Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

GE acquires Vancouver-based internet security firm

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

May 12, 2014

Click here to order the best dedicated server and at a great price.

With the general state of today's power grids, oil refineries and even medical devices in the United States under constant threat from cyber attacks, General Electric has decided it's time to move into the business that protects critical infrastructure, and for the benefit of the nation.

GE just confirmed this morning that it is acquiring Vancouver-based Wurldtech, a security company which specializes in software that protects big industrial sites used by the energy, chemical, nuclear and manufacturing industries located both in the U.S. and abroad.

Wurldtech is a private company so GE didn't disclose the terms of the deal. Customers of the firm include large oil companies such as BP, Texaco and Shell, among others.

"We have been working with GE since 2009 and in the second half of 2013 this concept really accelerated," said Neil McDonnell, Wurldtech's CEO.

The announcement comes amid growing concerns that the facilities used to generate power and distribute America's drinking water are increasingly vulnerable to hacker attacks, especially from foes such as Iran and a few others.

"We are making bigger and bigger machines that are becoming much more connected than ever. We are becoming an industrial internet," said GE software vice president Bill Ruh.

The Department of Homeland Security said that it responded to no less than 256 serious incidents last year of cyber invasions or security breaches that targeted critical U.S. infrastructure such as power plants, water treatment facilities and natural gas plants.

Of those, 151 incidents occurred in the energy sector alone, something that has Congress and the U.S. government concerned in a very big way.

The Department of Homeland Security also warned that recent incidents demonstrate that hackers are preparing for a lot more attacks in the near future, and that the time to act is right now.

In other internet security news

Microsoft's security department said yesterday it will release no less than eight security updates next Patch Tuesday to stop remote-code execution bugs in Windows and Internet Explorer, among other various security bugs.

Meanwhile, Adobe will issue new versions of Acrobat and Reader for this month's Patch Tuesday as well, so May 13 will be a busy day for system admins and IT departments everywhere.

Two of the security updates from Microsoft are rated as very critical because they allow miscreants to execute code from vulnerable systems from afar-- the Windows operating system from Server 2003 to Windows 8, web browser Internet Explorer 6 to 11, and some SharePoint-related software, are all at risk, Microsoft warns.

The other six updates are labelled important-– one is a remote-code execution hole, four lead to privilege escalation and one allows hackers to bypass security protections altogether.

The affected software includes Microsoft Office 2007 to 2013, Windows and the .NET Framework.

As is always the case, Microsoft holds off documenting the security vulnerabilities in further detail prior to the patch release for obvious reasons.

The May 13 security release will be the first in more than 10 years to not include any bulletins for Windows XP.

The outdated operating system was officially retired from support by Microsoft on April 8, though subsequent exploitation of flaws in the OS by miscreants has forced the company to issue an out-of-band update, nevertheless.

Adobe, meanwhile, will issue an update for four versions of its Reader and Acrobat software. The Adobe fix will address critical security flaws in both the Windows and OS X versions of Reader and Acrobat 10 and 11.

Users and system administrators are well advised to test and deploy all of next Tuesday's security patches as soon as possible or risk falling victims to exploits targeting the newly disclosed security vulnerabilities.

In other internet security news

Online marketing and URL-shortening firm has warned its users that its system has been hacked into by unknown parties and then urged that its users change their passwords as soon as possible.

In a security advisory, the company says-- "We have strong reasons to believe that Bitly account credentials have been seriously compromised but that we have no indication at this time that any accounts have been accessed without permission."

The company also promises that it has "already taken proactive measures to secure all paths that led to the compromise in the first place, and then ensure the security of all account credentials going forward."

However, don't get too comfortable. strongly encourages its users to employ OAuth to link their accounts with Facebook and Twitter.

As an additional layer of safety, the firm has severed those links to stop account hijacking and to help prevent another potential attack.

It's high time to change those passwords and even if you can't recall signing up for it may be worth checking to see if you ever linked your social media accounts to the service.

For its part, OAuth makes it relatively easy to make such links, and also a breeze to forget you ever did so.

In other internet security news

Personal data describing over 1.3 million customers of Frech ISP Orange has been stolen in the second hack attempt to hit that provider this year alone. And now customers are really starting to wonder in droves.

Overall, hackers made off with subscriber names, dates of birth and phone numbers of about 4.9 percent of the ISP's whole subscriber base.

Orange-France said hackers accessed data used for its email and SMS marketing campaigns but did not disclose how the April 18 breach was executed.

Worse, it took almost three weeks since the initial discovery of the breach to probe for security vulnerabilities and then analyse the extent and nature of the stolen data.

In a statement, the company said the stolen information could be used to phish subscribers using email, SMS and phone calls.

Customers took to the telco's Facebook page to express their anger over the breach with some receiving phishing emails relating to bounced invoice payments.

Orange France confirmed that it did not ask for bank details via email or SMS but it was unclear if the phishing attacks were related to the breach or not.

These hacking attacks came a little over two months after over 800,000 customer details were stolen by hackers raiding the telco's 'My Account' page. Criminals made off with names, email and street addresses, customer IDs, and phone numbers.

In September 2013, hackers attacked Vodafone in Germany making off with names, addresses and bank details of over two million subscribers. It now appears that Europe is a breeding ground for phone and computer attackes of various types.

In other internet security news

US Casino operator Affinity Gaming has had its credit card processing system hacked into for the second time in less than a year.

The Las Vegas-based company said that hackers were successful in breaching a system in April that processed customer credit and debit cards, but that it had no evidence at that time that cards were compromised.

"Affinity Gaming and its IT experts indicate that no credit card data was stolen after late afternoon April 28, 2014," it said in a statement.

Affinity Gaming, which ran eleven casinos across four U.S. states, recruited security consultancy firm Mandiant to investigate the security breach.

It did not say how many customers may be affected, however. The security breach comes after the company's payment systems were hacked into last year with up to 300,000 credit cards compromised.

Worse, hackers had maintained full access to the payment systems between March and October 2013. Black hats also owned payment systems operating at a gas station run by parent company Terrible Herbst.

In Febuary 2014, the websites of several Las Vegas casinos were also defaced after Sheldon Adelson suggested the United States bomb Iran.

In other internet security news

A group of researchers from universities in Luxembourg, Germany and the United States say they can dramatically improve the detection of privacy leaks between various processes in the Android operating system.

The researchers, led by Li Li of the University of Luxembourg, are looking for various methods to identify mobile apps that send private data outside the app's own domain without the user's consent (often by accident), via intra-component leaks, inter-component communications (ICC) and also inter-application communication (IAC).

They claim that the tool they describe in this paper at Arxiv detected 88.3 percent of inter-component privacy leaks, and when used in combination with ApkCombiner, also detected inter-application privacy leaks as well.

As noted in the paper, privacy leaks have been the subject of lots of academic research into Android, with Yajin Zhou a noted discoverer of different kinds of leaks.

The Android components that can contribute to those leaks include calls like StartActivity, StartActivityForResult, Query, StartService and so on and so forth.

To be sure, the Li Li paper outlines a technique called Static Taint Analysis, using a tool called IccTA that analyses inter-component and inter-app links.

IccTA takes existing tools Epicc (from Pennsylvania State University, whose Damien Octeau and Patrick McDaniel contributed to the study) and FlowDroid (the German contribution, with Steven Arzt, Siegfried Rasthofer and Eric Bodden from EC SPRIDE), and extends them into the Android environment.

Their goal is to look both at how an app behaves both on its own, and how it interacts with other apps-- “IccTA enables a data-flow analysis between two components and adequately models the lifecycle and callback methods to detect ICC based privacy leaks,” the researchers wrote.

“When running IccTA on three thousands applications randomly selected from the Google Play store as well as other third-party markets, it detects 130 inter-component based privacy leaks in twelve applications.”

The good news must be that only a dozen apps out of the 3,000 tested actually revealed privacy leaks. Li Li's colleagues at the University of Luxembourg, Alexandre Bartel, Jacques Klein, Yves Le Traon, also took part in the project.

In other internet security news

Google is hoping that phishers will have a tougher time attacking victims if a new feature introduced into its beta Chrome browser makes it into a future full release.

Google's so-called origin-chip feature cleans up Chrome's omnibox (the address bar) by removing lengthy URLs and replacing them with just the domain name shorn of "htttp://" and "www". There's also the origin chip that produces the full URL.

Apple also introduced a similar arrangement in Safari on iOS 7 and it seems to work pretty well. Google has tested the new feature in beta versions of Chrome, but users didn't care for it and it was subsequently relegated to a default off state in later updates to the experimental Chrome fork, dubbed Canary.

There was opposition to the feature centred on the disorientation it caused to users who wandered lost on the internet unsure of what pages they were perusing, despite that URLs can be viewed with a click.

Google Chrome's own front-end developer Paul Irish offered to share his distaste for the feature despite its anti-phishing function and adding that its future was a bit on shaky grounds.

"We're looking at a few key metrics to see if this change is a net positive for Chrome users. I imagine it may help defend against phishing," Irish said in a forum post.

"My personal opinion is that it's a very bad change and runs against Chrome's ultimate goals set forth by its development team. I hope the data backs that up as well."

Opposition from users would certainly impact the feature's future, he added. But fellow Chrome developer Jake Archibald backed the feature and said it would have saved him from nearly losing his bank details to a phishing site.

"Find someone who doesn't work in technology, show them their bank's website, and ask them what about the URL tells them they're on their bank's site. In my experience, most users don't understand which parts of the URL are the security signals," Archibald wrote.

"Browsers stopped showing the username / password part of URLs because it made phishing too easy. This is a natural progression," he added.

Archibald's card was nearly taken by clever phishers who established a mock website which replaced forward slashes in the legitimate URL with full stops.

When rendered in the experimental browser, Canary sings an alarm in the form of a whopping big origin box. But with so much opposition from Chrome power users and Google's own developers, combined with its relegation to a default off state, origin-chip's days seem numbered.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

Source: General Electric.

Click here to order the best dedicated server and at a great price.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Click here to order our special clearance dedicated servers.

Get your Linux or Windows dedicated server today.

Click here to order our special clearance dedicated servers.