Cryptonite and DiskDecipher are appearing for mobile devices.

Recently, we started to play with BoxCryptor and EncFS. BoxCryptor seems nice and easy to use, certainly on the desktop. It supports multiple cloud providers, although the free version only supports a single cloud provider — if you want to encrypt your multiple cloud stores, you will have to pay.

There are also alternatives such as Cloudfogger, but development for BoxCryptor seems to be ongoing. There is also perhaps the option of building your own "sync and share" service.

Another new service called 'Transporter' recently successfully launched and looks good, while another one called 'Plug' is in the process of getting launched as well.

Similarly, Synology Devices has Cloud Station, and QNAP has myQNAPcloud. Or, you can go totally build your own and use ownCloud.

And of course, in the enterprise segment you have a multitude of options as well. The main thing is, you need not store your data in the cloud in an insecure manner. You have lots of options now, from keeping it local to using a cloud service provider.

Encryption is still not as user friendly as it could be, but it has got easier. We'll update you soon on this and other topics.

In other internet security news

The same security research team that discovered significant internet security vulnerabilties in more than a dozen home wireless Wi-Fi routers adds even more devices to that list at Defcon 21 - 2013.

More and more major brand-name Wi-Fi router security vulnerabilities continue to be discovered by the team, and continue to go unpatched, a security researcher has revealed.

Jake Holcomb, a security researcher at the Baltimore-based security firm Independent Security Evaluators and the lead researcher into Wi-Fi router vulnerabilities, said that the issues are far worse than when ISE released its original findings in April of this year.

The latest study continues to reveal that the small office and home office Wi-Fi routers are "very vulnerable to attack," Holcomb added.

"They're not a means to protect your network and your digital assets," he cautioned. Holcomb is a relatively young researcher, in his mid-20s, who turned his lifelong interest in computer security into a professional career only in the past year.

Previously, he was doing network security for a school district in Ohio. The new report details no less than fifty-six new Common Vulnerabilities and Exposures, or CVEs, that Holcomb and the other ISE researchers have discovered in popular routers.

Those include the Asus RT-AC-66U router, the D-Link DIR-865L, and the TrendNet TEW-812-DRU router, for which Holcomb plans on demonstrating security vulnerabilities at Defcon today.

Additional requests for comment from the affected vendors were not immediately returned. We will update this story when we hear from them.

You might not think that the router security flaws could affect you, or would be easy to exploit, but Holcomb explained that because the security vulnerabilities appear to affect most routers, and are difficult to repair, these could put nearly every user who connects to a vulnerable router at great risk.

And the scenario he explained was a very common one. Small-business and home Wi-Fi router administration often employs weak passwords, or static passwords that are the same across multiple stores, like a Starbucks.

All an attacker has to do is go to his favorite coffee spot, buy a coffee and get the establishment's Wi-Fi password. Then, equipped with access to the Wi-Fi network, all that attacker would have to do is use one of the exploits that ISE has uncovered.

The wireless router would then be compromised, including all the Web traffic flowing through it. Holcomb compared the problem of fixing routers to traditional PCs. "In most cases, automatic updates are enabled for Windows and Mac," he said.

But, he added, "even if a router manufacturer were to implement a similar feature, most people don't log into their routers, and that's the core of the whole problem."

Basically, and because people have been trained to think of the router as a set-it-and-forget-it device, and one without security holes, it's nearly impossible to get them to update router firmware.

And the fix won't be an easy one either, at least not logistically. "I think the solution is for wireless routers to automatically update themselves, and offer users the ability to opt out of it," Holcomb said.

However, given the great reluctance of some major router manufacturers to address these security issues, those exploits could exist unpatched in the wild for several years to come.

Holcomb said that while TP-Link fixed all the security vulnerabilities that ISE reported to it, D-Link has never responded. And Linksys, he said, chose not to repair many of the vulnerabilities reported to it.

In the case of the Linksys EA-6500, someone can place their own code in the router's configuration file and then overwrite it as much as they can!

"It's an attack that relies heavily on social engineering," said Holcomb, "but it's an example of the vendors not resolving a security vulnerability. Why not, I still don't know."

Under the guidelines of responsible disclosure, Holcomb says that ISE notified all wireless router manufacturers of the security vulnerabilities discovered before going public with them, giving them a chance to fix them.

Holcomb will be demonstrating how to take control of three different routers using a different security vulnerability in each.

For the aforementioned Asus router, he plans to demonstrate a buffer overflow exploit. For the D-Link, he plans to use Web-based and symlink directory traversal exploits. He will then attack the TrendNet Wi-Fi router using a cross-site scripting forgery and command injection exploit.

"All three give us a root shell," he said, meaning access to the router's lowest levels of code, and that's a very big issue.

Holcomb will be speaking at Defcon's Wall of Sheep Speaker Workshop at the conference's Wireless Village today, August 4.

In other internet security news

The official Twitter account of the Reuters news agency has apparently become a direct conduit for pro-Assad propaganda yesterday after the account was hacked into by attackers from the new very infamous Syrian Electronic Army.

Updates supportive of Syrian president Bashar Al-Assad spewed from @thomsonreuters before stability was somewhat restored and the news agency regained control of the hacked account.

The compromised Twitter account was then used to place a series of various propaganda messages and cartoons in support of President Assad's government.

Since March 2011, Syria has been embroiled in a very bloody and messy civil war. Uprisings against the Assad government have resulted in numerous clashes between rebels and the regime's forces, which are supported by the terrorist group Hezbollah.

According to some security and human rights researchers, including InfoWar Monitor, the SEA has also been tasked with hacking and otherwise disrupting opposition websites within Syria itself.

Syrian citizens' access to the Web has been cut off twice in the past two years-- once in the second month of the civil war, and most recently as rebel forces fought their way into the capital city of Damascus at the end of 2012.

Reuters is the latest in a long line of well-known media organizations perceived to be pro-rebel or against the Assad regime. Previous victims include The Guardian, The Daily Telegraph, Al Jazeera and The Onion.

An attack on the Associated Press in April was used to falsely claim that the White House had been bombed and President Barack Obama severely wounded, leading to a temporary dip in U.S. and global stock exchanges.

The group's main stock-in-trade involves multi-stage phishing attacks ultimately aimed at taking over email accounts associated with social media profiles of targeted organizations.

Unconfirmed reports also suggest that the SEA managed to take over three personal email accounts of White House employees. These compromised accounts were used to send secondary phishing emails, disguised as BBC or CNN articles, to other workers.

Prospective marks who clicked on these links were directed towards fake Gmail or Twitter login screens in a ruse aimed at harvesting login credentials.

The hacktivists said that, although their ultimate aim to compromise the White House website had failed, they have managed to compromise Twitter account passwords.

Twitter has suspended the group's official account — @Official_SEA12 — following the SEA's latest run of attacks on websites associated with VoIP apps Viber and Tango three weeks ago.

In other internet security news

Last Thrusday, two Russians arrested over their suspected involvement in the largest online fraud in U.S. history were simply tracked down by analyzing photographs that they posted previously to social media sites such as Twitter and Facebook. All that police had to do after that was to simply track down the location of one suspect's mobile phone.

Overall, four Russians and a Ukrainian national were named as suspects in a credit card hacking scam investigation involving no less than 160 million credit cards and victimizing big organisations including the Nasdaq stock exchange, 7-Eleven, Carrefour, JC Penney, Hannaford, Heartland, Euronet and Global Payments in an indictment unsealed on Thursday.

The criminal group allegedly acted as wholesale suppliers of stolen credit card data to carding forums resulting in losses of more than $300 million to just three of the organizations they targeted. The investigation is ongoing.

Two of the suspects, alleged moneyman Dmitriy Smilianets, 29, and alleged hacker Vladimir Drinkman, 32, both from Moscow, were arrested in the Netherlands in June 2012.

Smilianets has already been deported to the U.S., while Drinkman continues to fight against expulsion. Three other suspects still remain at large, however.

Alexandr Kalinin, 26, of Saint Petersburg, allegedly worked with Drinkman in breaking into the systems of targeted organizations, normally employing SQL injection attack techniques.

The group subsequently planted trojans and various virusses to harvest and extract credit card numbers and personal information from compromised computers.

Investigators say that Smilianets and Drinkman worked with notorious double-dealing cybercrime kingpin Albert Gonzalez in the famous 2009 hacking of Heartland Payment Systems.

The indictment alleged that Roman Kotov, 32, also from Moscow, specialized in mining the data networks allegedly compromised by Drinkman and Kalinin to steal valuable information.

Smilianets allegedly acted as a high-tech fence by selling stolen credit details through underground forums. The fifth suspect, Mikhail Rytikov, 26, of Odessa, Ukraine, provided the hosting services to the group, the indictment claims.

Smilianets kept a relatively high profile in Russia and an active presence on social networking sites, which was how they easily tracked him down.

He founded an electronic gaming team called Moscow 5 that travelled the world for competitions. In that role, Smilianets used a variety of online nicknames including Dima Brave and Dima Bold.

U.S. Secret Service agents received information that Smilianets was travelling to Europe last year along with Drinkman. Investigators quickly realized that Drinkman was one of several people suspected of collaborating with Gonzalez.

"Here's the world's biggest hacker," a person familiar with the case told Reuters. "We got lucky." The agents still didn't know where the two suspects were staying but Drinkman assisted them by posting pictures of his trip, as well as leaving his phone on, transmitting location information and narrowing down the potential locations where he might have been staying.

Overnight inquiries were made at the hotels and the location of the suspects was narrowed down. The two criminals were eventually arrested as they boarded a tour bus.

Reuters adds that U.S. authorities have acted unusually by publicly naming suspects at large in an ongoing investigation. But that could be a sign of a lot of frustration and a lack of co-operation from their Russian counterparts.

In other internet security news

So far, at least four Russian citizens and a Ukrainian national have been charged with running a sophisticated hacking organization that over seven years penetrated several computer networks of more than a dozen major American and international corporations.

The five individuals are charged with stealing and selling at least 160 million credit card numbers and causing losses of hundreds of millions of dollars.

The indictments were announced this morning in Newark, New Jersey, where U.S. Attorney Paul Fishman called the case the largest hacking and data breach crime ever prosecuted in the United States.

The victims in a scheme that allegedly ran from 2005 until late in 2012 included the Nasdaq electronic stock exchange, 7-Eleven, JC Penney, the New England supermarket chain Hannaford Brothers, JetBlue, Heartland Payment Systems Inc. (one of the world's largest credit and debit processing companies), French retailer Carrefour S.A., and the Belgium Dexia Bank.

The indictment says that the suspects sent each other several instant messages as they took control of the corporate data, telling each other, for instance-- "NASDAQ is owned." At least one man told others that he used Google news alerts to learn whether his hacks had been discovered, according to the court filing.

The defendants were identified as Russians Vladimir Drinkman, Aleksander Kalinin, Roman Kotov and Dmitriy Smilianets, and Ukrainian Mikhail Rytikov.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Source: Defcon 21.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Click here to order our special clearance dedicated servers.

Get your Linux or Windows dedicated server today.

Click here to order our special clearance dedicated servers.

Click here to order our special clearance dedicated servers.